**Data fusion and Risk-based assessment**

The Data Fusion unit inside the Analytics, Data Fusion and Risk-based Security Server aims to perform Hard and Soft fusion of heterogeneous data [13–15]

available from disparate sources of information such as physical sensors ("hard" data) and human resources ("soft" data). Hard data fusion refers to the combination of raw information from multiple sources so as to achieve more accurate estimations of the desired parameters (position, speed, other). To this end, a variety of theoretical tools, such as Signal processing techniques, Kalman filters, Sequential Monte Carlo methods, etc., can be used. On the other hand, soft data fusion usually applies on textual information (e.g., from humans' reports, social networks, Internet, other) which has to be further processed using methods such as Information retrieval, Natural Language processing, and Semantic knowledge representation. Moreover, in this unit, Decision level fusion techniques could be applied using Evidence theory [14–16], Fuzzy Logic [17], 2-tuple Linguistic representation models [18, 19], and reinforcement learning methods [20, 21].

The Risk-based assessment unit is responsible for the classification of events and individuals into security classes according to their risk severity level. The unit exploits behavior and event indicators and their corresponding weights estimated in the ALMS system, intelligence generated in the Back–end Intelligence component, and any useful information from the system's data sources in order to generate alerts and notifications to the Command-and-Control (C2) center if the risk severity level exceeds predefined thresholds.

#### **Adaptive learning management system**

A security and safety monitoring system has to detect, evaluate, and classify, in an efficient and timely manner, behaviors and events of interest. To achieve this critical need, the algorithmic parameters used in the "Analytics, Data Fusion and Risk-based Security Server" have to be initialized and adaptively adjusted to handle changes in the monitoring environment. To this end, the use of an Adaptive Learning Management System (ALMS) which will exploit new and accumulated information is essential. An ALMS system can be applied for instance to iteratively adjust the Risk Assessment classification thresholds and the weights of the behavioral and event indicators or to recognize correlations between indicators, events, and behaviors in order to optimize the classification process and improve the efficiency of the system. An example of such an optimization approach could be the selection of a reduced number of indicators for event identification.

emerged general variables ("factors") and the initially presented specific variables

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

The system should be able to receive environmental feedback and adapt its operation to the current circumstances and requirements. Therefore, we propose a two-mode adaptation, an offline and an online. The offline adaptation regards a system initialization, responsible for translating human – understandable requirements to algorithms' parameterization. The online adaptation should track environmental feedback for each action of set of actions (policies) produced by the system and adapt algorithms' behavior in order to fulfill system's requirements. In this case we propose the implementation of reinforcement learning techniques where environmental feedback should be encoded to quantitative measures

exception to system's rules) that should be assimilated in real – time.

The system needs to analyze the input feed and result to its outcome, taking into account however, environmental factors regarding system's efficiency, explicit policies that should by adopted or exceptions that should be applied, that are related to specific locations (e.g., restricted areas) or specific human profiles. Such information usually is returned to the system in the form of a generic asynchronous qualitative feedback (for example insisting user discards of system's outcomes, or

[19, 22].

**Figure 26.**

*The adaptive learning management system architecture.*

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

of rewards, **Figure 27**.

**Figure 27.** *Online ALMS.*

**139**

For the development of automated procedures able to estimate correlations, optimize selected parameters under certain criteria, and extract reduced dimensional feature vectors for Behavior and event detection the ALMS system demands efficient methodologies and algorithms. These methodologies and techniques can cover a wide area of theoretical tools including Machine Learning, Factor Component Analysis, Statistical methods, Time series analysis, Optimization theory, Sparse clustering, Fuzzy Logic, and other [18–21].

As shown in **Figures 23** and **26**, the ALMS unit receives input from i) the system's database which includes data from system's data sources, outputs of Data Fusion, Analytics, and Risk assessment unit, and optimization criteria and constraints and ii) the Security personnel Mobile App which is then used for the training of the applied algorithms. The ALMS stores its output in the system database, making it accessible to other units, and creating a continuous feedback loop of information gathering, learning, and adapting to security threats as they evolve.

The Factor Component Analysis component performs Factor Analysis on features/indicators denoting individual characteristics which affect the categorization of individuals in security-threat levels. Factor analysis is used to reduce the dimensionality of a correlation matrix that contains features/indicators describing a specific event or behavior. Factor Analysis does that by producing new general variables, called "factors", incorporating inside them, the initial features/indicators according to a condition of high inter-correlation between the newly

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

**Figure 26.**

available from disparate sources of information such as physical sensors ("hard" data) and human resources ("soft" data). Hard data fusion refers to the combination of raw information from multiple sources so as to achieve more accurate estimations of the desired parameters (position, speed, other). To this end, a variety of theoretical tools, such as Signal processing techniques, Kalman filters, Sequential Monte Carlo methods, etc., can be used. On the other hand, soft data fusion usually applies on textual information (e.g., from humans' reports, social networks, Internet, other) which has to be further processed using methods such as Information retrieval, Natural Language processing, and Semantic knowledge representation. Moreover, in this unit, Decision level fusion techniques could be applied using Evidence theory [14–16], Fuzzy Logic [17], 2-tuple Linguistic representation

The Risk-based assessment unit is responsible for the classification of events and

A security and safety monitoring system has to detect, evaluate, and classify, in an efficient and timely manner, behaviors and events of interest. To achieve this critical need, the algorithmic parameters used in the "Analytics, Data Fusion and Risk-based Security Server" have to be initialized and adaptively adjusted to handle changes in the monitoring environment. To this end, the use of an Adaptive Learning Management System (ALMS) which will exploit new and accumulated information is essential. An ALMS system can be applied for instance to iteratively adjust the Risk Assessment classification thresholds and the weights of the behavioral and event indicators or to recognize correlations between indicators, events, and behaviors in order to optimize the classification process and improve the efficiency of the system. An example of such an optimization approach could be the selection

For the development of automated procedures able to estimate correlations, optimize selected parameters under certain criteria, and extract reduced dimensional feature vectors for Behavior and event detection the ALMS system demands efficient methodologies and algorithms. These methodologies and techniques can cover a wide area of theoretical tools including Machine Learning, Factor Component Analysis, Statistical methods, Time series analysis, Optimization theory,

As shown in **Figures 23** and **26**, the ALMS unit receives input from i) the system's database which includes data from system's data sources, outputs of Data Fusion, Analytics, and Risk assessment unit, and optimization criteria and constraints and ii) the Security personnel Mobile App which is then used for the training of the applied algorithms. The ALMS stores its output in the system database, making it accessible to other units, and creating a continuous feedback loop of information gathering,

The Factor Component Analysis component performs Factor Analysis on features/indicators denoting individual characteristics which affect the categorization of individuals in security-threat levels. Factor analysis is used to reduce the dimensionality of a correlation matrix that contains features/indicators describing a specific event or behavior. Factor Analysis does that by producing new general variables, called "factors", incorporating inside them, the initial features/indicators

individuals into security classes according to their risk severity level. The unit exploits behavior and event indicators and their corresponding weights estimated in the ALMS system, intelligence generated in the Back–end Intelligence component, and any useful information from the system's data sources in order to generate alerts and notifications to the Command-and-Control (C2) center if the risk sever-

models [18, 19], and reinforcement learning methods [20, 21].

ity level exceeds predefined thresholds.

*Deep Learning Applications*

**Adaptive learning management system**

of a reduced number of indicators for event identification.

Sparse clustering, Fuzzy Logic, and other [18–21].

learning, and adapting to security threats as they evolve.

**138**

according to a condition of high inter-correlation between the newly

*The adaptive learning management system architecture.*

emerged general variables ("factors") and the initially presented specific variables [19, 22].

The system needs to analyze the input feed and result to its outcome, taking into account however, environmental factors regarding system's efficiency, explicit policies that should by adopted or exceptions that should be applied, that are related to specific locations (e.g., restricted areas) or specific human profiles. Such information usually is returned to the system in the form of a generic asynchronous qualitative feedback (for example insisting user discards of system's outcomes, or exception to system's rules) that should be assimilated in real – time.

The system should be able to receive environmental feedback and adapt its operation to the current circumstances and requirements. Therefore, we propose a two-mode adaptation, an offline and an online. The offline adaptation regards a system initialization, responsible for translating human – understandable requirements to algorithms' parameterization. The online adaptation should track environmental feedback for each action of set of actions (policies) produced by the system and adapt algorithms' behavior in order to fulfill system's requirements.

In this case we propose the implementation of reinforcement learning techniques where environmental feedback should be encoded to quantitative measures of rewards, **Figure 27**.

**Figure 27.** *Online ALMS.*

### *3.2.3 Data protection, legal compliance and ethics*

Security and safety management systems and their data fusion and intelligent analytics capabilities require substantial data collection and processing in order to offer the best possible awareness and decision support to C&C operators, field personnel and first responders. Especially in the context of homeland security, privacy and data protection is often seen through the typical trade-off model perspective, requesting the public to give up –in the best case knowingly- on particular rights over the control of their personal data. However, such systems should not be based and developed on exceptions or operate only in extraordinary circumstances, the latter being very inefficient. With the latest guidelines of EU General Data Protection Regulation (GDPR), principles of data minimization and privacy by design will shift from best practices into a much more regulated form.

passenger's risk. We also presented a number of technologies, systems and applications that can be used for assessing risk at an airport or BCP without inducing additional delay as the discussed approaches estimate risk on-the-fly while passengers either walk around the airport or BCP from entrance to security check points or BCPs, or queue up in a security line awaiting to go through security checks. All methods discussed are GDPR and ethics compliant, thus they can be implemented in accordance to privacy and ethics regulations. Furthermore, the novel system architecture for Security and Safety monitoring systems introduced in [3] has been presented. The proposed system aims to identify adverse events or behaviors which may endanger the safety of people or their well-being having the ability to adapt in the surveillance environment changes. The dynamic adjustment of the algorithmic parameters adopted in various units of the system such as intelligence, and Risk assessment, makes it possible to monitor security threats as they evolve. Thus, the proposed scheme provides the potential of a high-performance system both in terms of the detection interval as well as in terms of the performance accuracy offering the capability of a timely and efficient response to abnormal events and

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

The research described in this paper has been supported by the following

"**TRESSPASS**: Robust Risk Based Screening and Alert System for Travelers and luggage," Grant Agreement No. 787120, Call: H2020-SEC-2016-2017-2, https://

The author would also like to acknowledge the use of some material from the Refs. [5–10, 12, 14]. He co-authored in collaboration with his colleagues whose

Integrated Systems Laboratory, Institute of Informatics and Telecommunications,

© 2021 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

National Center for Scientific Research "Demokritos", Greece

\*Address all correspondence to: scat@iit.demokritos.gr

provided the original work is properly cited.

"**FLYSEC**: Optimizing time-to-FLY and enhancing airport SECurity," Programme: Horizon 2020, European Union Grant Agreement No. 653879, Dura-

tion: 01/05/2015 - 31/07/2018, http://www.fly-sec.eu.

behaviors.

**Acknowledgements**

www.tresspass.eu/The-project.

names appear in these references.

research contracts:

**Author details**

**141**

Stelios C.A. Thomopoulos

The proposed system is in line with these principles, following a "by design approach" in terms of data protection and ethics. Data collected are structurally separated from identifiable information, and identification occurs only upon the logged and explicit intervention of a human operator when truly needed. By assessing risks on real time, the system itself has the advantage of performing data minimization through early elimination of lower risk cases. On the front end and field, privacy enhancing technologies and smart sensors are also preferred and selected. E.g. smart visual sensors with on-board processing capabilities can filter out data before sending it over the wire and to the server for processing. Moreover, the system has been designed to include specific safeguards to protect individuals against discrimination, stigmatization and unduly prohibition of access to goods and services. Defined in [23], the system adopts these definitions and extends them to all protected grounds as defined in the Charter and the Treaty of Amsterdam, taking also into account the proposal for the horizontal directive that extends the context of EU non-discrimination law and prohibits discrimination "on grounds of sex, racial or ethnic origin, age, disability, sexual orientation, religion or belief". In this context, Fairness and bias detection algorithms are applied to the adaptive learning management system while the human operator remains in control of the final enforcement following any automated decision making process. Intelligent behavior analytics can further support the case where security risks are based and calculated on how a person acts on the scene and not any discriminatory background information.

A subject of past and current research, assessing the societal acceptance of surveillance and security solutions comes with its own challenges. Acceptance is based on multiple parameters, individual perceptions and sometimes misconceptions and individual practices which may not be in line with the expressed concerns [24]. The proposed system and the overall risk-based security paradigm, is based on the positive fact that the vast majority of people have no malicious intent. The system focuses on the unknown and high-risk cases, intending to shift the current practices from annoying horizontal and disruptive processes to seamless and unobtrusive security. The combination of privacy and ethics by design along with the ethical and unobtrusive treatment set the parameters for a system with high acceptance, positive public perception and trust.
