Your SlideShare is downloading. ×
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
ARES - SeCIHD'11 Francesco Flammini
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ARES - SeCIHD'11 Francesco Flammini

483

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
483
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Augmenting Surveillance System Capabilities by Exploiting Event Correlation and Distributed Attack Detection presented by Dr. Francesco Flammini Ansaldo STS – Innovation & Competitiveness Unit [email_address] ARES’11 – SeCIHD Workshop Vienna, 22-23 August 2011 Francesco Flammini, Nicola Mazzocca, Alfio Pappalardo, Concetta Pragliola, Valeria Vittorini
  • 2. P hysical S ecurity I nformation M anagement
  • 3. SMS User Interface
  • 4. Sensors and events Passenger Stations Power Stations Tunnels, Bridges Line Depots Vehicles
  • 5. The DETECT framework
    • Objectives:
      • Provide superior early warning and situation awareness by automatic detection of suspicious threat scenarios
      • Increase alarm reliability by exploiting redundancy and diversity
    • Means:
      • Model-based correlation of primitive events detected by heterogeneous distributed sensor networks
  • 6. Prototype DETECT GUI
  • 7. DETECT-SMS Integration
    • The SMS collects the events generated by the sensorial subsystems and store them into the Event History DB
    • The DETECT correlation engine is fed by each new entry in the DB and provides warnings on threat scenarios in case of matches with known patterns
    DETECT SMS WARNINGS COMMANDS Event History DB VIEW THREAT DETAILS CONFIRM THREAT SCENARIOS
  • 8. Detection Models based on Event Trees
    • Example:
    • Additional parameters: contexts (initiatiator/terminator events) and timing contraints on logic operators
  • 9. Example threat scenario
      • Drop of Chemical Warfare Agent (CWA) in an underground metro railway platform : possible basic set of events
      • attackers drop the CWA
      • contaminated people fall to the floor
      • people around the contaminated area run away and/or scream
      • CWA spread out on the platform and then reach the stairs/escalators to the concourse level
  • 10. Event Tree for the example scenario
    • Detection model built using the DETECT GUI
    SCENARIO EVOLUTION STEP 1 2, <5’ -> , <10’ FALL RUN FALL RUN CAM 1 CAM 2 SCREAM MIC CWA CWA IMS/SAW IR
  • 11. In-progress and future developments
    • Francesco Flammini, Concetta Pragliola, Alfio Pappalardo and Valeria Vittorini : A robust approach for on-line and off-line threat detection based on event tree similarity analysis . In: Proc. 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, Workshop on Multimedia Systems for Surveillance (MMSS’11), Klagenfurt University, Austria, August 30 – September 2, 2011
      • Heuristic situation recognition, with increased robustness w.r.t. missed detections and imperfect scenario modeling
    • Detection models based on Bayesian Networks or other probabilistic methods, accounting for:
      • Sensor detection reliability parameters (POD, FAR, etc.)
      • “ Noisy” logic correlators for fuzzy reasoning
    • Possible off-line running of the correlation engine for post-event forensic searches on user specified scenarios
    • Real-time updates on the Scenario Repository by the operators based on observed anomalies (human-in-the-loop assisted learning)
  • 12. Thank you for your kind attention Questions?

×