**3. Means for estimating risk that induce no further delays in the security screening process**

This section of the chapter presents and discusses implementable means for assessing risk without inducing additional delays beyond what passengers experience with today's screening process, but instead reduce the time it takes to go through the security screening process by adjusting the level scrutiny in accordance to the perceived risk.

## **3.1 Anomaly detection from passenger trajectories**

If passenger trajectories at an airport, or any BCP by the same token, could be tracked from the moment they enter the airport or the BCP in general, one could conceivably be able to differentiate suspicious looking trajectories from trajectories that would be expected for a passenger and thus classified as normal. Differentiating, however, between normal and abnormal behaviors may be a difficult proposition by itself, let alone that it should be done in accordance with privacy and GDPR regulations.

In the work presented in [9, 10], those two issues were addressed as follows. To develop a privacy and GDPR compliant tracking method, we assumed that passengers are tracked using overhead cameras that identify passengers as point targets from their top-down footprints (silhouettes); the footprints are reduced to a point for each passenger and are tracked across the entire airport area or BCP. In the initial phase of the study in [9, 10], it was assumed that passengers tracking was perfect, i.e. that all passengers' traces as they moved around the airport or BCP area are (anonymously) identifiable and traceable. i.e. that the tracking system has perfect knowledge of the position of each passenger at any time. Although the assumption of perfect knowledge is idealistic, it allows us to get upper bounds on the performance of the tracking system that can be used to make trade off calculations between cost of investment on cameras infrastructure versus the (theoretically) achievable accuracy of the risk calculation.

The difficulty in risk assessment based on trajectories stems from the difficulty in defining what constitutes an abnormal behavior and how it can analytically be described. In the approach in [9, 10] this has been overcome by defining what constitutes a normal (expected) behavior, training the AI (Artificial Intelligence) system to recognize normal behavior and test it with abnormal behaviors to reflect loitering, jittering, and other deviations from expected "normal" behaviors.

**Figure 14(a)** through **(d)** are snap shots from the native visualizer of the iCrowd simulator simulating an anomaly detection mechanism based on travelers' tracking AI algorithm based on a Recursive Neural Network (RNN) [9, 10]. As

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

discussed above, we assumed that travelers can be tracked anonymously using topdown view cameras in compliance with GDPR and ethics regulations. Based on a model of what constitutes a normal traveler route (trajectory) in an airport (or similarly any other BCP), a convolutional recursive neural network was trained with "normal trajectories" generated by the iCrowd simulator. Once the RNN is trained with "normal trajectories," travelers with "suspicious behaviors" are generated among travelers with "normal behaviors" and the algorithm is tested if it could detect the "suspicious trajectories." In **Figure 14(b)**, the traveler with suspicious behavior is color-coded red. The risk assessment algorithm detects and identifies the suspicious traveler in **Figure 14(d)**.

A complete technical description of the anomaly detection algorithm is given in the references [9, 10]. Next, we summarize the results in [9, 10] in order to demonstrate the possibility of implementing a risk-based security system that monitors traveler risk continually without additional delays that can offset the benefits of the risk-based approach.

### *3.1.1 Evaluation results*

iCrowd offers a fully operational flow simulation for travelers and personnel inside an airport, as displayed in **Figures 12** and **13**. It enables the user to define simulation scenarios, it is implementing a sophisticated crowd engine with collision avoidance6 with multiple, different behaviors that can co-exist inside the same simulation. It also supports distributed simulations, operating as an orchestrator. It has been integrated with the C2 Web Portal OCULUS Air to communicate data, such as displaying the position and the movement of simulated entities in real time,

**3. Means for estimating risk that induce no further delays in the security**

This section of the chapter presents and discusses implementable means for assessing risk without inducing additional delays beyond what passengers experience with today's screening process, but instead reduce the time it takes to go through the security screening process by adjusting the level scrutiny in accordance

If passenger trajectories at an airport, or any BCP by the same token, could be tracked from the moment they enter the airport or the BCP in general, one could conceivably be able to differentiate suspicious looking trajectories from trajectories that would be expected for a passenger and thus classified as normal. Differentiating, however, between normal and abnormal behaviors may be a difficult proposition by itself, let alone that it should be done in accordance with privacy and GDPR

In the work presented in [9, 10], those two issues were addressed as follows. To develop a privacy and GDPR compliant tracking method, we assumed that passengers are tracked using overhead cameras that identify passengers as point targets from their top-down footprints (silhouettes); the footprints are reduced to a point for each passenger and are tracked across the entire airport area or BCP. In the initial phase of the study in [9, 10], it was assumed that passengers tracking was perfect, i.e. that all passengers' traces as they moved around the airport or BCP area are (anonymously) identifiable and traceable. i.e. that the tracking system has perfect knowledge of the position of each passenger at any time. Although the assumption of perfect knowledge is idealistic, it allows us to get upper bounds on the performance of the tracking system that can be used to make trade off calculations between cost of investment on cameras infrastructure versus the (theoreti-

The difficulty in risk assessment based on trajectories stems from the difficulty in defining what constitutes an abnormal behavior and how it can analytically be described. In the approach in [9, 10] this has been overcome by defining what constitutes a normal (expected) behavior, training the AI (Artificial Intelligence) system to recognize normal behavior and test it with abnormal behaviors to reflect loitering, jittering, and other deviations from expected "normal" behaviors. **Figure 14(a)** through **(d)** are snap shots from the native visualizer of the iCrowd simulator simulating an anomaly detection mechanism based on travelers' tracking AI algorithm based on a Recursive Neural Network (RNN) [9, 10]. As

and the Fusion and Ingestion Server to update travelers'status accordingly depending on their interactions with the airport's hardware and other security technologies (i.e. Beacons, RFID scanners and RFID tags for carry-on luggage

tracking), **Figure 14(a)**–**(d)**.

*Deep Learning Applications*

**screening process**

to the perceived risk.

regulations.

**126**

**3.1 Anomaly detection from passenger trajectories**

cally) achievable accuracy of the risk calculation.

The evaluation of the risk assessment system of [9, 10] is done using the Precision-Recall (PR) diagram, the Receiver Operating Characteristic (ROC) curve, the Confusion Matrix, the F1-score and the Total Accuracy, as defined next:


**Figures 15**–**17** illustrate the PR diagram, the ROC curve and the Confusion Matrix respectively. Eqs. 6 and 7 calculate F1-score and Total Accuracy respectively. It should be reminded that the values of all evaluation metrics are defined within the interval [0, 1]. The closer to 1 a value lies, the better the achieved performance. **Table 1** summarizes the values of the recruited evaluation measures. The threshold score derived by the RNN architecture, by maximizing F1-score, is 3.7.

Furthermore, the F1 score (i.e. the harmonic average between Precision and Recall, Eq. (1)), along with the Total Accuracy, Eq. (2), the ROC AUC (Area Under Curve), and Average PR score, are calculated in **Table 1**,

$$F1 - score = 2 \cdot \frac{Precision \cdot Recall}{Precision + Recall} \tag{1}$$

$$\text{Total Accuracy} = (\#\text{of Successful Cases}) / (\#\text{of Total Cases}) \tag{2}$$

**Figure 15.** *Precision-recall diagram.*

positions of the people in the space. Under realistic conditions, the tracking and risk assessment system will receive data from inaccurate sources, such as cameras,

**Measure Value** Average PR score 0.66 ROC AUC (Area Under Curve) 0.97 F1-Score 0.78 Total Accuracy 0.99

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

In stark contrast, the iCrowd emulator produces people and their movements, and periodically reports the exact ones (so without noise) their positions in the risk assessment system. During the preprocessing of this data the possibility of the system to add Gaussian noise, the "volume" of which (parameter σ2 of Gaussian noise) is given by the user. This is obviously not intended to never be used in real application, and exists only for experimentation. For examining the behavior of the system under realistic conditions is required noisily data of different intensity. Noise can enter the system in 2 cases: during training and during testing or actual application. It is known that when training any neural network, it is good to have variety in the data in which the network is exposed so that it is not overtrained. So, it is expected that training with Noisy data can improve the overall performance of the system. During testing or the actual implementation of the system would definitely be better to have perfect data, but unfortunately this is often impossible. In the context of the internship training and validation data were performed with Gaussian noise with σ2 from 0 to 1.9 with step 0.1, testing data with corresponding noise levels, and for each combination they were trained and evaluation of the neural network, and metrics were calculated for each of them. The metrics used were the Receiver Operating Characteristic curve (ROC curve), the Precision-Recall curve (PR curve), and the corresponding Area Under Curve (AUC) scores. These metrics give similar results, in the sense that they are defined

sensors, etc. used to estimate distances, mobile signal strength, etc.

**Table 1.**

**129**

**Figure 17.** *Confusion matrix.*

*Values of the recruited evaluation measures.*

**Figure 16.** *ROC curve.*
