Ebook: Meeting Security Challenges Through Data Analytics and Decision Support
The sheer quantity of widely diverse data which now results from multiple sources presents a problem for decision-makers and analysts, who are finding it impossible to cope with the ever-increasing flow of material. This has potentially serious consequences for the quality of decisions and operational processes in areas such as counterterrorism and security.
This book presents the papers delivered at the NATO Advanced Research Workshop (ARW) 'Meeting Security Challenges through Data Analytics and Decision Support’, held in Aghveran, Armenia, in June 2015. The aim of the conference was to promote and enhance cooperation and dialogue between NATO and Partner countries on the subject of effective decision support for security applications. The attendance of many leading scientists from a variety of backgrounds and disciplines provided the opportunity to improve mutual understanding, as well as cognizance of the specific requirements and issues of Cyber Physical Social Systems (CPPS) and the technical advances pertinent to all collaborative human-centric information support systems in a variety of applications.
The book is divided into 3 sections: counter terrorism: methodology and applications; maritime and border security; and cyber security, and will be of interest to all those involved in decision-making processes based on the analysis of big data.
The Advanced Research Workshop (ARW) “Meeting Security Challenges through Data Analytics and Decision Support” was held in Aghveran, Armenia, 1–5 June, 2015.
An ARW is one of many types of funded group support mechanisms established by the NATO Science Committee to contribute to the critical assessment of existing knowledge on new and important topics, to identify directions for future research, and to promote close working relationships between scientists from different countries and with different professional experiences.
The NATO Science Committee was approved at a meeting of the Heads of Government of the Alliance in December 1957, subsequent to the 1956 recommendation of the “Three Wise Men” – Foreign Ministers Lange (Norway), Martino (Italy) and Pearson (Canada) on Non-Military Cooperation in NATO. The NATO Science Committee established the NATO Science Programme in 1958 to encourage and support scientific collaboration between individual scientists and to foster scientific development in its Member States. In 1999, following the end of the Cold War, the Science Programme was transformed so that support is now devoted to collaboration between Partner-country and NATO-country scientists or contributing to research support in Partner countries. Since 2004, the Science Programme has been further modified to focus exclusively on NATO Priority Research Topics (i.e., Defence Against Terrorism or Countering Other Threats to Security) and also preferably on a Partner country priority area. The objective of this particular ARW was to promote and enhance cooperation and dialogue between NATO and Partner countries on the application of Intelligent Decision Support methodologies and technologies to predict, assess and cope with threat in three very important areas:
• Counter Terrorism
• Maritime and border security
• Cyber security.
Our world consists of an interlocking set of Socio-Technical Organizations (STOs), also referred to in the literature as Cyber Physical Social Systems (CPSS), which consist of interacting adaptive heterogeneous agents capable of learning; in other words: a large number of groups of people hyperlinked by information channels and interacting with computer systems, which themselves interact with a variety of physical systems in order to maintain them under conditions of good control. Data deluge is contextual to complex CPSS dynamic environments, and can cause information overload for decision makers. Information overload is a problem in every CPSS, and efforts to confront this problem have been ongoing in many countries, however, these efforts have been more extensive and have been going on for a significantly longer time in most NATO countries. Such efforts have also been more intensive in defence and security applications, for which the problem of dealing with an avalanche of heterogeneous and uncertain information is the most pressing.
In both defence and civilian domains, a confluence of advances in the computer and mathematical sciences has unleashed unprecedented capabilities for enabling decision-making support. These capabilities, grouped under the terms ‘information fusion’ and ‘analytics’, are making possible the large-scale capture of data and the transformation of that data into insights and recommendations to support decisions about challenging problems in science, society, and government. The ultimate goal of information fusion is to make sense of the data. The general business and industry domain has been using the term ‘analytics’ to describe the pursuit of roughly the same goal. Both, information fusion and analytics are the application of computer science and technology, operations research, cognitive engineering and mathematics to support human understanding of complex situations and guide a proper response.
Managing the complexity of understanding situations is a challenge which is compounded by the wide spectrum and diversity of data, which have to be processed, fused and eventually transformed into actionable information. The data explosion came about with the advent of advanced sensing, and the diversity and volume of data from multiple sources and forms (unstructured and open sources, voice records, photos, video sequences, etc.). Decision makers and analysts are finding it impossible to cope with the flow of material, with potentially severe consequences on the quality of decisions and operational processes. At the same time, the state-of-the-art of the technologies supporting agile decision-making and actions in dealing with big data must continuously evolve to accommodate the evolving operational requirements for cooperation and collaboration between stakeholders and jurisdictions, with a consequent exponential increase in information sources and their characteristics. In most applications, the state-of-the-art in such technologies is still a long way from being able to support all the requirements for coping with the volume of information, or being of any help with efficient decision making, even where it is significantly more advanced in NATO countries.
This Advanced Research Workshop (ARW) aimed to promote and enhance cooperation and dialogue between NATO and Partner countries on the subject of effective decision support for security applications. The aim of the ARW is to help:
• to exchange existing knowledge on Decision Support as applied to Counter-Terrorism, Cyber Defence, Border and Port Security, as well as building networks among scientists from NATO and its Partner countries, facilitating the advance of the state-of-the-art in these domains.
• to understand the impact on the defence and security community of search engine companies such as Google, Yahoo!, and Microsoft, which have created an entirely new business by capturing the information freely available on the World Wide Web and making it useful to people – including, of course, the defence community.
This ARW involved both technology and domain experts in the areas of Counter-Terrorism, Cyber Defence, Border and Port Security, and Information fusion. A significant observation of previous similar NATO ASIs and ARWs has been that the domain experts (personnel from various organizations responsible for counterterrorism and maritime security) have little understanding of the wide variety of technological solutions that are available, and the way they can enhance the performance of such support systems. Similarly, although technology experts have a general understanding of the requirements in various security systems, they don't have visibility into aspects of operations and implementation such as constraints and specific issues related to a variety of factors (policy, geopolitical, legal, personnel, training, etc.). The attendance of many leading scientists with backgrounds in a variety of contributing disciplines from many countries – domain experts as well as other participants – provided an opportunity for them to improve mutual understanding. The participants become cognizant of the specific requirements and issues of CPSS as well as the technical advances pertinent to the collaborative human-centric information support systems in a variety of applications exploitable in their respective countries.
The ARW programme included presentations and break-out sessions, in which smaller groups of participants discussed the information provided during the presentation sessions and brainstormed on specific challenges and solutions for the problems related to the specific area of their domain expertise.
Because of the interdisciplinary character of the subject and the very different backgrounds and expertise of participants, the editors of this book were faced with difficult decisions, such as:
• dealing with the different styles and structures of papers written by domain experts, technologists, and practitioners
• dealing with the different levels of maturity of technology presented by participants from different countries
• accepting papers that discussed technological methods without providing explicit discussion of how they might be applied to the topics of this ARW
• accepting papers describing methodologies that are not always consistent with the views of the editors.
Participants representing Armenia, Belgium, Canada, Croatia, the Czech Republic, Germany, Georgia, Italy, Kazakhstan, Moldavia, Poland, Romania, Slovakia, the United Kingdom, Ukraine and the USA contributed to this ARW. A distinguished group of experts was assembled, and the technical programme was organized with the generous and very capable assistance of the Organizing Committee, composed of: NATO-country director Dr. Elisa Shahbazian (Canada), Partner-country co-director Dr. Gevorg Margarov (Armenia), Programme Chair Dr. Galina Rogova (USA), Local Arrangement Chair Dr. David Asatryan (Armenia), as well as a support team from the host country (Armenia). The organizers would like to express their deep appreciation to the ARW participants, who devoted so much of their time and talents to make this workshop successful.
We are grateful to the NATO Security Through Science Programme, which provided important financial support. The organizers are especially grateful to Dr. Michael F. Gaul, Senior Advisor, Emerging Security Challenges Division, North Atlantic Treaty Organization, for his advice and support both in the technical organization of the ARW programme as well as in coping with various organizational challenges of the event.
The Organizing committee would specifically like to thank:
• the students and staff of Information Security & Software Development Department of the National Polytechnic University of Armenia, who contributed in every way to ensure a successful event by helping to find a venue with excellent conference facilities, affordable accommodation and meals, as well as providing very competent local support during the ARW
• the management of the Best Western Aghveran Hotel, who not only ensured comfortable day-to-day support during the ARW, but also contributed with advice and the organization of social activities for participants.
A very special acknowledgement goes to Ani Shahbazian, who undertook the very challenging task of performing the English language editing of all the lecturers' manuscripts and producing a camera-ready document for the publisher.
And, finally, all of our thanks go to the people of Armenia, who certainly displayed, in every way, their warmth and hospitality.
This chapter presents a mixed initiative threat assessment model combining evidential and abductive reasoning. The evidential reasoning produces pro and contra arguments for the each threat component (intent, opportunity, and capability) while considering uncertain heterogeneous (soft and hard) transient information as pieces of alternative stories (hypotheses) based on “what might happen.” The belief-based abductive reasoning computes probabilities of these stories by combining beliefs in all the arguments expressed within different uncertainty frameworks (probability, possibility, beliefs). Beliefs in the arguments are fused and used for selecting decisions on either alerting an analyst on potential or imminent threat, or as a basis for continuing observations for making a better decision. The fusion process is complicated by different models used for representing uncertainty characterizing soft and hard data. The chapter addresses this problem by utilizing a unified framework of credibility representation within the Transferable Belief Model. The results of a case study designed to illustrate the described model are also presented.
Intelligence analysis is the process by which the information collected about an enemy is used to answer tactical questions about current operations, or to predict future behavior. The collected data is stored in distributed, stove-piped systems, with loss of important data attributes in preprocessing. Existing information analysis tool suites provide visualization, user interfaces, maps, and link analysis, however the analysis manly occurs in the analyst's head, leveraging his/her training and experience. This chapter reviews the state-of-the-art tools; ongoing research and development efforts to enhance analysis capability, and challenges of the development of necessary analysis capabilities.
The military and civilian cyber environment continues to grow in complexity with new capabilities and services appearing regularly. This richness of structure and variety needs to be understood and where possible mapped or modelled to enable situation awareness of the current status and potential threats as well as the constant changes to the environment. In our ongoing research for the International Technology Alliance, we have been investigating the potential value of Controlled Natural Languages (CNLs) to support agile human-machine systems to support shared situation awareness in a variety of domains and to enable intelligence reporting, fusion and dissemination. In this paper, we present this approach and provide a number of examples of use from a variety of domains, including profiles of insurgents, contacts, communities, and networks to support intelligence analysts and other operatives in the field. We have also applied this approach to the sensemaking process, and to a variety of activities to support intelligence analysts including hypotheses, exploration of rationale and assumption, presentation of complex information through storytelling, and interacting with information using a conversational interaction. We have also started human experiments with a conversational software agent to enable the field user to directly interact with such information in our CNL knowledgebase.
Research advances on speech technologies and Natural Language Processing have contributed to their incorporation into a large number of applications and research fields, many of them with a growing interest in the military domain. Clear examples of this are automatic speech recognition and synthesis, automatic translation, virtual training environments, emotional state detection, automatic speaker recognition, detection of topics, automatic language identification, evaluation techniques, standards development, etc. This chapter is focused on the description of the value of these technologies for military applications, covering different systems that have been developed for improving military health care, screening mental status in military situations, developing fighting simulations and videogames, establishing ecologically-valid virtual environments, training military staff to communicate with civilians in foreign countries, or managing critical situations. In addition, the chapter provides a detailed survey on the main technologies behind such applications, with a special emphasis on natural language communication and speech interaction.
Open information extraction is a new paradigm, which emerged to cope with the scenario where the number of relations to retrieve is too large or their type is unknown. The topic is of particular interest for security applications such as the monitoring of terrorist networks, relying heavily on one's ability to discover undisclosed connections between individuals, organizations, events or locations. This paper describes an approach developed to identify relevant relationships from textual data. Relations are understood as associations between people, organizations, locations and events, and are extracted by using a text mining algorithm based on the identification of association rules. This is a generic approach, designed to put more stress on shallow linguistic processing, in order to deal in an efficient manner with real-world sentences. Domain ontologies are used to refine the set of relations, and the impact of this semantic filtering is evaluated through experiments conducted in the field of intelligence analysis.
Information overload is a core problem that both complex military and civilian organizations referred to as Cyber-Physical and Social Systems (CPSS) are facing today. Executives or commanders want better ways to communicate complex insights so they can quickly absorb the meaning of the data and act on it. In recent literature, this problem has been referenced as BigData and data deluge. BigDatadata deluge are contextual to CPSS complex dynamic environments. Addressing the Big Data 4Vs (volume, veracity, variety and velocity) requires that Fusion of Information and Analytics Technologies (FIAT) be integrated. Integration is proposed here via a FIAT computational model to provide analysis (analytics) and synthesis (fusion) support to decision-makers in order to make sense (measuring, organizing, understanding and reasoning) of the data-information-knowledge hierarchy present in numerous domains of application.
We examine and extend the formal duality of data fusion with response management. This builds on the well-known estimation/control duality and the duality discovered by Bowman between data association and planning. We extend this duality to the partitioning of classes of applications and, specifically to classes of state variables to be estimated or controlled. Management can involve any degree of influence, just as fusion can involve any degree of information quality. “Managed” entities can differ enormously in their controllability and therefore in the degree to which they can be considered to be “resources.” This is why we use the term response management rather than resource management in this paper's title: resource is often a fuzzy concept. The fusion/management duality extends beyond functionality to encompass processing architectures, classes of outputs, and inference methods.
Explosive identification is a contemporary issue in air transportation security. In this work, a new approach is developed for using a portable photospectrometer with a selective sensitivity sensor, namely a photodiode, to detect and identify explosives. Explosive mixtures in natural objects are identified, and quantitative analysis with data display is achieved using photospectrometry. The new physical capability (photodiode) applied in the sensor enables spatial separation and selection of UV and visible waves with calculated spectral accuracy of 5 nm. The developed algorithm for contactless spectral analysis ensures photodetector operation without preliminary calibration. A new approach for passenger-friendly and secure airport security checks is developed. A narrow corridor (1.5–2m wide and 2–3m long) is equipped with sensor tents, and a specific wavelength laser beam generator remotely identifies explosives. The camera in the corridor captures an image of the suspect if explosive detection is triggered by the sensor array.
In this paper, the problem of detecting unauthorized changes to the content of a digital image, identifying distorted parts of the image, and partially recovering lost information are considered. The basic approach for tamper detection is a watermarking procedure where the type and parameters of the distortion of the watermark can be used to infer fraud, locate the damaged parts of the image, and to recover them. In this paper, a watermarking procedure is used that allows manipulation of different size ratios of the image-container and watermark. Using this technique, a self-embedding procedure is developed where part or all of the original image are embedded as a watermark. The effectiveness of proposed technique is shown through numerical experiments.
This paper discusses the problem of terrorism in the context of the travelling and tourism industry. It presents regions especially vulnerable to politically motivated violence, debates types of threats in different countries, and describes their causes. It shows some examples of places which, in spite of having huge natural or cultural heritage, have lost their former importance as a tourism destination because of terrorist activities. The financial and social effects of the decline in the tourism industry is emphasized. The paper also describes the difficult process of restoring the safety, good image and attractiveness of places affected by terrorism.
Sustainable development can be used as a tool against environmental vulnerability. Environmental vulnerability can be identified by applying risk analysis and assessment to define hazards to persons and the environment, determine the probability of occurrence of these hazards, the possible magnitude of events, consequence analysis, and quantitative analysis of system failure probability). Identifying risk limits entails defining the acceptability of the risk, (which can be classified as acceptable or in need of reduction), and to reduce risk by designing and implementing risk-reduction measures and controls. Risk is a probability of an adverse combination of the probability of occurrence of an event, and the possible extent of that event's adverse effects and consequences on ecosystems and persons. There are important links between the environment, vulnerability and threats. Such risks include terrorist acts against the environment and human beings using resources as tools and/or targets.
Maritime security operations are extremely costly activities. Nations are trying to match their limited resources to increasing political demands. The ocean's role has only grown since the end of the cold war, and presents new challenges that must be resolved. Where once battleships reigned, flexible, multi-role ships are now engaged in constabulary operations to preserve security and stability at sea. This calls for a more holistic approach, and new models to reduce judgment subjectivity.
Communication is the most critical aspect of disaster management. The word “communicate” implies conveying of thoughts, ideas, warnings, instructions, orders, command, knowledge and information. In the context of disaster management, reliable and safe communication is vital during all phases of disaster management from prevention, preparedness, response, and recovery. This chapter provides some key elements and recommendations for solving the problem of secure data exchange between different organizations to improve crisis management in the maritime domain.
Situation Assessment (SA) is a key process in Information Fusion (IF) for security systems. The observed scenario generally involves multiple entities and actors, with possibly only a few being under the direct control of the decision-maker. SA aims at explaining the observed events (mainly) by establishing the entities and actors involved, understanding the relations existing between them, the surrounding environment, and past and present events. It is therefore evident how the SA process inherently hinges on understanding and reasoning about relations. This task is particularly demanding and important for dynamic large-scale scenarios such as those related to border and port security, where suspicious activities need to be detected as the needle in a haystack of largely predominant “pattern of life” activities involving many entities and actors. In this chapter, we highlight the capabilities of the recent Statistical Relational Learning framework of Markov Logic Networks for SA in maritime scenarios, and provide some examples and practical advice on their use, further detailing our previous work .
This paper presents an overview of the Canadian-German research project PASSAGES (Protection and Advanced Surveillance System for the Arctic: Green, Efficient, Secure)
The PASSAGES Project: http://passages.ie.dal.ca.
The PASSAGES Project: http://passages.ie.dal.ca.
Illegal contraband trafficking is causing serious damage in many countries. We focus on a subset of illegal maritime activities, mainly on weapon and drug trafficking. Our aim is to help naval authorities evaluate their currently deployed countermeasures by modeling the behavior of traffickers as realistically as possible, and evaluating the impact of countermeasures in an agent-based simulation. We introduce BANDIT, a simulation platform designed for this purpose. We propose a novel model of traffickers based on a state-of-the-art game-theoretical model using the latest results in behavioral modeling. We apply this model to specific scenarios for drug smuggling in the Caribbean, and we demonstrate the capabilities of the platform.
Asymmetric threats in the current world are focused on various critical infrastructures. We choose a subset of the infrastructures and a set of surveillance policies, and we propose a number of security countermeasures that should be able to detect and potentially prevent a potential attack. Our goal is to provide a unified decision support platform ARETHUS to help decision-makers notice a threat and then choose from a computed array of potential preventive actions. The platform is built using a mixed-reality concept, and allows mixing of real-world and simulated data to provide not only a real-time work environment, but also a testbed to test out various scenarios. We plug in a number of algorithms computing various patrolling policies for heterogeneous agents, and we make the platform extensible for use by others. We demonstrate the usability of the platform and the performance of the algorithms on a set of pipeline protection scenarios.
This chapter presents the key challenges of state border control provision and specific solutions required for security and efficient control provision are presented. A special attention is devoted to the discussion of possible imprecise/uncertain queries to non-homogeneous databases and provision of flexibility and speed of these queries. It also discusses the importance of data privacy and summarizes recommendations for efficient border-control system implementation.
As assets are engaged to collect data and intelligence on the entities or parties of interest to a defense or security operation, much of the collected data are represented in electronic form and subsequently stored in an assortment of files or databases. It is also typical that these data or information need to be shared with others involved in the investigation, task group, coalition, or security force. The effectiveness of this sharing is ultimately judged by how well the receiving party understands the information it has received. In this paper we examine the commonality of concepts between information systems in the Canadian defense and security regime. Specifically, we consider components of the National Information Exchange Model (NIEM), the Canadian Naval Positioning Repository (NPR), a port clearance structure, and a messaging structure that evolved out of a Canadian defense research and development effort. We then investigate the performance of graph-based approaches for automatic schema matching over these schemas. The information structures, or schemas, are examined using the open-source software for combining match algorithms (COMA). Results of the investigation show how the diverse terminology in maritime defense and security introduces unnecessary differences in the vocabularies (e.g., using vessel, ship, or identity as the descriptor for an object). Results also show how discrepancies are introduced through data typing, the structure itself, and semantics. Overall, the investigation indicates that the graph-based methods do not appear to offer a way of automating structure matching while maintaining confidence in the output for schema used across the different systems underlying the Canadian MDA.
Unmanned Aerial Vehicles (UAVs) provide an opportunity to make 24/7 surveillance possible in large areas of strategic importance such as industrial plants and borders. In this paper we present an algorithm for detecting people in surveillance areas in low visibility conditions. The efficiency of the current solution is based on using an onboard thermal camera as a sensor, which generates a heat map even at nighttime and in bad weather. UAV flight details and technical characteristics are also discussed.
Human identification is an important aspect of border crossing. Identification makes it possible to recognize criminals or unauthorized entities and to prevent illegal border crossing. However, the identification process should remain comfortable and convenient for authorized entities. In this paper, we present an efficient face recognition system based on 2 cameras, which obtains a 3D image by processing data from camera video streams. Existing identification systems are also discussed.
This research addresses the computational complexity of data fusion under the Dempster-Shafer mathematical theory of evidence as well as the Dezert-Smarandache theory. As earlier research has shown, the use of these theories results in better data fusion results. However utilization of these theories is hampered by computational complexity when dealing with large scale problems. This paper presents a new approximation algorithm allowing target classification and identification for a larger number of target classes with a reasonable execution time. The paper also presents the results of application of the developed method to classification of naval ships.