ARES - SeCIHD'11 Francesco Flammini

  • 473 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
473
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Augmenting Surveillance System Capabilities by Exploiting Event Correlation and Distributed Attack Detection presented by Dr. Francesco Flammini Ansaldo STS – Innovation & Competitiveness Unit [email_address] ARES’11 – SeCIHD Workshop Vienna, 22-23 August 2011 Francesco Flammini, Nicola Mazzocca, Alfio Pappalardo, Concetta Pragliola, Valeria Vittorini
  • 2. P hysical S ecurity I nformation M anagement
  • 3. SMS User Interface
  • 4. Sensors and events Passenger Stations Power Stations Tunnels, Bridges Line Depots Vehicles
  • 5. The DETECT framework
    • Objectives:
      • Provide superior early warning and situation awareness by automatic detection of suspicious threat scenarios
      • Increase alarm reliability by exploiting redundancy and diversity
    • Means:
      • Model-based correlation of primitive events detected by heterogeneous distributed sensor networks
  • 6. Prototype DETECT GUI
  • 7. DETECT-SMS Integration
    • The SMS collects the events generated by the sensorial subsystems and store them into the Event History DB
    • The DETECT correlation engine is fed by each new entry in the DB and provides warnings on threat scenarios in case of matches with known patterns
    DETECT SMS WARNINGS COMMANDS Event History DB VIEW THREAT DETAILS CONFIRM THREAT SCENARIOS
  • 8. Detection Models based on Event Trees
    • Example:
    • Additional parameters: contexts (initiatiator/terminator events) and timing contraints on logic operators
  • 9. Example threat scenario
      • Drop of Chemical Warfare Agent (CWA) in an underground metro railway platform : possible basic set of events
      • attackers drop the CWA
      • contaminated people fall to the floor
      • people around the contaminated area run away and/or scream
      • CWA spread out on the platform and then reach the stairs/escalators to the concourse level
  • 10. Event Tree for the example scenario
    • Detection model built using the DETECT GUI
    SCENARIO EVOLUTION STEP 1 2, <5’ -> , <10’ FALL RUN FALL RUN CAM 1 CAM 2 SCREAM MIC CWA CWA IMS/SAW IR
  • 11. In-progress and future developments
    • Francesco Flammini, Concetta Pragliola, Alfio Pappalardo and Valeria Vittorini : A robust approach for on-line and off-line threat detection based on event tree similarity analysis . In: Proc. 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, Workshop on Multimedia Systems for Surveillance (MMSS’11), Klagenfurt University, Austria, August 30 – September 2, 2011
      • Heuristic situation recognition, with increased robustness w.r.t. missed detections and imperfect scenario modeling
    • Detection models based on Bayesian Networks or other probabilistic methods, accounting for:
      • Sensor detection reliability parameters (POD, FAR, etc.)
      • “ Noisy” logic correlators for fuzzy reasoning
    • Possible off-line running of the correlation engine for post-event forensic searches on user specified scenarios
    • Real-time updates on the Scenario Repository by the operators based on observed anomalies (human-in-the-loop assisted learning)
  • 12. Thank you for your kind attention Questions?