1 / 36

Comprehensive Intelligence Analysis and Alert System (CIAAS)

Comprehensive Intelligence Analysis and Alert System (CIAAS). Information. Knowledge. Information plus "meaning" – relations between pieces of information. Data, details, messages. Characteristics. Intelligence analysis is based on existing knowledge and gathered experience.

david-rowland
Download Presentation

Comprehensive Intelligence Analysis and Alert System (CIAAS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Comprehensive Intelligence Analysis and Alert System (CIAAS)

  2. Information Knowledge Information plus "meaning" – relations between pieces of information Data, details, messages Characteristics • Intelligence analysis is based on existing knowledge and gathered experience • Continuously expanded and updated by a massive flow of diverse new information

  3. Sources of Information Bank Transactions Public domain information Government data bases Intelligence data bases Internet Sigint Comint Humint

  4. The Problems • Too many holes in the cheese - needs powerful inferencing • Event information comes in randomly • Uncertainty imposes multiple scenarios • Speed of analysis is critical

  5. Human Analysts They carry most of the burden Limitations… • Inflation of information • Combining many disciplines • Limited memory and attention span • Long duration of analysis • Experience goes with the person How to support with a computerized system ?

  6. Human Analysts They carry most of the burden Limitations…

  7. Requirements • Effectively integrate knowledge and information from diverse sources • Continuously accumulate knowledge • Provide automatic alerts • Provide answers to the analysts' queries • Construct different threat scenarios

  8. The Approach • Take some of the burden off analysts… • By emulating the analyst in an automated process – • Use existing knowledge to analyze incoming information and update/augment the knowledge

  9. Challenges • Cannot know in advance which information will arrive, in what order, and what will be its meaning • The entire existing knowledge should be brought to bear in the analysis • The analysis may generate several different scenarios • Requires coherent integration of diversified computing disciplines, typically implemented using different technologies

  10. eCognition™ - Active Knowledge Network Technology • New software paradigm • The system handles complex tasks, by distributed cooperation among simple pieces of structure Note: Actual GUI

  11. React Analyze Support decision Active Knowledge System eCognition™ - Emulating the Cognitive Model The information is fed into the system

  12. Extract Knowledge in Diversified Forms Free text Timing & frequency analysis Unified Knowledge System Qualitative, quantitative Experiential Databases Tupai's Data Mining

  13. Use It For Diversified Purposes Simulations, Forecasting, analysis Intelligent Decision Support Multi-purpose virtual reasoning machine Intelligent Knowledge Discovery Forensic accounting Contact analysis

  14. Integrate Knowledge Domains Infrastructure Integrated, holistic Finance Operations

  15. Modeling Network inferencing Data miner Analyzer Simulator Diversified Disciplines Aggregates new pieces of information to existing knowledge Automatically draws inferences Integrates information from diverse sources and formats Performs Analysis (including temporal) Inherent simulation capabilities

  16. Diversified Interfaces • Queries • Charts • Reports • Lists • Linkages • Alerts

  17. Advantages Unmatched - • Complexity handling • Responsiveness • Usability • Extensibility • Flexibility/Maintainability

  18. Solution – The Concept

  19. Events: Meeting (What, Who, Where, When, Frequency) Travel (Who, How, Where, When, Length) Phone call (Who, When, Length, Content, Frequency) Delivery (Who, When, How, Size, What, Frequent, Payment) Other (What, Who, When, Where) Crime (What, When, Where, Who, How) • Feed • Ask • Check • Simulate • Linkages Humint Humint Events Database Sigint Events generator Sources Visint Bank Transactions Government Database Other • Profiles • Organizations • Individuals

  20. Example –Crime Analysis Automation

  21. The Scene Criminals – skills (bomb-maker, murderer, driver, etc.), membership and role in gangs (planner, driver, boss, muscle, etc.), home base, jail time Gangs – members, roles Potential targets – people/institutions/businesses, their locations Knowledge and experience – how all these interact – both explicit (people) and experiential (past events) New pieces of Information are arriving…

  22. New Information - Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) Text understanding / NLP • Understand message • Corradi is chief detective of Palermo police • Don Marcello is the boss of the Marcello gang • The Marcello gang is vindictive • Expect reprisal against Palermo police External data access External data access Data Mining / prior knowledge Reasoning, alerts

  23. Text understanding / NLP External data access External data access External data access Prior knowledge / data mining External data access External data access Prior knowledge / data mining External data access Prior knowledge / data mining Reasoning, alerts New Information • Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) • Palermo, 5/5/03 : "Bolivar seen in Particino" (Police Intelligence) • Understand message • Bolivar is a member of the Marcello gang • Bolivar is a Planner and a Negotiator • The Marcello territory is Palermo • Negotiators go outside territory to find skills gang members don't possess • Bomb-making is a skill the Marcello gang members don't possess, and Particino based criminals do • Perugia is a Particino based Bomb Maker • Criminals served time together are likely to work together • Perugia and Bolivar served time together • The Marcello gang reprisal to Don Marcello's arrest could be a bomb attack • Bolivar could be planning a bomb attack on Palermo Police

  24. Temporal Analysis, TSA (all analysis is time sensitive) New Information • Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) • Palermo, 5/5/03 : "Bolivar seen in Particino" (Police Intelligence) • Roma, 5/5/03 : "Fabrizzi is sentencing Don Marcello on 29th in Palermo courthouse" (Public Information) • Palermo, 7/5/03 : "Something will happen in Palermo this month" (Criminal Intelligence) • … • … • Expect reprisal against Palermo police – possibly a bomb attack • Expect reprisal against Judge Fabrizzi - possibly Assault, Murder or a Bomb attack

  25. Reasoning, Simulation Reasoning, Simulation New Information • Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) • Palermo, 5/5/03 : "Bolivar seen in Particino" (Police Intelligence) • Roma, 5/5/03 : "Fabrizzi is sentencing Don Marcello on 29th in Palermo courthouse" (Public Information) • Palermo, 7/5/03 : "Something will happen in Palermo this month" (Police Intelligence) • What if we detain Perugia? • Threat of bomb attack reduced, but not gone – there are other bomb makers Marcello negotiators know, etc… • What if we detain Perugia and Bolivar?

  26. The Demo • System contains prior knowledge • Free-text messages are read in to create events • Events are connected by logic, triggering reasoning, alerts, generation of additional events, etc. • Combines • Free Text Understanding • Reasoning • Data Mining • Linkage to external resources

  27. Searching In an Ocean of Information The problem is dynamic in many dimensions - protagonists, communication channels, locations, types of threat.... So is the active structure used to continuously track and analyze it......

  28. Some Details • Data Mining • Information Extraction • Risk Analysis

  29. Administrator: The miner can be run manually or automatically, and several databases can be joined together during the mining. Data Mining Phone Records The Data Miner, together with probable gang structure, is used on the records to generate call patterns

  30. Administrator: Deriving call patterns over time allows us to detect changes in activity - trouble is, communication activity might increase or decrease when something is up and we need to have figured that out from previous incidents. Using Probabilities We can use probability distributions and correlations on contacts - who instigated it, probable use from how long the call lasted

  31. Administrator: Businesses aren’t static, so it can be quite hard to see what is happening just from statements or spreadsheets, particularly when there may be several seasonal cycles -monthly, yearly -at work Time Series Analysis Transaction records are turned into a time-based view of the business.

  32. Reversing the Use Time Series Analysis is usually used to find the normal operation of a cyclic business by eliminating the extraordinary events. Here we are using it to find the extraordinary events that may be hidden away in normal business operations.

  33. Administrator: Some idea of the sort of business is required - construction, tourism, retail How It Works A smoothly operating business is extracted from the time-based view, leaving the extraordinary events

  34. Risk Analysis based on Coincidence of Real and Potential Events “Don Marcello arrested” “Bolivar seen in Teracino”

  35. Risk Analysis Model Real events spawn hypothetical events which spawn... The logical and time interaction of these event chains determines the risk of a catastrophic event

  36. Don Marcello arrested Don Marcello incarcerated Possible reprisals Bolivar sighted in Teracino Use database of possible Teracino contacts and skills to produce Bomb may be under construction (hypothetical event connected to Marcello gang- alert effective for 3 months) Something (bad) in Palermo this month Fabrizzi will sentence Don Marcello on 29th The red and blue indicate criminal and police events. Criminal humint says “something will happen”, so we assume something bad. The importance of handling time intervals such as “this month” or “next week” should be emphasised. The system handles alternatives for people, places, times, actions - so it can easily see where events may collide. Events Colliding

More Related