Modeling and Simulation of Sensor Systems to Experiment Against Contemporary Asymmetric Urban Threat

1
Modeling and Simulation of Sensor Systems to
Experiment Against Contemporary Asymmetric Urban
ThreatsJohn A. Berger PresentingPaul A.
Castleberg, Philip E. Colon, and John A.
BergerToyon Research Corporation7 December 2006
2
Outline

• Motivation for Analysis
• Analytical Process Model
• Case Study Example
• Concluding Remarks

3
Motivation

• Traditional entity-based definitions
• Detect notice an object as an entity
• Recognize label the type of entity
• Identify label specific type of entity
• New definitions of activity and behavior
• Detect Notice entity activity and behavior as
  abnormal or worthy of note
• Recognize type of activity and behavior
• Understanding Intent what does the activity and
  behavior lead to?

Which one of these entities is not like the
other one?
4
Motivation

• New fighting paradigm calls for new analyses
  paradigms
• Information is spatial, temporal, and
  informational
• Humans, vehicles, buildings, and all other
  entities need to be examined in a relative
  context
• Physical attributes color, size, shape, license
  plate,
• Behavior traits loitering, speeding, digging,
  concealing,
• Contextual traits abnormal activity, proximity
  to hotspots,
• Cultural traits clothing style, behavior
  patterns,
• Associations human and vehicle, meeting, cell
  phone, biological,
• Analytical Application Evaluate C4ISR sensor
  systems
• Ability to observe threat attributes
• Ability to process disparate pieces of
  information and observations
• Goal is to quantify overall system performance

5
Contemporary Threat Timelines

• Long cycle Network activity
• Short cycle Event related activity

Network Discovery
Back-track Forensic
Real-time Forensic
Preemptive Analysis
Time, t
tN
t0
t1
t2
tN1
tN-1
Analysis Timelines
6
Red/Green Threat Modeling
Insurgent Process Model

• Red threats are simulated to include locations of
  activity, entity attributes, entity behavior,
  accessories, and associations.
• Scripted Red activity, as well as random models
  for Neutral entities may be specified.

7
Truth Simulator
Insurgent Process Model
Notional Markov chain to model the activity
process
50
25
25
5
Attack Site
Neutral Site
50
House
Loiter
25
25
45
50
25
25
75
Loiter
Use Cell Phone
100
20
25
50
25
Farm
Use Cell Phone
30
Digging
50
10
Digging
Plant IED
75
90
25
75
Planting
8
Truth Database
Insurgent Process Model
Entity Ontology

• MySQL Database of entity records
• Records consist of related ontology entries
• The Entity Ontology is a directed acyclic graph
  consisting of edges and nodes
• Entity truth is simulated for specific locations
  and at specific times during the simulation

9
Blue Sensor System Modeling
Insurgent Process Model
Named Areas of Interest
UAV

• Model time and geometry interaction between
  sensors and Red / Green activities
• Sensors assigned location and tasking schedule
• Tasked to specific Named Areas of Interest (NAIs)
• Task resolution determined by sensor physics

Geographic Area (Urban)
10
Sensor Exploitation Model
Insurgent Process Model
Characteristic Dimension
Characteristic Time
11
Blue Analyst Model
Insurgent Process Model

• Human analysts build intuition through the
  experience of observations
• Two common model types
• Bayesian networks
• Classification and Regression Trees (CART)
• Performance may be trained and tested against
  intuitive scenarios

12
Case Study Example

• Simulated Entities
• A Red insurgent team has stolen a utility truck
  and will use it to emplace an IED alongside a
  road
• Confuser Green entities are modeled with
  realistic densities
• Sensor System
• Medium resolution video surveillance is present
  on the emplacement scene for a first look
• Operator is responsible for monitoring 6 cameras
  simultaneously
• Subsequent second- and third looks require
  zooming in to narrower fields of view
• Analyst Model
• Naïve Bayesian network
• Quantify Suspicion as a function of activities
  and behavior

13
Case Study Results
Case A Utility truck arrives at location,
occupants dig, then emplace device Case B Case A
location is a known IED hotspot Case C Case B
utility truck is reported stolen and is on the
be on the lookout list Case D Innocent
civilian who arrives in a known hotspot location
to set up a fruit stand
14
Concluding Remarks

• Partial evidence is a reality how to assess
  sensors systems is key to maximizing observables
  in spatial, temporal, and informational domains
• New paradigm for behavior and activity detection
• Observations fused with contextual information
• Applications
• Compare and quantify sensor system performance
• Evaluate methods levels of information exchange
• Pre-cursor for automated detection algorithm
• Explore sensitivity to changes in Threat Tactics