Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comprehensive Intelligence Analysis and Alert System (CIAAS)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Comprehensive Intelligence Analysis and Alert System (CIAAS)"— Presentation transcript:

1 Comprehensive Intelligence Analysis and Alert System (CIAAS)

2 Intelligence analysis is based on existing knowledge and gathered experience Characteristics Continuously expanded and updated by a massive flow of diverse new information Data, details, messages Information plus "meaning" – relations between pieces of information Information Knowledge

3 Sources of Information Bank Transactions Intelligence data bases Public domain information Government data bases Internet Comint Sigint Humint

4 The Problems Too many holes in the cheese - needs powerful inferencing Event information comes in randomly Uncertainty imposes multiple scenarios Speed of analysis is critical

5 Human Analysts Inflation of information Combining many disciplines Limited memory and attention span Long duration of analysis Experience goes with the person How to support with a computerized system ? Limitations… They carry most of the burden

6 Human Analysts Limitations… They carry most of the burden

7 Effectively integrate knowledge and information from diverse sources Continuously accumulate knowledge Provide automatic alerts Provide answers to the analysts' queries Construct different threat scenarios Requirements

8 The Approach Take some of the burden off analysts… By emulating the analyst in an automated process – Use existing knowledge to analyze incoming information and update/augment the knowledge

9 Challenges Cannot know in advance which information will arrive, in what order, and what will be its meaning The entire existing knowledge should be brought to bear in the analysis The analysis may generate several different scenarios Requires coherent integration of diversified computing disciplines, typically implemented using different technologies

10 eCognition™ - Active Knowledge Network Technology Note: Actual GUI New software paradigm The system handles complex tasks, by distributed cooperation among simple pieces of structure

11 The information is fed into the system React Analyze Support decision Active Knowledge System eCognition™ - Emulating the Cognitive Model

12 Qualitative, quantitative Timing & frequency analysis Databases Experiential Free text Unified Knowledge System Extract Knowledge in Diversified Forms Tupai's Data Mining

13 Intelligent Decision Support Intelligent Knowledge Discovery Forensic accounting Contact analysis Simulations, Forecasting, analysis Multi-purpose virtual reasoning machine Use It For Diversified Purposes

14 Infrastructure Finance Operations Integrated, holistic Integrate Knowledge Domains

15 Diversified Disciplines Inherent simulation capabilities Modeling Data miner Analyzer Simulator Network inferencing Aggregates new pieces of information to existing knowledge Automatically draws inferences Integrates information from diverse sources and formats Performs Analysis (including temporal)

16  Queries  Charts  Reports  Lists  Linkages  Alerts Diversified Interfaces

17 Advantages Unmatched - Complexity handling Responsiveness Usability Extensibility Flexibility/Maintainability

18 Solution – The Concept

19 Profiles Organizations Individuals Humint Events Database Bank Transactions Other Sources Government Database Sigint Visint Feed Humint Ask Check Simulate Linkages Events generator Events: Meeting (What, Who, Where, When, Frequency) Travel (Who, How, Where, When, Length) Phone call (Who, When, Length, Content, Frequency) Delivery (Who, When, How, Size, What, Frequent, Payment) Other (What, Who, When, Where) Crime (What, When, Where, Who, How)

20 Example – Crime Analysis Automation

21 The Scene Criminals – skills (bomb-maker, murderer, driver, etc.), membership and role in gangs (planner, driver, boss, muscle, etc.), home base, jail time Gangs – members, roles Potential targets – people/institutions/businesses, their locations Knowledge and experience – how all these interact – both explicit (people) and experiential (past events) New pieces of Information are arriving …

22 New Information - Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) Understand message Corradi is chief detective of Palermo police Don Marcello is the boss of the Marcello gang The Marcello gang is vindictive Expect reprisal against Palermo police Text understanding / NLP External data access Data Mining / prior knowledge Reasoning, alerts

23 New Information Understand message Bolivar is a member of the Marcello gang Bolivar is a Planner and a Negotiator The Marcello territory is Palermo Negotiators go outside territory to find skills gang members don't possess Bomb-making is a skill the Marcello gang members don't possess, and Particino based criminals do Perugia is a Particino based Bomb Maker Criminals served time together are likely to work together Perugia and Bolivar served time together The Marcello gang reprisal to Don Marcello's arrest could be a bomb attack Bolivar could be planning a bomb attack on Palermo Police -Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) -Palermo, 5/5/03 : "Bolivar seen in Particino" (Police Intelligence) Text understanding / NLP External data access Prior knowledge / data mining External data access Prior knowledge / data mining Reasoning, alerts External data access

24 New Information -Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) -Palermo, 5/5/03 : "Bolivar seen in Particino" (Police Intelligence) -Roma, 5/5/03 : "Fabrizzi is sentencing Don Marcello on 29th in Palermo courthouse" (Public Information) -Palermo, 7/5/03 : "Something will happen in Palermo this month" (Criminal Intelligence) … … Expect reprisal against Palermo police – possibly a bomb attack Expect reprisal against Judge Fabrizzi - possibly Assault, Murder or a Bomb attack Temporal Analysis, TSA (all analysis is time sensitive)

25 New Information -Palermo, 4/4/03 : "Corradi arrested Don Marcello" (Public Information) -Palermo, 5/5/03 : "Bolivar seen in Particino" (Police Intelligence) -Roma, 5/5/03 : "Fabrizzi is sentencing Don Marcello on 29th in Palermo courthouse" (Public Information) -Palermo, 7/5/03 : "Something will happen in Palermo this month" (Police Intelligence) What if we detain Perugia? Threat of bomb attack reduced, but not gone – there are other bomb makers Marcello negotiators know, etc… What if we detain Perugia and Bolivar? Reasoning, Simulation

26 The Demo System contains prior knowledge Free-text messages are read in to create events Events are connected by logic, triggering reasoning, alerts, generation of additional events, etc. Combines Free Text Understanding Reasoning Data Mining Linkage to external resources

27 The problem is dynamic in many dimensions - protagonists, communication channels, locations, types of threat.... So is the active structure used to continuously track and analyze it...... Searching In an Ocean of Information

28 Some Details Data Mining Information Extraction Risk Analysis

29 Data Mining Phone Records The Data Miner, together with probable gang structure, is used on the records to generate call patterns Administrator: The miner can be run manually or automatically, and several databases can be joined together during the mining. Administrator: The miner can be run manually or automatically, and several databases can be joined together during the mining.

30 Using Probabilities We can use probability distributions and correlations on contacts - who instigated it, probable use from how long the call lasted Administrator: Deriving call patterns over time allows us to detect changes in activity - trouble is, communication activity might increase or decrease when something is up and we need to have figured that out from previous incidents. Administrator: Deriving call patterns over time allows us to detect changes in activity - trouble is, communication activity might increase or decrease when something is up and we need to have figured that out from previous incidents.

31 Time Series Analysis Transaction records are turned into a time- based view of the business. Administrator: Businesses aren ’ t static, so it can be quite hard to see what is happening just from statements or spreadsheets, particularly when there may be several seasonal cycles -monthly, yearly -at work Administrator: Businesses aren ’ t static, so it can be quite hard to see what is happening just from statements or spreadsheets, particularly when there may be several seasonal cycles -monthly, yearly -at work

32 Reversing the Use Time Series Analysis is usually used to find the normal operation of a cyclic business by eliminating the extraordinary events. Here we are using it to find the extraordinary events that may be hidden away in normal business operations.

33 How It Works A smoothly operating business is extracted from the time-based view, leaving the extraordinary events Administrator: Some idea of the sort of business is required - construction, tourism, retail Administrator: Some idea of the sort of business is required - construction, tourism, retail

34 Risk Analysis based on Coincidence of Real and Potential Events “Don Marcello arrested” “Bolivar seen in Teracino”

35 Risk Analysis Model Real events spawn hypothetical events which spawn... The logical and time interaction of these event chains determines the risk of a catastrophic event

36 Events Colliding Something (bad) in Palermo this month Fabrizzi will sentence Don Marcello on 29th Bolivar sighted in Teracino Use database of possible Teracino contacts and skills to produce Bomb may be under construction (hypothetical event connected to Marcello gang- alert effective for 3 months) The red and blue indicate criminal and police events. Criminal humint says “ something will happen ”, so we assume something bad. The importance of handling time intervals such as “ this month ” or “ next week ” should be emphasised. The system handles alternatives for people, places, times, actions - so it can easily see where events may collide. The red and blue indicate criminal and police events. Criminal humint says “ something will happen ”, so we assume something bad. The importance of handling time intervals such as “ this month ” or “ next week ” should be emphasised. The system handles alternatives for people, places, times, actions - so it can easily see where events may collide. Possible reprisals Don Marcello incarcerated Don Marcello arrested

Download ppt "Comprehensive Intelligence Analysis and Alert System (CIAAS)"

Similar presentations

Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
Corporate Administration Management System CAMS-ITech: Vertical CRM for the Administration/Finance Area CAMS-iTech™ is the technological answer developed.

Corporate Administration Management System CAMS-ITech: Vertical CRM for the Administration/Finance Area CAMS-iTech™ is the technological answer developed.
Gordion Business Consulting Ltd. Tel +358 9 4134 3611 Boost your business performance and Finance department´s productivity PRIMAVISTA.

Gordion Business Consulting Ltd. Tel Boost your business performance and Finance department´s productivity PRIMAVISTA.
1.Data categorization 2.Information 3.Knowledge 4.Wisdom 5.Social understanding Which of the following requires a firm to expend resources to organize.

1.Data categorization 2.Information 3.Knowledge 4.Wisdom 5.Social understanding Which of the following requires a firm to expend resources to organize.
Managing Data Resources

Managing Data Resources
Chapter 3 Database Management

Chapter 3 Database Management
1 SYS366 Week 1 - Lecture 2 How Businesses Work. 2 Today How Businesses Work What is a System Types of Systems The Role of the Systems Analyst The Programmer/Analyst.

1 SYS366 Week 1 - Lecture 2 How Businesses Work. 2 Today How Businesses Work What is a System Types of Systems The Role of the Systems Analyst The Programmer/Analyst.
MARKET IN TRAFFIC LIGHTS Designed for the next Users Private Investors Professional investors in Broker companies Run mode: Real Time combined with the.

MARKET IN TRAFFIC LIGHTS Designed for the next Users Private Investors Professional investors in Broker companies Run mode: Real Time combined with the.
DECISION SUPPORT SYSTEM DEVELOPMENT

DECISION SUPPORT SYSTEM DEVELOPMENT
Chapter 8 Management Support and Coordination Systems.

Chapter 8 Management Support and Coordination Systems.
Building Knowledge-Driven DSS and Mining Data

Building Knowledge-Driven DSS and Mining Data
Orion Overview. We build an internal model of the world, so we can predict future behaviour - we make the model out of active structure so it is interoperable.

Orion Overview. We build an internal model of the world, so we can predict future behaviour - we make the model out of active structure so it is interoperable.
Knowledge is Power Marketing Information System (MIS) determines what information managers need and then gathers, sorts, analyzes, stores, and distributes.

Knowledge is Power Marketing Information System (MIS) determines what information managers need and then gathers, sorts, analyzes, stores, and distributes.
Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.

Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.
Sharif University of Technology Session # 7.  Contents  Systems Analysis and Design  Planning the approach  Asking questions and collecting data 

Sharif University of Technology Session # 7.  Contents  Systems Analysis and Design  Planning the approach  Asking questions and collecting data 
Program Management Satisfy requirements of all individual projects with minimal resources Human resource is the most expensive Leadership Methods of documenting.

Program Management Satisfy requirements of all individual projects with minimal resources Human resource is the most expensive Leadership Methods of documenting.
Module 1: Overview of Information System in Organizations Chapter 2: How Organizations use IS.

Module 1: Overview of Information System in Organizations Chapter 2: How Organizations use IS.
Chapter 11 Management Decision Making

Chapter 11 Management Decision Making
Objectives Know why companies use distribution channels and understand the functions that these channels perform. Learn how channel members interact and.

Objectives Know why companies use distribution channels and understand the functions that these channels perform. Learn how channel members interact and.
Correlations, Alarms and Policies

Correlations, Alarms and Policies

Similar presentations

Ads by Google