Situation Management to Counter Piracy Alan Steinberg Georgia Tech Research Institute September...
-
Upload
michael-clement-mccarthy -
Category
Documents
-
view
212 -
download
0
Transcript of Situation Management to Counter Piracy Alan Steinberg Georgia Tech Research Institute September...
Situation Managementto Counter Piracy
Alan SteinbergGeorgia Tech Research Institute
September 2011
Piracy & Hijacking (2004)
9
4
Outline
• Recognition-based approaches to threat detection & prediction– Model-based
• Attributes• Activities• Associations
– Anomaly-based• Explanation-based approaches• Recommended approach
– Threat prediction: opportunity-focused– Situation resolution
• Capability, Intent, Opportunity• Context exploitation
– Response management
Traditional Model-Based Approaches to Threat
Assessment
Signature-Based Indicators:
• Eye patch
• Peg leg
• Parrot on shoulder
• Skull-and-crossbones
Activity-Based Indicators:
• Rum drinking
• Frequent use of “arrrr”
• Treasure-burying
• Plank-walking
Feature Selection
Target Model
Feature Extraction
LiveData
MatchID
Decision
• Threats can be highly variable & ambiguous– Highly variable
– Non-linear and multi-modal
– Dynamic
– Complex & poorly-modeled causality
– Ambiguous
• Signatures
• Behaviors
• Relationships
Problem withModel-Based Detection
• A new trend in Automated Target Recognition−Model backgrounds
−Detect anomalies: possible targets
−Diagnose anomalies
• Adapt to human, social, cultural and behavioral modeling– Understanding the context within which they
operate: the “patterns of life” that characterize normalcy
– Allow discrimination of subtle deviations
Anomaly-Based Detection
PANDA Concept[199] PANDA[2]
(Predictive Analysis for Naval Deployment Activities)
Operational Challenges• Broad and diffuse threat• Highly cluttered environment (126,000 surface vessels > 100 tons; >50,000 merchant vessels)
• Highly variable environment (behaviors and updates)
• “Stovepiped” data sources prevent cross-organization analysis
• Use of global and local sensors complicates data fusion
Operational Needs• Exploit all-source data to maintain a complete and continuous surface picture
• Classify vessels in terms of what they are doing in addition to where they are
• Predict where vessels will be 6, 12, and 24 hours out to support Naval operations
• Detect potential threats to support interdiction activities
• PANDA system will provide anticipatory situation awareness for 100,000 vessels
• PANDA will go beyond merely tracking to perform motion-based change detection and infer intent
• PANDA will– Learn motion-based activity patterns from long-duration tracks and
correlated data
– Detect deviations from these patterns
– Learn and apply context models to predict potential threats even as patterns evolve
On-
Line
PANDA Anomaly-Based Processing[2]
Prediction & Activity MonitoringPredict vessel behavior and detect anomalies
Off-
Line
Motion-Based Pattern LearningExploit track data to learn patterns of normal
vessel behavior
Adaptive Context ModelingCapture domain models (case bases) of
obvious & non-obvious anomalies
Anomaly Processing & PresentationResolve anomalies and focus user attention
on prioritized threats
Global Traffic Patterns
• Alerts• Notifications• Warnings
COP
• Normal behavior can be very difficult to model– High dimensional: difficult to model dependencies– Non-linear and multi-modal
• Normal behavior can be highly variable & ambiguous
– High probability of mis-classification and of missed detection
• Anomalies may be very subtle (of high-order)– Requiring deep understanding for modeling– Requiring sophisticated detection process
• An intelligent adversary will maximize ambiguity[6]
– Steganography: “pretend, portray, profess an intended lie”[7]
– Work within our response cycle: Drop cover only when we have no time to respond
Problems with Anomaly-Based Detection
• Targets of Intelligence: activities rather than objects• Detect, identify, and track known activity types
• Discover previously unknown activity types
• Emerging ABI concepts hold promise for dealing with the increased data collection capabilities of – Advanced full motion video
– Wide area motion imagery
– SIGINT/GMTI
Activity-Based Intelligence
− Background objects (“normal objects”)
− Background activities (“normal behavior”)
• In reality, would like to be able to exploit ALL aspects:– Objects of interest
– Activities of interest
ABI View of Piracy
• Piracy is all about “Encounters”
• Look for current and potential for two objects to be within “effective” range of one another– One vessel attacking, boarding (etc.) another
– Vessel attacking shore asset
– Vessels transferring cargo or people
PotentialVictim
Encounter Opportunity Map
PotentialAttacker
Effective range| Encounter type A
Effective range| Encounter type BTime to opportunity A
| max. closing velocity
Time to opportunity B | max. closing velocity
• Collision
• Boarding/ Trans- loading
• Suicide bomb
• Small arms
• Shoulder-fired missile
• Torpedo
• Aid & Rescue
• etc.
Activity-Based Approach to Counter Piracy
• Opportunity Assessment: • Detect potential encounters & time-to-go (for various
encounter types)
• Capability/Intent Assessment: – Diagnose potential encounters
• Collision (unintentional)• Collision (intentional)• Boarding/ trans-loading• Suicide bomb
• Response– Situation resolution– Interdiction, etc.
• Small arms attack
• Shoulder-fired missile
• Torpedo
• Aid, Rescue, etc.
Example Scenario (1 of 5)[8]
?
?
?
?
?
?
Example Scenario (2 of 5)[8]
-40 -30 -20 -10 0 +10 +20 +30 +40
Target Selection Decision Tgt Engagement Decision
Estimated History Estimated Present Situation Projected Situation
Received Reports Predicted Coverage
Situation Time (Hyp H)
Report Time (Plan P)
PD
Contours
?
?
?
Example Scenario (3 of 5)[8]
Current Estimate of Present Situation
PD
Contours
?
?
?
-40 -30 -20 -10 0 +10 +20 +30 +40
Target Selection Decision Tgt Engagement Decision
Estimated History Estimated Present Situation Projected Situation
Received Reports Predicted Coverage
Expected Update of Present Situation
Example Scenario (4 of 5)[8]
Situation Time (Hyp H)
Report Time (Plan P)
?
?
?
PD
Contours
Target Selection Decision Tgt Engagement Decision
Estimated History Estimated Present Situation Projected Situation
Received Reports Predicted Coverage
-40 -30 -20 -10 0 +10 +20 +30 +40
Projection of Future Situation
Example Scenario (5 of 5)[8]
Situation Time (Hyp H)
Report Time (Plan P)
Available time to resolve
Available time to respond
No time to respond:“Check!”
Attack
Response Opportunity Map
Track potential threats (attackers, etc.)
• Attributes• Behaviors• Associations
Notional Processing Architecture
Track defended assets (potential victims)
Detect & project vessels within effective range
| encounter types
Prioritize threat potential• Opportunity• Capability • Intent
Resolve (as time & resources are available)
• Opportunity• Capability • Intent
Respond (as time & resources are available)
• Resources: equipment, human, information
• Coordination• Plausible attack plan
Summary
• Acts of piracy constrained more by Opportunity than by Capability or Intent
• Monitor defended assets (potential victims) for encounter opportunities
• Reason about encounter Opportunities– Encounter type / players / scenario– Time to go– Time to resolve– Time to respond
• Resolve encounter likelihood & characteristics – Assessing Capability and Intent
Outline
• Recognition-based approaches to threat detection & prediction– Model-based
• Attributes• Activities• Associations
– Anomaly-based• Explanation-based approaches• Recommended approach
– Threat prediction: opportunity-focused– Situation resolution
• Capability, Intent, Opportunity• Context exploitation
– Response management
Context Exploitationin Data Fusion[3,4]
• Define a data fusion problem in terms of – An explicit set of “problem variables” XS
– A utility function on the resolution of these variables ωS:σ(XS)→Ω
• Allow the system to select additional "context variables" YS
on the basis of
−The mutual information of the problem and context variables I(XS ;YS)
−The cost of the respective information acquisition/inferencing process: CA:{XS U YS}→Ω
World State Variables
Observable variables x
Latent variables ξ
Observable
Latent
Problem Variables and Context Variables[3]
Selected observable context
variables xs
Selected latent context variables ξs
Exogenousvariables
Observable problem variables y
Latent problem variables η
Endogenous(problem)variables
System-Level Management of Information Exploitation
Process[5,6]• Complex Interactions of actions & latencies require
ability to–Predict utility of information over time, given planned operational actions
–Predict availability & quality of data over time, given planned sensing actions
–Predict cost of planned actions:• Resource availability• Resource expenditure• Interference with system & external
activities (e.g. jamming, exposure)• Requires system-level
–Model of uncertainty, utility & cost–Model of resource performance
• Utility of information: (Z,tr)
• Probability of obtaining info given action plan: P(Z,tr|A)
• Cost of plan: C(A,tA)
• Net value of plan:
*(A) = [(Z,tr)- C(A,tA)] P(Z,tr|A) dZdtrtA
tr = time information received; tA = time of action
X)
A)
Generalized AdaptiveEvidence Accrual Process[4]
)(),|( AcAp Y
)(),|)(( AcAp Y
Inference Engine
Information Acquisition Manager
Needs SatisfactionDeterminat’n
Info Acq Planner
User Interface
Information Needs
Generation
Context DBs
Sit Hypotheses
Collection Data
Info Needs
Collection Management
DataRetrieval/
Mining
Data Collection
InferenceY X
A
Predict Utility of Info to Satisfy INs
Predict Utility of Info to Satisfy INs
Predict Prob & Cost of Acquiring Information
Predict Prob & Cost of Acquiring Information
Information Needs
Generation
Collection Management
DataRetrieval/
MiningInference
Needs SatisfactionDeterminat’n
Retrieve Collection & Context Data, (Component) Models & Hypotheses
Retrieve Collection & Context Data, (Component) Models & Hypotheses
Compose & Evaluate Situation Hypotheses
Compose & Evaluate Situation Hypotheses
Info Acq Planner
)( Y
X)Â
References[1] Nassim Nicholas Taleb, The Black Swan, The Impact of the Highly Improbable, Random
House, 2006
[2] Kendra E. Moore, Predictive Analysis for Naval Deployment Activities (PANDA), Briefing to Industry: PANDA Overview,” 16 September, 2005
[3] Alan N. Steinberg and Galina L. Rogova, “Situation and context in data fusion and natural language understanding,” Proc., Eleventh International Conference on Information Fusion, Cologne, 2008
[4] Alan N. Steinberg, “Context-sensitive data fusion using structural equation modeling,” Proc., Twelfth International Conference on Information Fusion, Seattle, 2009
[5] Robert C. Whitehair, A Framework for the Analysis of Sophisticated Control, Ph.D. Dissertation, University of Massachusetts CMPSCI Technical Report 95, February, 1996
[6] Michael Bennett and Edward Waltz, Counterdeception Principles and Applications for National Security, Artech House, 2007
[7] B. Whaley, Strategem: Deception and Surprise in War, Center for International Studies, MIT, 1969
[8] Alan N. Steinberg and Robert Pack, “Pixel-level fusion of active/passive data for real-time composite feature extraction and visualization,” NATO IST Panel Workshop, Massive Military Data Fusion and Visualisation, IST-036-RWS-005, Halden, Norway, 2002.
THAT’S ALL,
FOLKS!