*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture DOI: http://dx.doi.org/10.5772/intechopen.96209*

passenger stands. This way, the security personnel that uses the security mobile app, needs to identify passengers only by their indexing number in the line they stand when reporting to the risk assessment back office system any suspicious behaviors about them. This way, anonymity of passengers and their personal data protection are maintained by the security mobile app. The information sent this way by the security personnel on the floor is then fused along with all other risk assessment reports about each passenger and the risk estimate is updated. The risk is reported to the security screening system and the passenger is classified in one of the three risk categories, namely green, yellow or red, as mentioned earlier.

In FLYSEC [3], a novel system architecture for Security and Safety surveillance systems that aims to identify adverse events or behaviors which may endanger the safety of people or their well-being has been introduced [12]. Through proper adaptations the system is applicable to a variety of monitoring systems for various critical infrastructures, border crossing points, and other places of interest (e.g., malls, mass transport systems). The proposed architecture depicts an Internet of Things (IoT) platform which comprises a sensing tier, a back – end processing and intelligence tier and a front end for visualization and user feedback tier. In further monitor and surveillance is performed mainly on the back – end intelligence component which consists of two modules: (a) the event detection module combined with a data fusion component responsible for the fusion of the sensors inputs along with relevant high level metadata, which are pre-defined features that are correlated with a suspicious event, (b) an adaptive learning module which takes inputs from security personnel about the correctness of the detected events, and uses it in order to properly parameterize the event detection algorithm. Moreover, a statistical and stochastic analysis component is incorporated which is responsible for specifying the appropriate features to be used by the event detection module. Statistical analysis estimates the correlations between the features employed in the study, while stochastic analysis is used for the estimation of dependencies between the features and the achieved system performance.

## *3.2.1 System architecture and interfaces*

The system architecture is organized basically in three tiers: Sensing components, back–end components, and front – end devices. The sensing components are responsible for acquiring input which is either high or low level heterogeneous data coming from visual sensors (CCD, IR, etc.), biometric sensors (fingerprints, other), audio sensors (microphones), indoor localization equipment (Wi-Fi, beacons, RFID scanners, etc.), document scanners which provide information about visitors (for example travel documents in an airport, or purchase information recorded on personal discount electronic cards), or human reports via terminal devices (e.g. PDAs, mobile phones, tablets, etc.).

Front–end devices are responsible for visualizing information to end–users and assisting their operations (for example official authorities receiving information about detected incidents of great interest, or visitors getting navigation information inside an infrastructure, etc.). Front–end devices consist of official management terminal tools which manage the information collected and processed by the back– end and sensing components and assist personnel operations by providing alerts and notifications about significant events (**Figure 21**), visualizations of infrastructure's layout along with real – time updates about essential points of interest (for example size of queues, sensors viability, crowd distribution, etc.) (**Figure 22**). Moreover, front – end devices include also mobile user devices which operate as a personal assistant to passengers at an airport or a BCP. These mobile devices may provide online and offline services regarding indoor navigation, recommendation

equipment and the expected performance improvement in risk assessment. This way, the risk assessment simulator allows to be used as a cost–benefit tool for the

In its current form, the work in [9, 10] uses the time series of the coordinates of the trajectories of airport travelers for deep learning. In the future, additional features could be exploited. Such features are the velocity, acceleration and heading of the traveler. Moreover, alternative deep learning architectures could be tested such as the ones that account for contextual anomalies [11]. Furthermore, experiments on realworld data of human trajectories should be conducted. Such data are expected to contain more subtle and sophisticated anomalies. Finally, procedures that degrade data quality and emulate more realistic operational conditions are being implemented in order to test our system in the artificial presence of missing data, noisy data, data association issues, as is the case with data capturing devices operating under realistic operational condtions. Nevertheless, the present work and framework allow security investment decisions on tracking devices and infrastructure to be made by assessing the effectiveness of such an investment through the proposed risk assessment method that envelops the performance of any such system from above by considering ideal tracking conditions through perfect knowledge of all agents' location. The proposed method and framework is currently being extended to cover other border security modalities, such as sea, land as well as multimodal crossing points in the context of

In conclusion, a deep learning architecture for real-time risk assessment based

**3.2 Risk assessment using a security personnel application and IoT for behavior**

In [3] a GDPR compliant, mobile application was developed to allow security personnel on the floor of an airport, or any BCP, report in real time and with full respect to passengers' anonymity, suspicious behaviors, such as nervousness, unjustifiable sweating, etc., while passengers stand in security check lines. The mobile app works in conjunction with Smart Queue, another enabler of risk-based security [5]. Smart Queue is system that works in conjunction with passengers' ID documents; the system scans the passengers' ID document upon their arrival at the airport, or entry in the BCP, and in any subsequent security queue. This way, Smart Queue not only does it count the number of passengers at a queue waiting to go through security screening, but knows in which position in the queue each

**and event detection through suspicious signs reporting**

on the trajectories of airport travelers as proposed in [9, 10] can be used for assessing risk without interrupting or delaying the flow of passengers at an airport or BCP at large. The architecture implements a deep RNN network and is fully automated. Thus, it is expected to be of great use to the human operators monitoring airport surveillance footages, reducing the potential errors and misjudges. The proposed risk assessment system is tested on a realistic, synthetic data set generated with the iCrowd simulator tailored to data sets representing traveler movements at the Luxembourg airport; however, any airport or BCP could have been modeled and used instead. The experimental results are very promising and they indicate that further security improvements at airport control points are achievable through risk assessment without inducing additional delays. This is due to the fact that the suspicious behavior threshold, derived by the deep learning procedure in [9, 10], lies at such a level so as to capture the malicious behavior while, at the same time,

analysis of performance of a risk-based security system.

*Deep Learning Applications*

the EU-funded TRESSPASS project [4].

reducing false-positive alerts.

**132**

*3.1.3 Analysis, relaxation of ideal tracking assumptions and conclusions*

services (for products, point of interests, etc.), notifications and alerts. Finally, via these devices each user may provide a feedback to the system about requests or reports, about incidents that may concern their safety, or public security, or interactions with the system in the context of system automatic personal servicing. The back–end component contains the intelligence modules which process the input coming from sensing devices and produce high level intelligence and metadata which assist operational personnel, enhance end–users' experience and content management services. These metadata are used either for further processing by fusion algorithms, or presented to end – devices via visualization methods on each end–device. Such metadata concerns directed paths for navigation services, fused high level visual information, or information regarding recommendations, detected incidents or notifications and alerts. Finally, the content management services enable efficient data storing and retrieving operations in a scalable way. The back – end component comprises a Message-oriented middleware in order to interconnect all the sensing and processing component, provides a REST API to front–end devices, supports web platforms interfaces (web – portal) and orchestrates the

*Risk Assessment and Automated Anomaly Detection Using a Deep Learning Architecture*

The core intelligence residing in the "Analytics, Data Fusion and Risk-based Security Server" is presented in Section 3.3. The Data protection, Legal Compliance and Ethics are important aspects that should be taken into consideration in the

The proposed system is designed with the aim of enabling automated surveillance of large infrastructures such as airport, shopping malls, other. Such tasks incorporate massive monitoring of infrastructure visitors in real – time. Monitoring operation is based on an Internet of Things (IoT) installation architecture consisting of: (a)

accurate functionality of the whole system, **Figure 23**.

*3.2.2 Analytics, data fusion and risk-based security server*

**Back–end Intelligence component**

*DOI: http://dx.doi.org/10.5772/intechopen.96209*

**Figure 23.**

**135**

system architecting process and are analyzed in Section 3.4.

*Reference architecture of the FLYSEC security and safety risk-assessment surveillance system.*

*FlySec portal: - intelligent services visualization (upper);* � *automatic passenger classification (lower).*

**Figure 22.** *FlySec portal - layout visualization.*
