Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107863
T. Connell
As emergency managers prepare for and then are called upon to direct recovery and response efforts for disaster events of any size, they are charged with ensuring that the response effort interconnects all responding personnel in a united effort “to ensure that each patient receives the most appropriate health care, at the optimal location, with the minimum delay.” (Committee on the Future of Emergency Care in the United States Health System, 2006) Managed attributes, not standards, ensure this essential interoperability, the foundation for providing the most skilled, most timely and most appropriate response to any size situation. Advanced Response Concepts was the first to apply identity management vetting practices to the verification of attributes (skills, certifications, licensure, medical records, etc) and created two discrete containers on a Smartcard. One in compliance with federal PIV standards and a second for the secure storage of attribute datasets. The result is a strong identity credential interoperable at multiple policy levels with additional accessible information for the protection of the responder and effective management of the responder as a resource. When combined with a IDM system, a strong attribute management system can be an invaluable tool in tracking available resources before an event occurs. Attributes (certifications, licensures and training programs) are associated with an individual and the IDM system provides the tools for geo-locating available resources. Now it is possible to identify resources by capability and use that information for advanced placement of responders to a known threat. The ability to allow the command authority to know when and where specific resources are located, what tasking assignments have been given and to whom, is paramount. Specific tasking assignments may be given in the field to respond to dynamic changes in the incident or nature of the response. Leveraging the reporting capabilities of the attribute management system allows for the visualization of the movement of resources thereby making the command authority aware of a change before it is reported formally. This ability to monitor movement can also serve as an early warning indicator pointing out assignments that may be using incomplete information or lacking situational understanding. Attribute management systems give command authorities trusted, verified, data on skills licenses and certifications held by responding individuals and teams in order to allow use of these human resources at the highest common denominator thereby making the most effective use of the resources available and providing the highest level of care and services to those in need during times of disaster of any scale.
{"title":"Managed attributes, not standards, lead to interoperability","authors":"T. Connell","doi":"10.1109/THS.2011.6107863","DOIUrl":"https://doi.org/10.1109/THS.2011.6107863","url":null,"abstract":"As emergency managers prepare for and then are called upon to direct recovery and response efforts for disaster events of any size, they are charged with ensuring that the response effort interconnects all responding personnel in a united effort “to ensure that each patient receives the most appropriate health care, at the optimal location, with the minimum delay.” (Committee on the Future of Emergency Care in the United States Health System, 2006) Managed attributes, not standards, ensure this essential interoperability, the foundation for providing the most skilled, most timely and most appropriate response to any size situation. Advanced Response Concepts was the first to apply identity management vetting practices to the verification of attributes (skills, certifications, licensure, medical records, etc) and created two discrete containers on a Smartcard. One in compliance with federal PIV standards and a second for the secure storage of attribute datasets. The result is a strong identity credential interoperable at multiple policy levels with additional accessible information for the protection of the responder and effective management of the responder as a resource. When combined with a IDM system, a strong attribute management system can be an invaluable tool in tracking available resources before an event occurs. Attributes (certifications, licensures and training programs) are associated with an individual and the IDM system provides the tools for geo-locating available resources. Now it is possible to identify resources by capability and use that information for advanced placement of responders to a known threat. The ability to allow the command authority to know when and where specific resources are located, what tasking assignments have been given and to whom, is paramount. Specific tasking assignments may be given in the field to respond to dynamic changes in the incident or nature of the response. Leveraging the reporting capabilities of the attribute management system allows for the visualization of the movement of resources thereby making the command authority aware of a change before it is reported formally. This ability to monitor movement can also serve as an early warning indicator pointing out assignments that may be using incomplete information or lacking situational understanding. Attribute management systems give command authorities trusted, verified, data on skills licenses and certifications held by responding individuals and teams in order to allow use of these human resources at the highest common denominator thereby making the most effective use of the resources available and providing the highest level of care and services to those in need during times of disaster of any scale.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130676697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107898
J. Webster, T. Grimes, B. Archambault, K. Fischer, N. Kostry, A. Lentner, J. Lapinskas, R. Taleyarkhan
Due to He-3 shortages as well as other fundamental limitations of 60-y nuclear power technology being adapted for present-day sensor needs, transformational nuclear particle sensor system developments have sponsored by DARPA, DoE, DHS and NSF. These systems dispense with need for conventional He-3, liquid scintillation or solid-state devices. The novel systems detect a variety of radiation types via interactions with ordinary fluids such as water and acetone placed under metastable states of tensioned (yes, sub-zero or below-vacuum) liquid pressures at room temperature. Advancements have resulted which: enable directionality information in 30s to within 10 degrees of a weapons of mass destruction (WMD) neutron source at 25m (80ft); offer over 90% intrinsic efficiency; offer the ability to decipher multiplicity of neutron emission characteristic of spontaneous and induced fission from fissile isotopes; and, enable one to detect WMD-shielded neutrons in the 0.01 eV range, to unshielded neutrons in the 1–10 MeV range, coupled with the ability to detect alpha emitting special nuclear material (SNM) signatures to within 1–5 keV in energy resolution, and detection sensitivities to ultra-trace levels (i.e., to femto-grams per cc of SNMs such as Pu, and Am). The novel tension metastable fluid detector (TMFD) systems are robust, and are presently built in the laboratory with material costs in the ∼$50+ range — with inherent gamma blindness capability. A multi-physics design framework (including nuclear particle transport, acoustics, structural dynamics, fluid-heat transfer, and electro-magnetics), has also been developed, and validated. Comparison against He-3 technology is presented along with adaptation to variety of scenarios ranging from border crossings, to spent nuclear reprocessing plants to portals and moving platforms.
{"title":"Beyond He-3 nuclear sensors — TMFDs for real-time SNM monitoring with directionality","authors":"J. Webster, T. Grimes, B. Archambault, K. Fischer, N. Kostry, A. Lentner, J. Lapinskas, R. Taleyarkhan","doi":"10.1109/THS.2011.6107898","DOIUrl":"https://doi.org/10.1109/THS.2011.6107898","url":null,"abstract":"Due to He-3 shortages as well as other fundamental limitations of 60-y nuclear power technology being adapted for present-day sensor needs, transformational nuclear particle sensor system developments have sponsored by DARPA, DoE, DHS and NSF. These systems dispense with need for conventional He-3, liquid scintillation or solid-state devices. The novel systems detect a variety of radiation types via interactions with ordinary fluids such as water and acetone placed under metastable states of tensioned (yes, sub-zero or below-vacuum) liquid pressures at room temperature. Advancements have resulted which: enable directionality information in 30s to within 10 degrees of a weapons of mass destruction (WMD) neutron source at 25m (80ft); offer over 90% intrinsic efficiency; offer the ability to decipher multiplicity of neutron emission characteristic of spontaneous and induced fission from fissile isotopes; and, enable one to detect WMD-shielded neutrons in the 0.01 eV range, to unshielded neutrons in the 1–10 MeV range, coupled with the ability to detect alpha emitting special nuclear material (SNM) signatures to within 1–5 keV in energy resolution, and detection sensitivities to ultra-trace levels (i.e., to femto-grams per cc of SNMs such as Pu, and Am). The novel tension metastable fluid detector (TMFD) systems are robust, and are presently built in the laboratory with material costs in the ∼$50+ range — with inherent gamma blindness capability. A multi-physics design framework (including nuclear particle transport, acoustics, structural dynamics, fluid-heat transfer, and electro-magnetics), has also been developed, and validated. Comparison against He-3 technology is presented along with adaptation to variety of scenarios ranging from border crossings, to spent nuclear reprocessing plants to portals and moving platforms.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121451183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107917
R. Dove
Anomaly detection promises to find elements of abnormality in a field of data. Computational barriers constrain anomaly detection to sparse subsets of total anomaly space. Barriers manifest in three ways — conserving both pattern memory capacity and pattern matching cycle time, while closing off scalability. The research reported here has discovered and analyzed a technology to eliminate two of these barriers, memory capacity and cycle time, and by targeting implementation at a new VLSI pattern processor, eliminate the third scalability barrier. An example shows how 10 to the 15 patterns integrated as a single gang detector can be stored in 193 bytes of memory, with much larger pattern magnitudes practical as well. The architecture of the gang detector enables complete processing of all 10 to the 15 patterns in time determined by the number of features in a single pattern, rather than the total number of patterns. Scalability is provided by a reconfigurable massively parallel VLSI pattern-matching processor chip that can accommodate a virtually unbounded number of such gang detectors. Anomalous behavior detection promises a way round the limitations of looking only for known attack patterns, but it raises new issues in the cyber domain of higher false positive rates and questionable normal-behavior stability. Work reported in this paper describes the nature and capability of gang detector employment, and suggests that the traditional issues of anomaly detection can be addressed with an architecture that engages in continuous learning and re-profiling of normal behavior, and employs a sensemaking hierarchy to reduce false positives. The architecture is based on process patterns from the biological immune system combined with process patterns of mammalian cortical hierarchical sensemaking.
{"title":"Self-organizing resilient network sensing (SornS) with very large scale anomaly detection","authors":"R. Dove","doi":"10.1109/THS.2011.6107917","DOIUrl":"https://doi.org/10.1109/THS.2011.6107917","url":null,"abstract":"Anomaly detection promises to find elements of abnormality in a field of data. Computational barriers constrain anomaly detection to sparse subsets of total anomaly space. Barriers manifest in three ways — conserving both pattern memory capacity and pattern matching cycle time, while closing off scalability. The research reported here has discovered and analyzed a technology to eliminate two of these barriers, memory capacity and cycle time, and by targeting implementation at a new VLSI pattern processor, eliminate the third scalability barrier. An example shows how 10 to the 15 patterns integrated as a single gang detector can be stored in 193 bytes of memory, with much larger pattern magnitudes practical as well. The architecture of the gang detector enables complete processing of all 10 to the 15 patterns in time determined by the number of features in a single pattern, rather than the total number of patterns. Scalability is provided by a reconfigurable massively parallel VLSI pattern-matching processor chip that can accommodate a virtually unbounded number of such gang detectors. Anomalous behavior detection promises a way round the limitations of looking only for known attack patterns, but it raises new issues in the cyber domain of higher false positive rates and questionable normal-behavior stability. Work reported in this paper describes the nature and capability of gang detector employment, and suggests that the traditional issues of anomaly detection can be addressed with an architecture that engages in continuous learning and re-profiling of normal behavior, and employs a sensemaking hierarchy to reduce false positives. The architecture is based on process patterns from the biological immune system combined with process patterns of mammalian cortical hierarchical sensemaking.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123875559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107883
R. Granger, L. Faulkner, E. Rabe, D. Steinbrecher
Battelle and Naval Undersea Warfare Center (NUWC) Division Newport have developed a maritime security system called Harbor Shield, which can acoustically image the underhull of a vessel from a fixed location to detect potential threats while the vessel is underway. US Immigration and Customs Enforcement dive teams and other security personnel have recovered parasitic drug smuggling devices attached to hulls, and similar devices could be used to attach explosives. At present, the only way to detect such objects is through inspection of stationary vessels by divers, remotely operated vehicles (ROVs) or autonomous underwater vehicles (AUVs). This method is resource intensive and disruptive to traffic, making 100% inspection of vessels a challenge. Harbor Shield will provide the ability to scan moving vessels; process and fuse data from multiple sensors (including side scan sonar); and interface with harbor security systems. This paper discusses recent results, future plans, and benefits of the system.
{"title":"Harbor shield program update: Underwater acoustic imaging of moving vessels","authors":"R. Granger, L. Faulkner, E. Rabe, D. Steinbrecher","doi":"10.1109/THS.2011.6107883","DOIUrl":"https://doi.org/10.1109/THS.2011.6107883","url":null,"abstract":"Battelle and Naval Undersea Warfare Center (NUWC) Division Newport have developed a maritime security system called Harbor Shield, which can acoustically image the underhull of a vessel from a fixed location to detect potential threats while the vessel is underway. US Immigration and Customs Enforcement dive teams and other security personnel have recovered parasitic drug smuggling devices attached to hulls, and similar devices could be used to attach explosives. At present, the only way to detect such objects is through inspection of stationary vessels by divers, remotely operated vehicles (ROVs) or autonomous underwater vehicles (AUVs). This method is resource intensive and disruptive to traffic, making 100% inspection of vessels a challenge. Harbor Shield will provide the ability to scan moving vessels; process and fuse data from multiple sensors (including side scan sonar); and interface with harbor security systems. This paper discusses recent results, future plans, and benefits of the system.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122572407","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107844
R. Desourdis, Kevin F. Vest, Mark O'Brien, David J. Mulholland
Digital television (DTV) provides a critical broadband broadcast resource for interoperable public safety and homeland security applications. Beyond the simplistic view of DTV as a resource for repurposed spectrum to public safety, existing DTV stations are providing megabits per second of encrypted data, including Internet Protocol (IP) video, geospatial visualization, data files, text messages, and any digital media. These datacasts, not available to the public, can be targeted to one or any number of selected receivers or groups of receivers in the broadcast area with no congestion effects, unlike cellular systems; that is, DTV ensures all subscribers receive the full bandwidth available. This paper is an introduction to DTV for both day-to-day applications as well as resilient emergency and post-disaster datacast for wide-area situational awareness and command coordination. The paper also emphasizes the development of a datacast concept of operations for public safety and homeland security.
{"title":"Digital televison for homeland security: Broadband datacast for situational awareness and command coordination","authors":"R. Desourdis, Kevin F. Vest, Mark O'Brien, David J. Mulholland","doi":"10.1109/THS.2011.6107844","DOIUrl":"https://doi.org/10.1109/THS.2011.6107844","url":null,"abstract":"Digital television (DTV) provides a critical broadband broadcast resource for interoperable public safety and homeland security applications. Beyond the simplistic view of DTV as a resource for repurposed spectrum to public safety, existing DTV stations are providing megabits per second of encrypted data, including Internet Protocol (IP) video, geospatial visualization, data files, text messages, and any digital media. These datacasts, not available to the public, can be targeted to one or any number of selected receivers or groups of receivers in the broadcast area with no congestion effects, unlike cellular systems; that is, DTV ensures all subscribers receive the full bandwidth available. This paper is an introduction to DTV for both day-to-day applications as well as resilient emergency and post-disaster datacast for wide-area situational awareness and command coordination. The paper also emphasizes the development of a datacast concept of operations for public safety and homeland security.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"25 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122217093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107910
C. J. John, C. Pancerella, L. Yang, Karim Mahrous, K. Holtermann, G. R. Elkin, A. Norige, J. Mapar
The Department of Homeland Security — Science and Technology Directorate (S&T) has partnered with FEMA to investigate and assess new technologies and processes for an updated Homeland Security Exercise and Evaluation Program (HSEEP) Enterprise Platform (EP) for operational use. HSEEP is a capabilities and performance-based exercise program which provides a standardized policy, methodology, and terminology for exercise design, development, conduct, evaluation, and improvement planning. An integral part of HSEEP was the development of the HSEEP Toolkit, a web-based collection of tools for exercise scheduling, design, development, evaluation and improvement planning. The current HSEEP toolkit does not facilitate information sharing or provide a seamlessly integrated exercise support system. In order to effectively update the capabilities of this HSEEP toolkit, an exhaustive assessment was performed that focused on: new system requirements; translation of the new system requirements and the results of an initial operations analysis into an improved HSEEP toolkit prototype aimed at exercise support; and the incorporation of science-based information and data via modeling and simulation (M&S) capabilities into the HSEEP exercise cycle.
{"title":"New technologies and processes for the Homeland Security Exercise and Evaluation Program toolkit","authors":"C. J. John, C. Pancerella, L. Yang, Karim Mahrous, K. Holtermann, G. R. Elkin, A. Norige, J. Mapar","doi":"10.1109/THS.2011.6107910","DOIUrl":"https://doi.org/10.1109/THS.2011.6107910","url":null,"abstract":"The Department of Homeland Security — Science and Technology Directorate (S&T) has partnered with FEMA to investigate and assess new technologies and processes for an updated Homeland Security Exercise and Evaluation Program (HSEEP) Enterprise Platform (EP) for operational use. HSEEP is a capabilities and performance-based exercise program which provides a standardized policy, methodology, and terminology for exercise design, development, conduct, evaluation, and improvement planning. An integral part of HSEEP was the development of the HSEEP Toolkit, a web-based collection of tools for exercise scheduling, design, development, evaluation and improvement planning. The current HSEEP toolkit does not facilitate information sharing or provide a seamlessly integrated exercise support system. In order to effectively update the capabilities of this HSEEP toolkit, an exhaustive assessment was performed that focused on: new system requirements; translation of the new system requirements and the results of an initial operations analysis into an improved HSEEP toolkit prototype aimed at exercise support; and the incorporation of science-based information and data via modeling and simulation (M&S) capabilities into the HSEEP exercise cycle.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122217853","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107870
Divya Venkatraman, V. Reddy, Andy W. H. Khong, B. Ng
We address the problem of human footstep detection using data recorded by a single tri-axial geophone. It is observed that footstep signature recorded using a vector-sensor is characterized by signal polarization, which, when exploited effectively, has the capability to identify footsteps at increasing source-sensor distances compared to existing techniques. We quantify the effect of signal polarization by fitting a great-arc using spherical linear interpolation (SLERP) to the data vectors after normalization. Furthermore, the signal polarization metric, which provides extended detection range, is combined with signal energy to form a robust polarization-cum-energy metric for efficient detection. Experimental results are presented to substantiate the performance of this technique.
{"title":"Polarization-cum-energy metric for footstep detection using vector-sensor","authors":"Divya Venkatraman, V. Reddy, Andy W. H. Khong, B. Ng","doi":"10.1109/THS.2011.6107870","DOIUrl":"https://doi.org/10.1109/THS.2011.6107870","url":null,"abstract":"We address the problem of human footstep detection using data recorded by a single tri-axial geophone. It is observed that footstep signature recorded using a vector-sensor is characterized by signal polarization, which, when exploited effectively, has the capability to identify footsteps at increasing source-sensor distances compared to existing techniques. We quantify the effect of signal polarization by fitting a great-arc using spherical linear interpolation (SLERP) to the data vectors after normalization. Furthermore, the signal polarization metric, which provides extended detection range, is combined with signal energy to form a robust polarization-cum-energy metric for efficient detection. Experimental results are presented to substantiate the performance of this technique.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130204458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107847
J. Thornton, Jeanette Baran-Gale, Daniel Butler, Michael T. Chan, Heather Zwahlen
This paper describes novel video analytics technology which allows an operator to search through large volumes of surveillance video data to find persons that match a particular attribute profile. Since the proposed technique is geared for surveillance of large areas, this profile consists of attributes that are observable at a distance (including clothing information, hair color, gender, etc) rather than identifying information at the face level. The purpose of this tool is to allow security staff or investigators to quickly locate a person-of-interest in real time (e.g., based on witness descriptions) or to speed up the process of video-based forensic investigations. The proposed algorithm consists of two main components: a technique for detecting individual moving persons in large and potentially crowded scenes, and an algorithm for scoring how well each detection matches a given attribute profile based on a generative probabilistic model. The system described in this paper has been implemented as a proof-of-concept interactive software tool and has been applied to different test video datasets, including collections in an airport terminal and collections in an outdoor environment for law enforcement monitoring. This paper discusses performance statistics measured on these datasets, as well as key algorithmic challenges and useful extensions of this work based on end-user feedback.1
{"title":"Person attribute search for large-area video surveillance","authors":"J. Thornton, Jeanette Baran-Gale, Daniel Butler, Michael T. Chan, Heather Zwahlen","doi":"10.1109/THS.2011.6107847","DOIUrl":"https://doi.org/10.1109/THS.2011.6107847","url":null,"abstract":"This paper describes novel video analytics technology which allows an operator to search through large volumes of surveillance video data to find persons that match a particular attribute profile. Since the proposed technique is geared for surveillance of large areas, this profile consists of attributes that are observable at a distance (including clothing information, hair color, gender, etc) rather than identifying information at the face level. The purpose of this tool is to allow security staff or investigators to quickly locate a person-of-interest in real time (e.g., based on witness descriptions) or to speed up the process of video-based forensic investigations. The proposed algorithm consists of two main components: a technique for detecting individual moving persons in large and potentially crowded scenes, and an algorithm for scoring how well each detection matches a given attribute profile based on a generative probabilistic model. The system described in this paper has been implemented as a proof-of-concept interactive software tool and has been applied to different test video datasets, including collections in an airport terminal and collections in an outdoor environment for law enforcement monitoring. This paper discusses performance statistics measured on these datasets, as well as key algorithmic challenges and useful extensions of this work based on end-user feedback.1","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130391027","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107918
A. D'Amico, Christina Verderosa, Christopher Horn, Timothy Imhof
Critical infrastructure can be vulnerable to cyber attacks through 802.11 wireless networks. Because wireless intruders are within short range of the targeted network, they can be directly observed by security forces cued to their presence. WildCAT is a prototype system that extends the reach of a physical security force into the cyber realm to detect and respond to wireless threats and vulnerabilities. Its design uses physical security vehicles as the platform for collecting wireless network activity that is then sent via a cellular network to an analysis center. At the analysis center, cyber security specialists detect suspicious activity and cue the physical security force to its location. WildCAT will be tested in comparison to traditional approaches to wardriving, as well as a supplement to wireless intrusion detection systems.
{"title":"Integrating physical and cyber security resources to detect wireless threats to critical infrastructure","authors":"A. D'Amico, Christina Verderosa, Christopher Horn, Timothy Imhof","doi":"10.1109/THS.2011.6107918","DOIUrl":"https://doi.org/10.1109/THS.2011.6107918","url":null,"abstract":"Critical infrastructure can be vulnerable to cyber attacks through 802.11 wireless networks. Because wireless intruders are within short range of the targeted network, they can be directly observed by security forces cued to their presence. WildCAT is a prototype system that extends the reach of a physical security force into the cyber realm to detect and respond to wireless threats and vulnerabilities. Its design uses physical security vehicles as the platform for collecting wireless network activity that is then sent via a cellular network to an analysis center. At the analysis center, cyber security specialists detect suspicious activity and cue the physical security force to its location. WildCAT will be tested in comparison to traditional approaches to wardriving, as well as a supplement to wireless intrusion detection systems.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127297550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107850
S. Shetty, S. Mukkavilli, L. Keel
Anomaly-based network Intrusion Detection Systems (IDS) model patterns of normal activity and detect novel network attacks. However, these systems depend on the availability of the systems normal traffic pattern profile. But the statistical fingerprint of the normal traffic pattern can change and shift over a period of time due to changes in operational or user activity at the networked site or even system updates. The changes in normal traffic patterns over time lead to concept drift. Some changes can be temporal, cyclical and can be short-lived or they can last for longer periods of time. Depending on a number of factors the speed at which the change in traffic patterns occurs can also be variable, ranging from near instantaneous to the change occurring over the span of numerous months. These changes in traffic patterns are a cause of concern for IDSs as they can lead to a significant increase in false positive rates, thereby reducing the overall system performance. In order to improve the reliability of the IDS, there is a need for an automated mechanism to detect valid traffic changes and avoid inappropriate ad hoc responses. ROC curves have historically been used to evaluate the accuracy of IDSs. ROC curves generated using fixed, time-invariant classification thresholds do not characterize the best accuracy that an IDS can achieve in presence of concept-drifting network traffic. In this paper, we present a integrated supervised machine learning and control theoretic model for detecting concept drift in network traffic patterns. The model comprises of a online support vector machine based classifier(incremental anomaly based detection), a Kullback - Leibler divergence based relative entropy measurement scheme(quantifying concept drift) and feedback control engine(adapting ROC thresholding). In our proposed system, any intrusion activity will cause significant variations, thereby causing a large error, while a minor aberration in the variations (concept drift) will not be immediately reported as alert.
{"title":"An integrated machine learning and control theoretic model for mining concept-drifting data streams","authors":"S. Shetty, S. Mukkavilli, L. Keel","doi":"10.1109/THS.2011.6107850","DOIUrl":"https://doi.org/10.1109/THS.2011.6107850","url":null,"abstract":"Anomaly-based network Intrusion Detection Systems (IDS) model patterns of normal activity and detect novel network attacks. However, these systems depend on the availability of the systems normal traffic pattern profile. But the statistical fingerprint of the normal traffic pattern can change and shift over a period of time due to changes in operational or user activity at the networked site or even system updates. The changes in normal traffic patterns over time lead to concept drift. Some changes can be temporal, cyclical and can be short-lived or they can last for longer periods of time. Depending on a number of factors the speed at which the change in traffic patterns occurs can also be variable, ranging from near instantaneous to the change occurring over the span of numerous months. These changes in traffic patterns are a cause of concern for IDSs as they can lead to a significant increase in false positive rates, thereby reducing the overall system performance. In order to improve the reliability of the IDS, there is a need for an automated mechanism to detect valid traffic changes and avoid inappropriate ad hoc responses. ROC curves have historically been used to evaluate the accuracy of IDSs. ROC curves generated using fixed, time-invariant classification thresholds do not characterize the best accuracy that an IDS can achieve in presence of concept-drifting network traffic. In this paper, we present a integrated supervised machine learning and control theoretic model for detecting concept drift in network traffic patterns. The model comprises of a online support vector machine based classifier(incremental anomaly based detection), a Kullback - Leibler divergence based relative entropy measurement scheme(quantifying concept drift) and feedback control engine(adapting ROC thresholding). In our proposed system, any intrusion activity will cause significant variations, thereby causing a large error, while a minor aberration in the variations (concept drift) will not be immediately reported as alert.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116687440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: