Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ARES - SeCIHD'11 Francesco Flammini


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

ARES - SeCIHD'11 Francesco Flammini

  1. 1. Augmenting Surveillance System Capabilities by Exploiting Event Correlation and Distributed Attack Detection presented by Dr. Francesco Flammini Ansaldo STS – Innovation & Competitiveness Unit [email_address] ARES’11 – SeCIHD Workshop Vienna, 22-23 August 2011 Francesco Flammini, Nicola Mazzocca, Alfio Pappalardo, Concetta Pragliola, Valeria Vittorini
  2. 2. P hysical S ecurity I nformation M anagement
  3. 3. SMS User Interface
  4. 4. Sensors and events Passenger Stations Power Stations Tunnels, Bridges Line Depots Vehicles
  5. 5. The DETECT framework <ul><li>Objectives: </li></ul><ul><ul><li>Provide superior early warning and situation awareness by automatic detection of suspicious threat scenarios </li></ul></ul><ul><ul><li>Increase alarm reliability by exploiting redundancy and diversity </li></ul></ul><ul><li>Means: </li></ul><ul><ul><li>Model-based correlation of primitive events detected by heterogeneous distributed sensor networks </li></ul></ul>
  6. 6. Prototype DETECT GUI
  7. 7. DETECT-SMS Integration <ul><li>The SMS collects the events generated by the sensorial subsystems and store them into the Event History DB </li></ul><ul><li>The DETECT correlation engine is fed by each new entry in the DB and provides warnings on threat scenarios in case of matches with known patterns </li></ul>DETECT SMS WARNINGS COMMANDS Event History DB VIEW THREAT DETAILS CONFIRM THREAT SCENARIOS
  8. 8. Detection Models based on Event Trees <ul><li>Example: </li></ul><ul><li>Additional parameters: contexts (initiatiator/terminator events) and timing contraints on logic operators </li></ul>
  9. 9. Example threat scenario <ul><ul><li>Drop of Chemical Warfare Agent (CWA) in an underground metro railway platform : possible basic set of events </li></ul></ul><ul><ul><li>attackers drop the CWA </li></ul></ul><ul><ul><li>contaminated people fall to the floor </li></ul></ul><ul><ul><li>people around the contaminated area run away and/or scream </li></ul></ul><ul><ul><li>CWA spread out on the platform and then reach the stairs/escalators to the concourse level </li></ul></ul>
  10. 10. Event Tree for the example scenario <ul><li>Detection model built using the DETECT GUI </li></ul>SCENARIO EVOLUTION STEP 1 2, <5’ -> , <10’ FALL RUN FALL RUN CAM 1 CAM 2 SCREAM MIC CWA CWA IMS/SAW IR
  11. 11. In-progress and future developments <ul><li>Francesco Flammini, Concetta Pragliola, Alfio Pappalardo and Valeria Vittorini : A robust approach for on-line and off-line threat detection based on event tree similarity analysis . In: Proc. 8th IEEE International Conference on Advanced Video and Signal-Based Surveillance, Workshop on Multimedia Systems for Surveillance (MMSS’11), Klagenfurt University, Austria, August 30 – September 2, 2011 </li></ul><ul><ul><li>Heuristic situation recognition, with increased robustness w.r.t. missed detections and imperfect scenario modeling </li></ul></ul><ul><li>Detection models based on Bayesian Networks or other probabilistic methods, accounting for: </li></ul><ul><ul><li>Sensor detection reliability parameters (POD, FAR, etc.) </li></ul></ul><ul><ul><li>“ Noisy” logic correlators for fuzzy reasoning </li></ul></ul><ul><li>Possible off-line running of the correlation engine for post-event forensic searches on user specified scenarios </li></ul><ul><li>Real-time updates on the Scenario Repository by the operators based on observed anomalies (human-in-the-loop assisted learning) </li></ul>
  12. 12. Thank you for your kind attention Questions?