In a modern society, a country must protect itself against persons passing its borders outside the official or legal points of entry. The persons in question may have various motifs for wanting to hide their entry into a country. This may be illegal immigration, smuggling, terrorism, etc. In order to protect the borders, various measures may be taken. This may be physical hindrances, such as fences, various detectors for observing the border line, such as cameras, radars, infrared line detectors, seismic detectors, or manual control by border patrols. The detectors are normally connected to a border station, which is also headquarter for border patrols. Thus, the border station will receive information as alarms from the detectors as well as observations reported by border patrols. This information should be used to devise countermeasures against possible intruders, either by sending out border patrols to apprehend offenders or by relocating resources, that is fencing and detectors, in order to make the border as tight as possible. However, the scattered information received in the border station is not easy to exploit. The information supplied by border patrols passing at regular intervals may not be representative for the real situation at the border. In addition, a detector may tell that an object has passed the border, but not how severe the intrusion is, i.e. detectors may be tripped by squirrels as well as terrorists. Thus, there is a need for a structured approach for disseminating information gathered in a border station.
In many ways, the situation depicted above corresponds to the threats posed against computer networks by virus and malicious hackers. However, the technique used in firewalls and protection software does not readily lend itself for protecting physical assets or the borders of a country.