*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

means of providing the same, at least, level of security as conventional check points without inducing additional delays, seems to be in conflict with the additional delay induced by additional screening tests required for estimating each traveler' risk index, unless the risk assessment process is done transparently while the travelers move from the entry to exit points in a BCP (Border Crossing Point).

**Figures 4** and **5** depict two block diagrams implementing the conventional security screening process of **Figure 1** and the risk-based security screening process of **Figure 3** respectively. From the two diagrams it is clear that additional screening stages are required for assessing the risk for each traveler in risk-based security. Each one of these additional risk assessing stages induce additional delays in the security screening process, that add up to an overall additional time required for risk-based security screening compared to the time required for security screening through a conventional security check point.

Thus, it appears that risk-based security may require additional processing time for estimating risk that may offset the benefits from faster security screening for those travelers whose estimated risk classifies them in either the "trusted/registered traveler" or "casual travelers" categories for whom security screening is relaxed and thus faster than the time would be required to screen them in today's conventional

**Figure 4.** *Configuration 1 (current BCP implementation).*

**Figure 5.**

*Configuration 2 (risk-based BCP implementation).*

finding; dynamic travelers flow management; intelligent visual surveillance; Wi-Fi/Bluetooth localization; RFID mobile tracking; and behavioral analysis & risk-

*Association of three security scrutiny levels, namely "enhanced security," "casual traveler," and "trusted/ registered" with the estimated level of risk for each traveler. These three levels have been introduced in the*

**Figure 3** represents a risk-based security check point that results from combining the three-level risk-based security screening of **Figure 2** with the conventional security screening of **Figure 1**. As it can been seen from **Figure 3**, the need for assessing each traveler's risk factor from various observable parameters requires measuring somehow these parameters, of course in a GDPR compliant way, and thus additional processing steps and capabilities that may induce additional delays in screening process. Thus, the fundamental premise of risk-based security as a

*Risk-based security check point: The standard (randomized scrutiny checks) security check point of Figure 2, has been modified by introducing a three-level risk assessment process prior to the security scrutiny resulting in*

*three different security scrutiny levels at the security screening check point (reference).*

based security personnel mobile app.

*FLYSEC project [3] and carried over to the TRESSPASS project [4].*

**Figure 2.**

*Deep Learning Applications*

**Figure 3.**

**118**

### *Deep Learning Applications*

check points of **Figure 1**. Granted that over 90% of travelers fall within these two categories and will experience reduced delays at security screening, it remains to determine if the aggregate benefits from the reduced security screening at check points will trade off positively against the additional delays induced by the additional screening points for determining each traveler's risk as in **Figure 5**.

In order to quantify the cost–benefit trade-offs between the efficiency of a riskbased security BCP and the delay induced by additional checks required for assessing risk, the following experiment was conducted using Fraunhofer's FhG BCP Monte-Carlo agent-based simulator of a BCP configuration (curtesy of Fraunhofer Institute) [4].

For the simulation, we assumed a BCP with 1000 travelers, some exhibiting normal (no risky) behavior, whereas the rest exhibit suspicious behavior, with the following parameters:


• Effectiveness calculation:

diff\_1 ¼ ð Þ mean of total suspicious people–total people stopped

effectiveness ¼ 1*=*absolute diff\_1 ð Þ

• Ran over 10000 iteration with 100 travelers each time for both the configurations.

Using the above script for generating travelers with the above choice of parameters, 10.000 iterations with 100 travelers each time were run for each one of the two configurations of **Figures 4** and **5**, and the effectiveness (as defined above) of each configuration was calculated. The results regarding the effectiveness (as defined above) of each configuration are qualitatively summarized schematically in the graph of **Figure 6**.

**Figure 6** demonstrates the increase in effectiveness achieved by risk-based security in a BCP using the FhG simulator. The effectiveness of the BCR risk-based configuration 2 clearly surpasses that of the conventional BCT configuration 1. However, the diagram in **Figures 6** and 7 does not include the delays induced by the additional security check stages of the risk-based BSP configuration in **Figure 5**. If we consider these delays, then the operating point of the risk-based BCP not only does it move to higher efficiency but also to higher delays, as **Figure 7** clearly demonstrates.

security BCP versus a conventional BCP with randomized tests based on the theory

TRESSPASS, coordinated by the author, is for FLYSEC to: (a) demonstrate that there is technology available or can be developed to implement risk-based security in a GDPR compliant way; (b) provide solid evidence of the risk-based security

*Effectiveness calculation of a conventional BCP with random security checks determined by importance sampling versus risk-based BCP configuration taking into consideration the additional delays induced by the additional risk assessment stages in configuration 2: Effectiveness increases with the use of risk-based security in*

*Effectiveness calculation of a conventional BCP with random security checks determined by importance sampling versus risk-based BCP configuration: Effectiveness increases with the use of risk-based security in a*

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

. The aim of the two EU-funded projects FLYSEC and

of importance sampling<sup>5</sup>

*a BCP, while induced delays increase as well.*

<sup>5</sup> https://www.safeopedia.com/definition/784/safety-sampling

**Figure 7.**

**121**

**Figure 6.**

*BCP.*

From **Figure 7** it is clear that there is a competing mechanism between effectiveness (another way of stating "comfort") and delay induced by a risk-based

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

#### **Figure 6.**

check points of **Figure 1**. Granted that over 90% of travelers fall within these two categories and will experience reduced delays at security screening, it remains to determine if the aggregate benefits from the reduced security screening at check points will trade off positively against the additional delays induced by the additional screening points for determining each traveler's risk as in **Figure 5**.

In order to quantify the cost–benefit trade-offs between the efficiency of a risk-

For the simulation, we assumed a BCP with 1000 travelers, some exhibiting normal (no risky) behavior, whereas the rest exhibit suspicious behavior, with the

diff\_1 ¼ ð Þ mean of total suspicious people–total people stopped

Using the above script for generating travelers with the above choice of parameters, 10.000 iterations with 100 travelers each time were run for each one of the two configurations of **Figures 4** and **5**, and the effectiveness (as defined above) of each configuration was calculated. The results regarding the effectiveness (as defined above) of each configuration are qualitatively summarized schematically in

**Figure 6** demonstrates the increase in effectiveness achieved by risk-based secu-

rity in a BCP using the FhG simulator. The effectiveness of the BCR risk-based configuration 2 clearly surpasses that of the conventional BCT configuration 1. However, the diagram in **Figures 6** and 7 does not include the delays induced by the additional security check stages of the risk-based BSP configuration in **Figure 5**. If we consider these delays, then the operating point of the risk-based BCP not only does it move to higher efficiency but also to higher delays, as **Figure 7** clearly demonstrates. From **Figure 7** it is clear that there is a competing mechanism between effectiveness (another way of stating "comfort") and delay induced by a risk-based

effectiveness ¼ 1*=*absolute diff\_1 ð Þ • Ran over 10000 iteration with 100 travelers each time for both the

based security BCP and the delay induced by additional checks required for assessing risk, the following experiment was conducted using Fraunhofer's FhG BCP Monte-Carlo agent-based simulator of a BCP configuration (curtesy of Fraun-

• Distribution of traveler types: [Normal, Suspicious]: [0.9,0.1]

• Alarm threshold for each component: 0.5

• Risk calculation: According to the script below:

hofer Institute) [4].

*Deep Learning Applications*

following parameters:

• Effectiveness calculation:

configurations.

the graph of **Figure 6**.

**120**

*Effectiveness calculation of a conventional BCP with random security checks determined by importance sampling versus risk-based BCP configuration: Effectiveness increases with the use of risk-based security in a BCP.*

#### **Figure 7.**

*Effectiveness calculation of a conventional BCP with random security checks determined by importance sampling versus risk-based BCP configuration taking into consideration the additional delays induced by the additional risk assessment stages in configuration 2: Effectiveness increases with the use of risk-based security in a BCP, while induced delays increase as well.*

security BCP versus a conventional BCP with randomized tests based on the theory of importance sampling<sup>5</sup> . The aim of the two EU-funded projects FLYSEC and TRESSPASS, coordinated by the author, is for FLYSEC to: (a) demonstrate that there is technology available or can be developed to implement risk-based security in a GDPR compliant way; (b) provide solid evidence of the risk-based security

<sup>5</sup> https://www.safeopedia.com/definition/784/safety-sampling

screening as an effective and non-instructive means of providing security with convenience to travelers; and for TRESSPASS to: (c) provide a comprehensive riskassessment framework for calculating risk systematically in accordance with the TRESSPASS multi threat, multimodal that includes all **four tiers** of the access model, i.e.

• Risk indicators are accurately estimated from available data collected from

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

• Based on risk, the system adjusts the number and types of security checks required for each traveler, in order to maintain a desired security level while optimizing the security system performance in terms of efficiency, traveler

**Figure 11** summarizes in a comprehensive visual depiction the risk-based framework used in TRESSPASS [4], and previously introduced in FLYSEC [3]. The framework for risk-based security consists of an extensive use of technologies to

*Moving the operating point of a risk-based BCP to minimizing security check delays is the objective of both*

background information.

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

**Figure 9.**

**Figure 10.**

**123**

*FLYSEC and TRESSPASS EU-funded projects.*

*Observable and hidden risk factors.*

• The risk for each traveler is calculated.

satisfaction and operational cost reduction.

1.measures undertaken with third countries or service providers;

2.cooperation with neighboring countries;

3.border control and counter-smuggling measures;

4.control measures within the area of free move,

by taking into account estimates and information about.

*Observable aspects of travelers' behaviors, i.e.:*

**Identity**: specific people of which we know that they cause, or will not cause, a threat;

**Possession**: assets that we know that can be used to generate a threat, e.g. explosives; and.

*Hidden aspects of travelers' behaviors, such as*:

**Capability**: people with specific skills with which they can, generate a threat; **Intent**: people that have an intent from which a threat can be derived as depicted in **Figures 8** and **9**.

Thus, the aim of the two funded projects, namely FLYSEC and TRESSPASS, is to provide solid evidence and the means for moving the operating point (OP) of a riskbased BCP from the delay induced OP to the no-delay induced OP, or as close to it as possible without inconveniencing travelers and in a GDPR compliant way, as shown in **Figure 10**.

The greatest challenge in risk-based border management is the estimation of the risk for each individual traveler. In TRESSPASS, a framework for modeling risk and a systematic approach of quantifying risk are proposed as follows:

**Figure 8.** *Multi-modal, multi-tier TRESSPASS risk-assessment model.*

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*


screening as an effective and non-instructive means of providing security with convenience to travelers; and for TRESSPASS to: (c) provide a comprehensive riskassessment framework for calculating risk systematically in accordance with the TRESSPASS multi threat, multimodal that includes all **four tiers** of the access

**Identity**: specific people of which we know that they cause, or will not cause, a

**Possession**: assets that we know that can be used to generate a threat, e.g.

**Capability**: people with specific skills with which they can, generate a threat; **Intent**: people that have an intent from which a threat can be derived as depicted

Thus, the aim of the two funded projects, namely FLYSEC and TRESSPASS, is to provide solid evidence and the means for moving the operating point (OP) of a riskbased BCP from the delay induced OP to the no-delay induced OP, or as close to it as possible without inconveniencing travelers and in a GDPR compliant way, as

The greatest challenge in risk-based border management is the estimation of the risk for each individual traveler. In TRESSPASS, a framework for modeling risk and

1.measures undertaken with third countries or service providers;

2.cooperation with neighboring countries;

3.border control and counter-smuggling measures;

by taking into account estimates and information about.

a systematic approach of quantifying risk are proposed as follows:

4.control measures within the area of free move,

*Observable aspects of travelers' behaviors, i.e.:*

*Hidden aspects of travelers' behaviors, such as*:

model, i.e.

*Deep Learning Applications*

threat;

explosives; and.

in **Figures 8** and **9**.

shown in **Figure 10**.

**Figure 8.**

**122**

*Multi-modal, multi-tier TRESSPASS risk-assessment model.*

• Based on risk, the system adjusts the number and types of security checks required for each traveler, in order to maintain a desired security level while optimizing the security system performance in terms of efficiency, traveler satisfaction and operational cost reduction.

**Figure 11** summarizes in a comprehensive visual depiction the risk-based framework used in TRESSPASS [4], and previously introduced in FLYSEC [3]. The framework for risk-based security consists of an extensive use of technologies to

**Figure 9.** *Observable and hidden risk factors.*

#### **Figure 10.**

*Moving the operating point of a risk-based BCP to minimizing security check delays is the objective of both FLYSEC and TRESSPASS EU-funded projects.*

**Figure 11.** *TRESSPASS comprehensive risk-based security framework.*

estimate risk from both Observable and Hidden risk indicators across all four security tiers and heavily tested, both in vivo and in vitro through simulation, in carefully designed pilots across all three BCP modalities: air, land and sea.

**Use of simulation in designing, testing, and assessing risk-based security**

**2.1 The iCrowd simulator**

**Figure 13.**

**Figure 14.**

**125**

each simulated scenario performed.

The iCrowd Simulator is an agent-based simulation platform capable of handling small-scale to large-scale crowds and calculating the change of the status of each participating component depending on dynamic interactions with other entities or the environment during simulation time [7, 8]. It can be utilized in any bounded area, i.e. building interiors and exteriors, stadiums, or any exterior area e.g. public places like squares, open-air festival etc. Currently, it is being used to simulate crowd movement and crowd interactions in general, with the graphical display being optional. As *an agent-based simulation platform, different parameters for each agent can be considered, such as physical, emotional,* vital characteristics regarding the

crowd that will be observed (i.e. stress levels, health status), object/obstacle parameters and also environmental parameters that can affect the final solution of

*(a): Aspect of third-person camera. (b): Path planning example: The green line indicates the path the selected agent (displayed are red) is following (c): Travelers enter the airport. The display of hold and hand luggage is turned on. (d): Travelers go through the check-ins. The display of hold and hand luggage is turned on.*

*Queue lanes in a risk-based security checking system: Photo-realistic simulation provided by iCrowd.*

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

Paramount to the design and testing alternative designs of risk-based security concepts, technologies and protocols, in order to achieve the increase in effectiveness of BCPs with the parallel reduction of delays, is the use of simulation. iCrowd is an agent-based simulator that can be used to implement and test different riskbased concepts and technologies in a flexible and realistic simulation environment [6]. **Figures 12** and **13** show a photo-realistic virtual reconstruction of an airport used extensively in simulating security scenarios and policies for a variety of projects and pilot use-cases.

**Figure 12.** *Photo-realistic, agent-based simulation using iCrowd.*

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

**Figure 13.** *Queue lanes in a risk-based security checking system: Photo-realistic simulation provided by iCrowd.*
