**2. Conventional versus risk-based security**

**Figure 1** shows a today's conventional security check point whereby we distinguish two types of checks: (a) the "normal" check where all individuals in the security check area are treated uniformly by applying the same level of security for all; and (b) the "increased" security check point where travelers are channeled if they fail at normal security check point. It should be pointed out that in this security system of check points, currently implemented almost worldwide, the "increase inspection" is usually the outcome of randomized selection of travelers to be subjected to an increased level of inspection and is usually based on the principle of "importance sampling2 " methods. These methods try to detect a probabilistic event, such as the existence of a suspect among travelers, with a certain degree of confidence by taking

<sup>1</sup> GDPR compliance: Complete guide to GDPR compliance: https://gdpr.eu/

<sup>2</sup> Importance sampling definition: https://en.wikipedia.org/wiki/Importance\_sampling

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

**Figure 1.**

The concept of *risk-based security* is founded on the premise that less than 5% of travelers represent a threat to the security of a border crossing point (BCP), it is conceivable that by somehow identifying the risk-free travelers, the security checks for those "trusted" travelers can be relaxed and sped up, leading into lower delays in the security screening systems. By easing off the security checks on the "trusted" 95% of travelers, the security screening process can focus on the potentially "suspicious" 5% of travelers, thus increasing the odds of identifying them more efficiently. The concept of risk-based security is indeed promising in terms of improving travelers' experience by easing off security screening and reducing the overall time required to spend at a security check-point. However, the difficulty in implementing a risk-based security systems lies on: (a) developing and implementing non-intrusive, GDPR1 compliant technology and systems that can estimate the risk level of each traveler without inducing additional and cumulative delays; (b) testing such systems before rolling them out in operational environments; and (c) estimate their performance and efficacy under ideal conditions for obtaining performance bounds, calculating the cost of the required investment for implementing risk-based technologies; and (d) calculate the degradation in performance when moving away from the

The European Union (EU) and other international organizations promote this approach through various initiatives. The European Commission (EC) issued the "Smart Borders package" which aims to modernize the Schengen area's external border management by improving the quality and efficiency of border crossing processes through the establishment of 'Stronger and Smarter Information Systems for Borders and Security' [1]. The International Air Transport Association (IATA) proposed a Checkpoint of the Future, designed to enhance security while reducing queues and intrusive searches at airports by using intelligence-driven risk-based measures [2]. Along these lines the EC funded the Research and Innovation project FLYSEC [3] has developed and demonstrated an innovative, integrated, and endto-end airport security system facilitating risk-based screening with the introduc-

This chapter *discusses* a model of risk-based security developed over a number of EU funded projects, *highlights* the need to using simulation in assessing the efficacy of risk-based security technologies and protocols, and *elaborates* on the use of AI and deep learning algorithms for assessing the perceived risk for each traveler based on observable behavioral indicators (parameters), while *factoring in* information

**Figure 1** shows a today's conventional security check point whereby we distinguish two types of checks: (a) the "normal" check where all individuals in the security check area are treated uniformly by applying the same level of security for all; and (b) the "increased" security check point where travelers are channeled if they fail at normal security check point. It should be pointed out that in this security system of check points, currently implemented almost worldwide, the "increase inspection" is usually the outcome of randomized selection of travelers to be subjected to an increased level of inspection and is usually based on the principle of "importance

" methods. These methods try to detect a probabilistic event, such as the

existence of a suspect among travelers, with a certain degree of confidence by taking

"ideal" operational conditions into realistic operational conditions.

acquired from various sources about hidden behavioral parameters.

<sup>1</sup> GDPR compliance: Complete guide to GDPR compliance: https://gdpr.eu/

<sup>2</sup> Importance sampling definition: https://en.wikipedia.org/wiki/Importance\_sampling

**2. Conventional versus risk-based security**

tion of novel intelligent technologies.

*Deep Learning Applications*

sampling2

**116**

*Today's security check-point concept (curtesy of TRESSPASS).*

into account the probability of existence of such an event and possibly the range of values the event can assume. These methods are "blind," that it they draw samples from the distribution indiscriminately and without takin into account any specific attributes of the samples, and thus, they are also GDPR compliant. As it will be pointed out further down in the chapter, risk-based methods need to pay special attention to comply with GDPR as they gather and use information and knowledge about individuals' private data such as identity, possession, capability, and intent.

Risk-based security associates the estimated risk for each traveler with a commensurate level of security scrutiny. Using prior information about each traveler and sensory data obtained while the traveler is within the security perimeter of a monitored area, a risk-based security system assigns a risk factor to each traveler and depending on the value of the risk factor, the traveler is mapped to a level of security scrutiny commensurate with the perceived risk. Although different number of levels can be associated with the estimated risk, for practical reasons, it is sufficient to associate the entire range of risk values into three different levels of security, Trusted/Registered (Green), Casual (Yellow) and Enhanced Security (Red), as shown in **Figure 2** [5].

In **Figure 2**, 3,4 a number of GDPR-compliant technologies that can be used for and contribute to the risk assessment are shown in and include: mobile app way

<sup>3</sup> FLYSEC … . Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) has developed and demonstrated an innovative, integrated and end-to-end airport security process for travelers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC has contributed towards: (i) innovative processes facilitating riskbased screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of traveler facilitation and customer service, bringing security as a real service in the airport of tomorrow; (iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of technologies, devices and applications that can be used to assess risk while the travelers move around in the security perimeter.

<sup>4</sup> TRESSPASS … TRESSPASS focusses on risks emerging from people that use the BCP such as travelers and staff, including people that act as such. This includes their luggage, both checked in and hand-held. A typical DBT for a BCP is based on a subset of a typical set of attributes regarding such persons and their travel group. In a DBT, threats are described using as building blocks in terms of *Observable aspects*: (a) *identity*: specific people of which we know that they cause, or will not cause, a threat; and (b) *possession*: assets that we know that can be used to generate a threat, e.g. explosives; whereas in terms of *Hidden aspects*: (c) *capability*: people with specific skills with which they can, generate a threat; and (d) *intent*: people that have an intent from which a threat can be derived.

means of providing the same, at least, level of security as conventional check points without inducing additional delays, seems to be in conflict with the additional delay induced by additional screening tests required for estimating each traveler' risk index, unless the risk assessment process is done transparently while the travelers

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

**Figures 4** and **5** depict two block diagrams implementing the conventional security screening process of **Figure 1** and the risk-based security screening process of **Figure 3** respectively. From the two diagrams it is clear that additional screening stages are required for assessing the risk for each traveler in risk-based security. Each one of these additional risk assessing stages induce additional delays in the security screening process, that add up to an overall additional time required for risk-based security screening compared to the time required for security screening

Thus, it appears that risk-based security may require additional processing time for estimating risk that may offset the benefits from faster security screening for those travelers whose estimated risk classifies them in either the "trusted/registered traveler" or "casual travelers" categories for whom security screening is relaxed and thus faster than the time would be required to screen them in today's conventional

move from the entry to exit points in a BCP (Border Crossing Point).

through a conventional security check point.

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

**Figure 4.**

**Figure 5.**

**119**

*Configuration 1 (current BCP implementation).*

*Configuration 2 (risk-based BCP implementation).*

#### **Figure 2.**

*Association of three security scrutiny levels, namely "enhanced security," "casual traveler," and "trusted/ registered" with the estimated level of risk for each traveler. These three levels have been introduced in the FLYSEC project [3] and carried over to the TRESSPASS project [4].*

finding; dynamic travelers flow management; intelligent visual surveillance; Wi-Fi/Bluetooth localization; RFID mobile tracking; and behavioral analysis & riskbased security personnel mobile app.

**Figure 3** represents a risk-based security check point that results from combining the three-level risk-based security screening of **Figure 2** with the conventional security screening of **Figure 1**. As it can been seen from **Figure 3**, the need for assessing each traveler's risk factor from various observable parameters requires measuring somehow these parameters, of course in a GDPR compliant way, and thus additional processing steps and capabilities that may induce additional delays in screening process. Thus, the fundamental premise of risk-based security as a

#### **Figure 3.**

*Risk-based security check point: The standard (randomized scrutiny checks) security check point of Figure 2, has been modified by introducing a three-level risk assessment process prior to the security scrutiny resulting in three different security scrutiny levels at the security screening check point (reference).*
