Situation Managementto Counter Piracy

Alan SteinbergGeorgia Tech Research Institute

September 2011

Piracy & Hijacking (2004)

9

4

Outline

• Recognition-based approaches to threat detection & prediction– Model-based

• Attributes• Activities• Associations

– Anomaly-based• Explanation-based approaches• Recommended approach

– Threat prediction: opportunity-focused– Situation resolution

• Capability, Intent, Opportunity• Context exploitation

– Response management

Traditional Model-Based Approaches to Threat

Assessment

Signature-Based Indicators:

• Eye patch

• Peg leg

• Parrot on shoulder

• Skull-and-crossbones

Activity-Based Indicators:

• Rum drinking

• Frequent use of “arrrr”

• Treasure-burying

• Plank-walking

Feature Selection

Target Model

Feature Extraction

LiveData

MatchID

Decision

• Threats can be highly variable & ambiguous– Highly variable

– Non-linear and multi-modal

– Dynamic

– Complex & poorly-modeled causality

– Ambiguous

• Signatures

• Behaviors

• Relationships

Problem withModel-Based Detection

• A new trend in Automated Target Recognition−Model backgrounds

−Detect anomalies: possible targets

−Diagnose anomalies

• Adapt to human, social, cultural and behavioral modeling– Understanding the context within which they

operate: the “patterns of life” that characterize normalcy

– Allow discrimination of subtle deviations

Anomaly-Based Detection

PANDA Concept[199] PANDA[2]

(Predictive Analysis for Naval Deployment Activities)

Operational Challenges• Broad and diffuse threat• Highly cluttered environment (126,000 surface vessels > 100 tons; >50,000 merchant vessels)

• Highly variable environment (behaviors and updates)

• “Stovepiped” data sources prevent cross-organization analysis

• Use of global and local sensors complicates data fusion

Operational Needs• Exploit all-source data to maintain a complete and continuous surface picture

• Classify vessels in terms of what they are doing in addition to where they are

• Predict where vessels will be 6, 12, and 24 hours out to support Naval operations

• Detect potential threats to support interdiction activities

• PANDA system will provide anticipatory situation awareness for 100,000 vessels

• PANDA will go beyond merely tracking to perform motion-based change detection and infer intent

• PANDA will– Learn motion-based activity patterns from long-duration tracks and

correlated data

– Detect deviations from these patterns

– Learn and apply context models to predict potential threats even as patterns evolve

On-

Line

PANDA Anomaly-Based Processing[2]

Prediction & Activity MonitoringPredict vessel behavior and detect anomalies

Off-

Line

Motion-Based Pattern LearningExploit track data to learn patterns of normal

vessel behavior

Adaptive Context ModelingCapture domain models (case bases) of

obvious & non-obvious anomalies

Anomaly Processing & PresentationResolve anomalies and focus user attention

on prioritized threats

Global Traffic Patterns

• Alerts• Notifications• Warnings

COP

• Normal behavior can be very difficult to model– High dimensional: difficult to model dependencies– Non-linear and multi-modal

• Normal behavior can be highly variable & ambiguous

– High probability of mis-classification and of missed detection

• Anomalies may be very subtle (of high-order)– Requiring deep understanding for modeling– Requiring sophisticated detection process

• An intelligent adversary will maximize ambiguity[6]

– Steganography: “pretend, portray, profess an intended lie”[7]

– Work within our response cycle: Drop cover only when we have no time to respond

Problems with Anomaly-Based Detection

• Targets of Intelligence: activities rather than objects• Detect, identify, and track known activity types

• Discover previously unknown activity types

• Emerging ABI concepts hold promise for dealing with the increased data collection capabilities of – Advanced full motion video

– Wide area motion imagery

– SIGINT/GMTI

Activity-Based Intelligence

− Background objects (“normal objects”)

− Background activities (“normal behavior”)

• In reality, would like to be able to exploit ALL aspects:– Objects of interest

– Activities of interest

ABI View of Piracy

• Piracy is all about “Encounters”

• Look for current and potential for two objects to be within “effective” range of one another– One vessel attacking, boarding (etc.) another

– Vessel attacking shore asset

– Vessels transferring cargo or people

PotentialVictim

Encounter Opportunity Map

PotentialAttacker

Effective range| Encounter type A

Effective range| Encounter type BTime to opportunity A

| max. closing velocity

Time to opportunity B | max. closing velocity

• Collision

• Boarding/ Trans- loading

• Suicide bomb

• Small arms

• Shoulder-fired missile

• Torpedo

• Aid & Rescue

• etc.

Activity-Based Approach to Counter Piracy

• Opportunity Assessment: • Detect potential encounters & time-to-go (for various

encounter types)

• Capability/Intent Assessment: – Diagnose potential encounters

• Collision (unintentional)• Collision (intentional)• Boarding/ trans-loading• Suicide bomb

• Response– Situation resolution– Interdiction, etc.

• Small arms attack

• Shoulder-fired missile

• Torpedo

• Aid, Rescue, etc.

Example Scenario (1 of 5)[8]

?

?

?

?

?

?

Example Scenario (2 of 5)[8]

-40 -30 -20 -10 0 +10 +20 +30 +40

Target Selection Decision Tgt Engagement Decision

Estimated History Estimated Present Situation Projected Situation

Received Reports Predicted Coverage

Situation Time (Hyp H)

Report Time (Plan P)

PD

Contours

?

?

?

Example Scenario (3 of 5)[8]

Current Estimate of Present Situation

PD

Contours

?

?

?

-40 -30 -20 -10 0 +10 +20 +30 +40

Target Selection Decision Tgt Engagement Decision

Estimated History Estimated Present Situation Projected Situation

Received Reports Predicted Coverage

Expected Update of Present Situation

Example Scenario (4 of 5)[8]

Situation Time (Hyp H)

Report Time (Plan P)

?

?

?

PD

Contours

Target Selection Decision Tgt Engagement Decision

Estimated History Estimated Present Situation Projected Situation

Received Reports Predicted Coverage

-40 -30 -20 -10 0 +10 +20 +30 +40

Projection of Future Situation

Example Scenario (5 of 5)[8]

Situation Time (Hyp H)

Report Time (Plan P)

Available time to resolve

Available time to respond

No time to respond:“Check!”

Attack

Response Opportunity Map

Track potential threats (attackers, etc.)

• Attributes• Behaviors• Associations

Notional Processing Architecture

Track defended assets (potential victims)

Detect & project vessels within effective range

| encounter types

Prioritize threat potential• Opportunity• Capability • Intent

Resolve (as time & resources are available)

• Opportunity• Capability • Intent

Respond (as time & resources are available)

• Resources: equipment, human, information

• Coordination• Plausible attack plan

Summary

• Acts of piracy constrained more by Opportunity than by Capability or Intent

• Monitor defended assets (potential victims) for encounter opportunities

• Reason about encounter Opportunities– Encounter type / players / scenario– Time to go– Time to resolve– Time to respond

• Resolve encounter likelihood & characteristics – Assessing Capability and Intent

Outline

• Recognition-based approaches to threat detection & prediction– Model-based

• Attributes• Activities• Associations

– Anomaly-based• Explanation-based approaches• Recommended approach

– Threat prediction: opportunity-focused– Situation resolution

• Capability, Intent, Opportunity• Context exploitation

– Response management

Context Exploitationin Data Fusion[3,4]

• Define a data fusion problem in terms of – An explicit set of “problem variables” XS

– A utility function on the resolution of these variables ωS:σ(XS)→Ω

• Allow the system to select additional "context variables" YS

on the basis of

−The mutual information of the problem and context variables I(XS ;YS)

−The cost of the respective information acquisition/inferencing process: CA:{XS U YS}→Ω

World State Variables

Observable variables x

Latent variables ξ

Observable

Latent

Problem Variables and Context Variables[3]

Selected observable context

variables xs

Selected latent context variables ξs

Exogenousvariables

Observable problem variables y

Latent problem variables η

Endogenous(problem)variables

System-Level Management of Information Exploitation

Process[5,6]• Complex Interactions of actions & latencies require

ability to–Predict utility of information over time, given planned operational actions

–Predict availability & quality of data over time, given planned sensing actions

–Predict cost of planned actions:• Resource availability• Resource expenditure• Interference with system & external

activities (e.g. jamming, exposure)• Requires system-level

–Model of uncertainty, utility & cost–Model of resource performance

• Utility of information: (Z,tr)

• Probability of obtaining info given action plan: P(Z,tr|A)

• Cost of plan: C(A,tA)

• Net value of plan:

*(A) = [(Z,tr)- C(A,tA)] P(Z,tr|A) dZdtrtA

tr = time information received; tA = time of action

X)

A)

Generalized AdaptiveEvidence Accrual Process[4]

)(),|( AcAp Y

)(),|)(( AcAp Y

Inference Engine

Information Acquisition Manager

Needs SatisfactionDeterminat’n

Info Acq Planner

User Interface

Information Needs

Generation

Context DBs

Sit Hypotheses

Collection Data

Info Needs

Collection Management

DataRetrieval/

Mining

Data Collection

InferenceY X

A

Predict Utility of Info to Satisfy INs

Predict Utility of Info to Satisfy INs

Predict Prob & Cost of Acquiring Information

Predict Prob & Cost of Acquiring Information

Information Needs

Generation

Collection Management

DataRetrieval/

MiningInference

Needs SatisfactionDeterminat’n

Retrieve Collection & Context Data, (Component) Models & Hypotheses

Retrieve Collection & Context Data, (Component) Models & Hypotheses

Compose & Evaluate Situation Hypotheses

Compose & Evaluate Situation Hypotheses

Info Acq Planner

)( Y

X)Â

References[1] Nassim Nicholas Taleb, The Black Swan, The Impact of the Highly Improbable, Random

House, 2006

[2] Kendra E. Moore, Predictive Analysis for Naval Deployment Activities (PANDA), Briefing to Industry: PANDA Overview,” 16 September, 2005

[3] Alan N. Steinberg and Galina L. Rogova, “Situation and context in data fusion and natural language understanding,” Proc., Eleventh International Conference on Information Fusion, Cologne, 2008

[4] Alan N. Steinberg, “Context-sensitive data fusion using structural equation modeling,” Proc., Twelfth International Conference on Information Fusion, Seattle, 2009

[5] Robert C. Whitehair, A Framework for the Analysis of Sophisticated Control, Ph.D. Dissertation, University of Massachusetts CMPSCI Technical Report 95, February, 1996

[6] Michael Bennett and Edward Waltz, Counterdeception Principles and Applications for National Security, Artech House, 2007

[7] B. Whaley, Strategem: Deception and Surprise in War, Center for International Studies, MIT, 1969

[8] Alan N. Steinberg and Robert Pack, “Pixel-level fusion of active/passive data for real-time composite feature extraction and visualization,” NATO IST Panel Workshop, Massive Military Data Fusion and Visualisation, IST-036-RWS-005, Halden, Norway, 2002.

THAT’S ALL,

FOLKS!