SPSS Predictive Analytics: Public Safety Software and Solutions


Published on

Predictive analytics are the key to maintaining public safety. IBM offers applications for law enforcement, border security, internal threats, external threats, money laundering and infectious disease control.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SPSS Predictive Analytics: Public Safety Software and Solutions

  1. 1. IBM Software Government Business Analytics Public Safety: From “Sense and Respond” to “Predict and Act” Introduction Contents: Today government agencies face greater challenges than ever before. In addition to promoting public safety, combating crime and gang 1 Introduction violence, agencies have the added burden of helping to guard against 2 Applications of predictive analytics terrorism and to control the outbreak of infectious diseases. 7 Other applications To meet these challenges, agencies are trying a variety of approaches. 7 Conclusion Innovative information technologies are playing a key role in improving your ability to anticipate events and act appropriately. Predictive analytics 8 About SPSS, an IBM Company is one of those technologies. Information analysis is the brain behind public safety. The goal of intelligence activities is to uncover security threats in time to take action against them. But the patterns that point to these threats are often hidden in massive amounts of data. To meet this challenge, one form of information analysis, predictive analytics, is particularly useful. Predictive analytics solutions apply sophisticated statistical, data exploration and machine-learning techniques to historical information in order to help agencies uncover hidden patterns and trends – even in large, complex datasets. Not only in huge tables of structured data but also in vast amounts of textual data – including e-mail and chat room interactions – that agencies must evaluate. By using predictive analytics, you can anticipate what types of intervention will be needed, and where. So you can plan, rather than react. And make the best use of available resources. In contrast to rules-based analysis and detection methods, predictive analytics can identify relatively unusual behaviors, even those with subtle differences that other methods often miss. Predictive analytics techniques explore and learn from all dimensions of data, thus allowing analysts to combine human knowledge, first-hand experience and intuition to guide the application of analytical techniques. Because of predictive analytics’ ability to combine a wide variety of data dimensions, types and sources on an ongoing basis, it is possible to quickly and reliably detect inadvertent signatures from hackers, criminals or terrorists.
  2. 2. IBM Software Government Business Analytics Highlights With predictive analytics, you can base daily operational decisions on • Use predictive analytics to improve data-driven models that precisely describe current and developing border security, law enforcement, conditions. This enables you to: intrusion threat detection, infectious disease control, anti-money laundering and terrorist financing detection. • Improve your prevention capability and control costs by deploying personnel where they’re needed most • Uncover hidden patterns and insights from large amounts of structured and • Predict which types of events are most likely to escalate so you can unstructured data. guard against this escalation • Conduct new investigations more efficiently • Employ predictive models to anticipate threats, identify suspicious actors and • Discover patterns in your data that suggest areas for further effectively allocate resources. investigation • Explore security threats and study the people and organizations • Create an automated process for building models that analyze involved location-specific data. • Deliver information to the field, where and when it’s needed Applications of predictive analytics Border security Protection against threats often begins at border crossings, airports and in harbors. Predicting which containers entering a port could contain unwanted/dangerous materials or which passengers on an airline should be investigated more thoroughly, or identifying suspect vehicles at land crossings are key responsibilities for border protection agencies. One large country implemented the following scenario with IBM SPSS predictive analytics. The challenge at this country’s border crossings is best described as follows: “We cannot stop and search every car that crosses the border. However, if we can accurately predict the risk level associated with each vehicle – whether it may be carrying contraband, drugs, money, weapons or illegal immigrants – we can make optimal use of our inspection staff, increase our detection rates, better protect the country and its citizens and improve the experience of innocent travelers by expediting their crossing.” At each border crossing, cameras record and recognize the registration plate of every vehicle. Once this is read, directives are given on the screens in the crossing control booth – telling the supervisors to either let the vehicle pass or direct it to the secondary inspection area. If a vehicle is selected for secondary inspection, information is sent to the PDA of the inspector responsible; this shows the likelihood of each risk type (drugs, weapons, etc.), providing the inspector with guidance on what to look for. Vehicle selections, risk assessments and inspection outcomes are recorded to enable ongoing reporting on inspection rates by risk type, hit rates, false positive rates and the amount and value of seizures. Models are then built from the outcomes of these historical inspections. The data used is keyed by vehicle registration and would include vehicle type (including dimensions, capacities, etc.); vehicle ownership (and 2
  3. 3. IBM Software Government Business Analytics hence any available information on the owner or driver); and the vehicle’s history of border crossings at this or other checkpoints. Other factors giving information about the crossing would also be incorporated – for example the day of the week, time of day and prevailing weather conditions. One model is created for each type of risk. In order to turn these individual models’ scores into actions, they will be combined with rules representing the best human knowledge on border risk assessment. Some of these rules will help govern how “tightly” vehicles are selected for inspection (i.e., what risk scores trigger a secondary inspection) and may be varied by pre-defined knowledge of peak traffic times, or manually adjusted in response to abnormally heavy traffic in order to avoid creating a backlog of secondary inspections. The agency controls approximately 300 crossings, and while many will show similar patterns of violation, each will have its own individual profile of what risks are likely to occur and which violations will be attempted in which ways. Ideally, each crossing point should have its own model for each risk type, built from local data. Creating and managing this number of models manually would be labor-intensive, expensive and impractical. If, however, analytical experts create an automated process for building and applying the models, it can be efficiently applied to local data for each crossing, ensuring a “best fit” that embodies national best practices. Law enforcement In law enforcement, trends in suspicious or criminal behavior can be identified using a variety of information, including aggregated or incident-level data. For example, a crime analyst might use predictive analytics to: • Identify areas typically frequented by violent criminals • Match trends in regional or national gang activity with local incidents • Profile crimes to identify similarities and match the crimes to known offenders • Identify the circumstances (e.g., city events, weather patterns, holidays) most likely to trigger violent crime for the purpose of predicting when and where these crimes may occur in the future. Law enforcement agencies rely on data from diverse sources and applications. For this reason, predictive analytics solutions with an open architecture are particularly valuable: They produce results quickly from existing data. And the true benefit of predictive analytics is realized when predictive models and analyses are delivered to front-line users – officers on patrol, detectives on a case and their commanders. Front-line personnel don’t need to understand the technology to benefit from the results of predictive analytics. From a browser, they can access predictive information in a form that’s easy to understand and use. 3
  4. 4. IBM Software Government Business Analytics IBM has hundreds of customers worldwide among local, regional and national law enforcement agencies, court systems, correctional institutions and parole boards. They use IBM SPSS software for a range of purposes, including: • Analyzing historical information to better forecast crime trends • Forecasting correctional facility needs based on trends in crime rates • Evaluating the success of rehabilitative programs • Choosing emergency command center sites based on the frequency and location of incidents • Analyzing (digital) forensic evidence • Identifying criminal and terrorist networks from surveillance, communication and Internet data • Profiling crimes, criminals and crime scenes • Predicting effectiveness of resource deployment • Rapidly identifying patterns in high profile case data Intrusion threat detection The cost associated with an attack by a “bad actor” gaining access to privileged (insider) information will often have a great and prolonged impact, including violation of confidentiality, undermining of intelligence integrity, adverse influence on government policy, the revelation of sources and methods, and the compromise of field operations. Internal threats Insider electronic crimes tend to be particularly difficult to detect since the perpetrator often has a legitimate reason to be accessing, modifying and manipulating critical and/or sensitive data. Despite these challenges, most organizations have a substantial amount of data that can be used to characterize and potentially mitigate an attack by a malicious insider. This data may include information such as demographics, performance reviews, past and current project assignments, internal and external electronic communications and file usage logs. If a company or agency is concerned about insider access to sensitive data, the company will often use a set of hard-coded rules to identify potentially anomalous behavior. For example, a person who normally works with records from human resources might be flagged for audit if he makes multiple attempts to access files with sensitive data from the engineering department. Potentially malicious activity is often much more subtle and difficult to detect, however. One method of insider threat detection through predictive analytics works by taking known cases of malicious behavior and characterizing the difference between these and known “normal” cases. While this approach is ideal, in that predictive algorithms can quickly and easily learn to recognize past behavior, there are inherent difficulties in using this approach alone. Malicious insider activity is typically a very rare event. The historical data available to model future behavior often lacks sufficient cases to accurately predict cases that are similar but not exactly the same as previous cases of known malicious activity. 4
  5. 5. IBM Software Government Business Analytics When dealing with insider threat or fraud detection, a “bad actor” may have normal patterns of behavior that are dynamic and complex. In these situations, the crime can be very difficult to detect because that person’s behavior may continue to appear legitimate, with only subtle changes over time. As a result, it is important not only to determine what behavior people are exhibiting, but also whose behavior differs from or has recently changed from that of their peer group. IBM SPSS technology provides several automated methods for anomaly detection. This is particularly useful for intelligence work because the process can be automated, allowing analysts to comb through millions of records to find outliers or abnormalities. Often the best approach to insider risk assessment combines methods that are ideally tuned to the specific goals of the agency as well as to the available data. It is important to first determine the goals and potential issues of the analysis results. In assessing and mitigating the potential threat of an insider attack, these goals may include: • Determining a prediction, confidence level and propensity score of the risk of an insider attack • Calculating the predicted cost or impact of the information breach • Identifying the length and scope an attack in cases where the loss or cost of information is invaluable • Prioritizing audits of detected anomalies or threats with regard to the level of risk and resources available to conduct the investigation External threats The same techniques that are applied to analysis of insider threats are often useful for analysis of external threats. The primary difference between insider and external threat analysis is data availability. Attacks coming from external sources rarely provide the type of demographic data available for insider threat analysis. Data fields, such as age, group affiliation, location and historical behavior patterns that can be attributed to an individual or group are much more difficult to obtain when analyzing external threats. When external threats do not provide sufficient information about the individual or group responsible for an attack or a potential attack, the use of Social Network Analysis (SNA) techniques can help investigators better assess the risk of a particular external threat by making associations to other known individuals, groups or prior attack attempts. Infectious disease control To ensure health protection for their citizens, a national government agency uses IBM SPSS Data Collection and predictive analytics software to analyze the source and spread of infectious diseases, and to prepare for and respond to urgent public health threats. When an infectious disease outbreak strikes, it is imperative that the agency gathers public health information quickly, regardless of where it occurs or its cause. To better understand these outbreaks and respond more effectively, the agency streamlines feedback in a highly secure and controlled environment. 5
  6. 6. IBM Software Government Business Analytics The agency can capture immediate feedback from citizens on critical public health information, regardless of geography or language, through a diverse array of channels including telephone, in-person interviews and online surveys – to better understand the disease and devise the most appropriate response. These insights increase its understanding of major public health problems, helping to reduce the morbidity and mortality of citizens exposed to infectious diseases After an outbreak of pneumonia at a college in 2007, the agency rapidly created a questionnaire that was e-mailed to all students to gather a quick and detailed response on past behaviors, actions and possible exposures with the objective of identifying potential undetected cases. The information collected was used to characterize the illness and identify risk factors for the disease. As a result, the agency was able to swiftly identify the etiology of the pneumonia outbreak, inform all students of the situation and provide information on prevention to help stop the further spread of the pneumonia. The organization also uses the software to assess medical needs of specific populations during natural disasters. During several major disasters, the agency determined what medical items, including medications and equipment, were needed by victims. Anti-money laundering and terrorist financing In the fight against organized crime, human trafficking and terrorism, the identification of suspicious financial transactions is a major focus of investigative agencies. “Follow the money” is an old adage that still holds true today. Predictive analytics solutions offer the sophisticated pattern recognition, anomaly detection and risk analysis capabilities required to detect attempted money laundering successfully. These solutions also help detect terrorist financing. With those solutions investigators can: • Build profiles of past account activity • Create peer groups of similar accounts • Identify when activities suspiciously deviate from such profiles or peer groups • Limit “false positives” by using risk-based weighting techniques • Pinpoint suspicious activity and take prompt and appropriate action A large commercial bank uses IBM SPSS predictive analytics software to monitor the transactional patterns of its customers. The bank is committed to preventing money laundering activities in its organization. Employing IBM SPSS technology, the bank reduced the number of transactions that required auditing by more than 90 percent. The bank increased accuracy in identifying positive cases of money laundering, helping investigators to easily adapt models to the changing tactics of those engaged in this criminal activity. 6
  7. 7. IBM Software Government Business Analytics The bank improved the efficiency of its auditing process, increasing the number of investigations in which authorities were alerted from less than 25 percent to more than 60 percent. The bank also slashed the administrative costs of the investigations of suspicious operations by 60 percent. Other applications Some other applications of IBM SPSS predictive analytics in public safety include: • Monitoring Internet sites to detect and track terrorist recruiters • Predict maintenance requirements for essential assets to assure high availability • Improve retention and recruitment of critical human resources Conclusion People rely on your department or agency to look out for their health and safety. To do this effectively, you must use your staff and other resources as efficiently as possible. Having accurate information about past and current conditions is essential. Employing predictive insight gives you even greater control, enabling your agency to deploy the right resources to the right place at the right time. Protecting a nation’s safety is a complex and demanding task, typically requiring the coordinated efforts of many agencies. The sooner your agency can obtain reliable information, the sooner you can make plans – and take appropriate action. Whether you’re charged with interpreting intelligence data, identifying insider threats, guarding against network or physical infrastructure intrusion, protecting border security, or monitoring other types of suspicious or threatening activity, IBM SPSS solutions can help you better protect the people who count on you by transforming your capabilities from “sense and respond” to “predict and act.” 7
  8. 8. About SPSS, an IBM Company SPSS, an IBM Company, is a leading global provider of predictive analytics software and solutions. The company’s complete portfolio of products - data collection, statistics, modeling and deployment - captures people’s attitudes and opinions, predicts outcomes of future customer interactions, and then acts on these insights by embedding analytics into business processes. IBM SPSS solutions address interconnected business objectives across an entire organization by focusing on the convergence of analytics, IT architecture and business process. Commercial, government and academic customers worldwide rely on IBM SPSS technology as a competitive advantage in attracting, retaining and growing customers, while reducing fraud and mitigating risk. SPSS was acquired by IBM in October 2009. For further information, or to reach a representative, visit www.spss.com. © Copyright IBM Corporation 2010 SPSS Inc., an IBM Company Headquarters, 233 S. Wacker Drive, 11th floor Chicago, Illinois 60606 SPSS is a registered trademark and the other SPSS products named are trademarks of SPSS Inc., an IBM Company. © 2010 SPSS Inc., an IBM Company. All Rights Reserved. IBM and the IBM logo are trademarks of International Business Machines Corporation in the United States, other countries or both. For a complete list of IBM trademarks, see www.ibm.com/legal/copytrade.shtml. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. Any reference in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Please Recycle YTW03024GBEN-00