The most serious problem faced by today's security infrastructure is the inability to predict security breaches associated with adversary goals in real time and prevent these breaches from occurring, thereby eliminating unnecessary costs and further escalation of breaches. The problem is compounded by the fact that typical security environments are highly dynamic, especially in crowded settings where people and transportation vehicles are continuously, and in many cases, randomly changing the environment that must be secured. Furthermore, adversaries seldom work alone and deliberately attempt to change the security environment by introducing decoys and diversions to accomplish their goals.
Humans have evolved into highly sophisticated security systems. We instinctively know the goals of our adversaries, and the behaviors that they exhibit when attempting to execute their goals. We use all five senses to detect the signatures of these behaviors in order to assess the severity of the threat so that an effective, measured response can be initiated. Traditional security industry experts often defer to systems that prevent, detect/verify, and delay/divert adversaries from executing their goals. Numerous articles and presentations describe an unending list of technologies and techniques such as bollards, fences, buried and fence-mounted seismic, magnetic acoustical cables, infrared, visible and microwave imaging devices for safeguarding assets. The industry has created a security toolkit that is quite sophisticated, but relatively little emphasis has been placed on how these multiple tools can be used to build effective security systems that minimize false alerts, reduces costs and most important allows an appropriate measured response to be initiated before a breach even takes place. Although these technologies and techniques are necessary, they do not offer forward looking predictive capabilities. These technologies are most effective when used the way we use our own senses to detect and identify behavior patterns associated with the goals of an adversary. Real-time cognitive information is necessary to predict impending security breaches in order to minimize asset damage and trigger appropriate, measured responses to events, whether they turn out to be real threats or non-threatening situations that were triggered, often accidentally. Verified adversaries could be confronted or deterred before completing a mission or could be identified and apprehended before getting away. When non-threatening situations are identified, false alarms decrease, and unnecessary, costly and disruptive actions aren't taken.
Therefore, there is a need in the art of security for a cognitive security system that simulate how we, as humans, instinctively predict, detect, adapt and react to security breaches.
As shown in FIG. 1, traditional security systems have been highly dependent upon human operators to interpret data received by a security management interface from a variety of security peripherals such as cameras, access control systems, motion detectors, perimeter breach systems, tracking systems, biometric detection devices etc.. The operator is usually trained to understand the goals of potential adversaries for a variety of security environments such as critical infrastructure (pipelines, power plants fuel depots etc.), commercial, industrial and retail establishments, residences and entertainment facilities such as theme parks and cruise ships. In theory, these operators have an understanding of the threat profiles associated with the goals of a particular adversary. For example, threat profiles for terrorism, robbery, shop lifting, vandalism, insurance fraud, casino fraud, etc., are all quite different, and a highly skilled operator attempts to analyze raw data being generated by multiple security peripherals deployed through the security environment. The primary shortcoming of this approach is that even a highly trained operator finds it difficult if not impossible to process in real time the copious amounts of data coming from the security peripheral infrastructure. This makes it very difficult for the operator to predict, detect and prevent security breaches in real time. FIG. 2 illustrates advancements in deployed security systems that intelligently process data from multiple security peripherals in an attempt to detect well defined security events such as breaching a perimeter, breaching an access control system, loitering, peripheral tampering, anomalous object detection, object removal, etc.. For example, security peripherals such as cameras can be programmed to “memorize” a scene and detect changes to the scene such as the addition of an unknown object or the appearance of a potential intruder in a secured area, referred to as a “security event”, which is communicated to human operators through a security management interface. The industry refers to this kind of capability as “intelligent” but in reality the intelligence is passive and not predictive or forward looking. Although these systems can detect various security events related to adversary threat profiles and help remove some of the burden from the operator regarding the interpretation of data being received from the security peripheral infrastructure, they do not offer enhanced cognitive inputs to the operator that help predict, detect, adapt and prevent security breaches in real time.
Other approaches to automatic threat detection have discussed the concept of asymmetric analysis using “backward tracking and behavioral analysis” (e.g., Automated Asymmetric Threat Detection using Backward Tracking and Behavioral Analysis as described by U.S. Pat. No. 7,944,468 B2 and Behavioral Recognition System as described by U.S. Pat. No. 8,131,012 which are incorporated herein by reference in their entirety). Some of these methods and systems are based upon a user defined “triggering event” which initiates looking backwards in time at the behavior of the entity that triggered the event. This analysis is done in real-time in an attempt to understand the past behavior of the triggering entity in order to provide an assessment of the threat status of the entity. Unfortunately the “triggering event” could very well be the security breach that the system is trying to prevent in the first place, placing these methods and systems into the category of post-event forensics rather than real-time prediction. Backward tracking methods and systems could provide inputs to a knowledge based security systems that could anticipate security breaches before they actually occur, but this would only be possible in the very rare case that the security environment and the aggressors' threat profiles were identical to those upon which the prior knowledge is based. This is, in fact, one of the critical drawbacks of knowledge-based security systems because if conditions exist that were not part of the training dataset for the knowledge based system, the results would be questionable, as would be no basis upon which to make such a decision by the knowledge based system. In addition, security environments are highly dynamic, and constantly changing, especially in venues that are crowded with people, vehicles and objects moving about and being re-positioned. Even in relatively uncluttered environments, multiple intruders entering the environment cause it to become non-linearly dynamic through techniques such as diversions and decoys to name a few. Other methods and systems utilize video streams to learn typical, normal behaviors within the environment and alert an operator if there is video activity that lies outside this norm. These techniques are not predictive and rely upon a human operator to decide if the video anomaly is a pre-cursor to a serious security breach. Therefore, none of the approaches to security that have been currently fielded or discussed have forward looking predictive capabilities in real life security environments.