Recent Advances in Computational Intelligence in Defense and Security

This chapter discusses several methods for forward-looking (FL) explosive hazard detection (EHD) using FL infrared (FLIR) and FL ground penetrating radar (FLGPR). The challenge in detecting explosive hazards with FL sensors is that there are multiple types of targets buried at different depths in a highly-cluttered environment. A wide array of target and clutter signatures exist, which makes detection algorithm design difficult. Recent work in this application has focused on fusion methods, including fusion of multiple modalities of sensors (e.g., GPR and IR), fusion of multiple frequency sub-band images in FLGPR, and feature-level fusion using multiple kernel and iECO learning. For this chapter, we will demonstrate several types of EHD techniques, including kernel methods such as support vector machines (SVMs), multiple kernel learning MKL, and feature learning methods, including deep learners and iECO learning. We demonstrate the performance of several algorithms using FLGPR and FLIR data collected at a US Army test site. The summary of this work is that deep belief networks and evolutionary approaches to feature learning were shown to be very effective both for FLGPR and FLIR based EHD.

At critical infrastructure sites, either large number of onsite personnel, or many cameras are needed to keep all key access points under continuous observation. With the proliferation of inexpensive high quality video imaging devices, and improving internet bandwidth, the deployment of large numbers of cameras monitored from a central location have become a practical solution. Monitoring a high number of critical infrastructure sites may cause the operator of the surveillance system to become distracted from the many video feeds, possibly missing key events, such as suspicious individuals approaching a door or leaving an object behind. An automated monitoring system for these types of events within a video feed alleviates some of the burden placed on the operator, thereby increasing the overall reliability and performance of the system, as well as providing archival capability for future investigations. In this work, a solution that uses a background subtraction-based segmentation method to determine objects within the scene is proposed. An artificial neural network classifier is then employed to determine the class of each object detected in every frame. This classification is then temporally filtered using Bayesian inference in order to minimize the effect of occasional misclassifications. Based on the object’s classification and spatio-temporal properties, the behavior is then determined. If the object is considered of interest, feedback is provided to the background subtraction segmentation technique for background fading prevention reasons. Furthermore any undesirable behavior will generate an alert, to spur operator action.

Modern smart-surveillance applications are based on an increasingly large number of heterogeneous sensors that greatly differ in size, cost and reliability. System complexity poses issues in its design, operation and maintenance since a large number of events needs to be managed by a limited number of operators. However, it is rather intuitive that redundancy and diversity of sensors may be advantageously leveraged to improve threat recognition and situation awareness. That can be achieved by adopting appropriate model-based decision-fusion approaches on sensor-generated events. In such a context, the challenges to be addressed are the optimal correlation of sensor events, taking into account all the sources of uncertainty, and how to measure situation recognition trustworthiness. The aim of this chapter is twofold: it deals with uncertainty by enriching existing model-based event recognition approaches with imperfect threat modelling and with the use of different formalisms improving detection performance. To that aim, fuzzy operators are defined using the probabilistic formalisms of Bayesian Networks and Generalized Stochastic Petri Nets. The main original contributions span from support physical security system design choices to the demonstration of a multiformalism approach for event correlation. The applicability of the approach is demonstrated on the case-study of a railway physical protection system.

This chapter investigates a classification problem for timely and reliable identification of radar signal emitters by implementing and following a neural network (NN) based approach. A large data set of intercepted generic radar signals, containing records of their pulse train characteristics (such as operational frequencies, modulation types, pulse repetition intervals, scanning period, etc.), is used for this research. Due to the nature of the available signals, the data entries consist of a mixture of continuous, discrete and categorical data, with a considerable number of records containing missing values. To solve the classification problem, two separate approaches are investigated, implemented, tested and validated on a number of case studies. In the first approach, a listwise deletion is used to clean the data of samples containing missing values and then feed-forward neural networks are employed for the classification task. In the second one, a multiple imputation (MI) model-based method for dealing with missing data (by producing confidence intervals for unbiased estimates without loss of statistical power, i.e. by using all the available samples) is investigated. Afterwards, a feedforward backpropagation neural network is trained to solve the signal classification problem. Each of the approaches is tested and validated on a number of case studies and the results are evaluated and critically compared. The rest of the chapter is organised as follows: the next section (Introduction and Background) presents a review of related literature and relevant background knowledge on the investigated topic. In Sect. 2 (Data Analysis), a broader formulation of the problem is provided and a deeper analysis of the available data set is made. Different statistical transformation techniques are discussed and a multiple imputation method for dealing with missing data is introduced in Sect. 3 (Data Pre-Processing). Several NN topologies, training parameters, input and output coding, and data transformation techniques for facilitating the learning process are tested and evaluated on a set of case studies in Sect. 4 (Results and Discussion). Finally, Sect. 5 (Conclusion) summarises the results and provides ideas for further extension of this research.

Corporate security is usually one of the matters in which companies invest more resources, since the loss of information directly translates into monetary losses. Security issues might have an origin in external attacks or internal security failures, but an important part of the security breaches is related to the lack of awareness that the employees have with regard to the use of the Web. In this work we have focused on the latter problem, describing the improvements to a system able to detect anomalous and potentially insecure situations that could be dangerous for a company. This system was initially conceived as a better alternative to what are known as black/white lists. These lists contain URLs whose access is banned or dangerous (black list), or URLs to which the access is permitted or allowed (white list). In this chapter, we propose a system that can initially learn from existing black/white lists and then classify a new, unknown, URL request either as “should be allowed” or “should be denied”. This system is described, as well as its results and the improvements made by means of an initial data pre-processing step based on applying Rough Set Theory for feature selection. We prove that high accuracies can be obtained even without including a pre-processing step, reaching between 96 and 97 % of correctly classified patterns. Furthermore, we also prove that including the use of Computational Intelligence techniques for pre-processing the data enhances the system performance, in terms of running time, while the accuracies remain close to 97 %. Indeed, among the obtained results, we demonstrate that it is possible to obtain interesting rules which are not based only on the URL string feature, for classifying new unknown URLs access requests as allowed or as denied.

Security in computer networks is an active research field since traditional approaches (e.g., access control, encryption, firewalls, etc.) are unable to completely protect networks from attacks and malwares. That is why Intrusion Detection Systems (IDS) have become an essential component of security infrastructure to detect these threats before they inflict widespread damage. Concisely, network intrusion detection is essentially a pattern recognition problem in which network traffic patterns are classified as either normal or abnormal. Several Computational Intelligence (CI) methods have been proposed to solve this challenging problem, including fuzzy sets, swarm intelligence, artificial neural networks and evolutionary computation. Despite the relative success of such methods, the complexity of the classification task associated with intrusion detection demands more effective models. On the other hand, there are scenarios where identifying abnormal patterns could be a challenge as the collected data is still permeated with uncertainty. In this chapter, we tackle the network intrusion detection problem from a classification angle by using a recently proposed granular model named Rough Cognitive Networks (RCN). An RCN is a fuzzy cognitive map that leans upon rough set theory to define its topological constructs. An optimization-based learning mechanism for RCNs is also introduced. The empirical evidence indicates that the RCN is a suitable approach for detecting abnormal traffic patterns in computer networks.

Software security is increasingly a concern as cyber-attacks become more frequent and sophisticated. This chapter presents an approach to counter this trend and make software more resistant through redundancy and diversity. The approach, termed Novel Naval Cyber Strategies (NNCS), addresses how to immunize component-based software. The software engineer programs defining component rule bases using a schema-based Very High Level Language (VHLL). Chance and ordered transformation are dynamically balanced in the definition of diverse components. The system of systems is shown to be relatively immune to cyber-attacks; and, as a byproduct, yield this capability for effective component generalization. This methodology offers exponential increases in cyber security; whereas, conventional approaches can do no better than linear. A sample battle management application—including rule randomization—is provided.

Advanced Persistent Threats (APTs) are a highly sophisticated type of cyber attack usually aimed at large and powerful organisations. Human expert knowledge, coded as rules, can be used to detect these attacks when they attempt to extract information of their victim hidden within normal http traffic. Often, experts base their decisions on anomaly detection techniques, working under the hypothesis that APTs generate traffic that differs from normal traffic. In this work we aim at developing classifiers that can help human experts to find APTs. We first define an anomaly score metric to select the most anomalous subset of traffic data; then the human expert labels the instances within this set; finally we train a classifier using both labelled and unlabelled data. Three computational intelligence methods were employed to train classifiers, namely genetic programming, decision trees and support vector machines. The results show their potential in the fight against APTs.

Analyzing network activity as it occurs is an important task since it allows for the prevention of malicious activity on the host system and the network. In this work, we investigate the performance of different budgeting strategies, as well as an adaptive Artificial Neural Network to analyze the activities on streaming network traffic. Our results show that all of our budgeting strategies (with the exception of the fixed uncertainty strategy) are suitable candidates for classification of streaming network traffic where some of the state-of-the-art classifiers achieved accuracies in the range of 90 % or higher.

The problem of user authentication is a crucial component of many solutions related to defense and security. The identification and verification of users allows the implementation of technologies and services oriented to the intended user and to prevent misuse by illegitimate users. It has become an essential part of many systems and it is used in several applications, particularly in the military. The handwritten signature is an element intrinsically endowed with specificity related to an individual and it has been used extensively as a key element in identification/authentication. Haptic technologies allow the use of additional information like kinesthetic and tactile feedback from the user, thus providing new sources of biometric information that can be incorporated within the process in addition to the traditional image-based sources. While work had been done on using haptic information for the analysis of handwritten signatures, most efforts have been oriented to the direct use of machine learning techniques for identification/verification. Comparatively fewer targeted information visualization and understanding the internal structure of the data. Here a variety of techniques are used for obtaining representations of the data in low dimensional spaces amenable to visual inspection (two and three dimensions). The approach is unsupervised, although for illustration and comparison purposes, class information is used as qualitative reference. Estimations of the intrinsic dimension for the haptic data are obtained which shows that low dimensional subspaces contains most of the data structure. Implicit and explicit mappings techniques transforming the original high dimensional data to low dimensional spaces are considered. They include linear and nonlinear, classical and computational intelligence based methods: Principal Components, Sammon mapping, Isomap, Locally Linear Embedding, Spectral Embedding, t-Distributed Stochastic Neighbour Embedding, Generative Topographic Mapping, Neuroscale and Genetic Programming. They provided insight about common and specific characteristics found in haptic signatures, their within/among subjects variability and the important role of certain types of haptic variables. The results obtained suggest ways how to design new representations for identification and verification procedures using tactile devices.

Biometrics are increasingly being used as security measures in online as well as offline systems, giving rise to more reliable and unique authentication techniques. In these systems, false positive minimization is one of the crucial requirements, which is especially critical in security sensitive applications. In this chapter, we present an Extended Metacognitive Neuro-Fuzzy Inference System (eMcFIS) based biometric identification system. eMcFIS consists of a cognitive component and a metacognitive component. The cognitive component, which is a neuro-fuzzy inference system, learns the input-output relationship efficiently. The metacognitive component is a self-regulatory learning mechanism, which actively regulates the learning in the cognitive component such that the network avoids over-fitting the training samples. Further, the learning strategies are chosen such that the network minimizes false-positive prediction. The proposed eMcFIS is first benchmarked on a set of medical datasets from machine learning databases. eMcFIS is then employed in detection of two real-world biometric security applications, signature verification and fingerprint recognition. The performance comparison with other state-of-the-art authentication systems clearly highlights the advantages of the proposed approach.

We propose a new paradigm for issuing, storing and verifying travel documents that features entirely digital documents which are bound to the individual by virtue of a privacy–respecting biometrically derived key, and which make use of privacy-respecting digital credentials technology. Currently travel documentation rely either on paper documents or electronic systems requiring connectivity to core servers and databases at the time of verification. If biometrics are used in the traditional way, there are accompanying privacy implications. We present a smartphone-based approach which enables a new kind of biometric checkpoint to be placed at key points throughout the international voyage. These lightweight verification checkpoints would not require storage of biometric information, which can reduce the complexity and risk of implementing these systems from a policy and privacy perspective. Our proposed paradigm promises multiple benefits including increased security in airports, on airlines and at the border, increased traveller convenience, increased biometric privacy, and possibly, lower total cost of system ownership.

In a dynamic optimization problem (DOP) the optima can change either in a sequential or in a recurrent manner. In sequential DOPs, the optima change gradually over time while in recurrent DOPs, previous optima reappear over time. The common strategy to tackle recurrent DOPs is to employ an archive of solutions along with information allowing to associate them with their respective problem instances. In this paper, a memory-based Dynamic Particle Swarm Optimization (DPSO) approach which relies on a dual-purpose memory for fast optimization of streams of recurrent problems is proposed. The dual-purpose memory is based on a Gaussian Mixture Model (GMM) of candidate solutions estimated in the optimization space which provides a compact representation of previously-found PSO solutions. This GMM is estimated over time during the optimization phase. Such memory operates in two modes: generative and regression. When operating in generative mode, the memory produces solutions that in many cases allow avoiding costly re-optimizations over time. When operating in regression mode, the memory replaces costly fitness evaluations with Gaussian Mixture Regression (GMR). For proof of concept simulation, the proposed hybrid GMM-DPSO technique is employed to optimize embedding parameters of a bi-tonal watermarking system on a heterogeneous database of document images. Results indicate that the computational burden of this watermarking problem is reduced by up to 90.4 % with negligible impact on accuracy. Results involving the use of the memory of GMMs in regression mode as a mean of replacing fitness evaluations (surrogate-based optimization) indicate that such learned memory also provides means of decreasing computational burden in situations where re-optimization cannot be avoided.

This work introduces an approach to building a risk profiler for use in authentication machines. Authentication machine application scenarios include the security of large public events, pandemic prevention, and border crossing automation. The proposed risk profiler provides a risk assessment at all phases of the authentication machine life-cycle. The key idea of our approach is to utilize the advantages of belief networks to solve large-scale multi-source fusion problems. We extend the abilities of belief networks by incorporating Dempster-Shafer Theory measures, and report the design techniques by using the results of the prototyping of possible attack scenarios. The software package is available for researchers.

Maritime piracy has become an important security focus area due to the influence that this phenomenon has on the global economy (Bowden, The economic costs of maritime piracy. Technical Report. Oceans Beyond Piracy, One Earth Future Foundation, 2011, [1]).

Synthetic aperture radar (SAR) image classification is one of the challenging problems because of the difficult characteristics of SAR images. In this chapter, we implement SAR image classification on three military vehicles types, i.e., T72 tank, BMP2 armored personnel carriers (APCs), and BTR70 APCs. The texture features generated from the fuzzy co-occurrence matrix (FCOM) are utilized with the multi-class support vector machine (MSVM) and the radial basis function (RBF) network. Finally, the ensemble average is implemented as a fusion tool as well. The best detection result is at 97.94 % correct detection from the fusion of twenty best FCOM with RBF network models (ten best RBF network models at d = 5 and other ten best RBF network models at d = 10). Whereas the best fusion result of FCOM with MSVM is at 95.37 % correct classification. This comes from the fusion of ten best MSVM models at d = 5 and other ten best MSVM models at d = 10. As a comparison we also generate features from the gray level co-occurrence matrix (GLCM). This feature set is implemented on the same classifiers. The results from FCOM are better than those from GLCM in all cases.

We discuss techniques for information extraction from texts, and present two applications that use these techniques. We focus in particular on social media texts (Twitter messages), which present challenges for the information extraction techniques because they are noisy and short. The first application is extracting the locations mentioned in Twitter messages, and the second one is detecting the location of the users based on all the tweets written by each user. The same techniques can be used for extracting other kinds of information from social media texts, with the purpose of monitoring the topics, events, emotions, or locations of interest to security and defence applications.

Evolution of mobile devices, availability of additional resources coupled with enhanced functionality has leveraged smartphone to substitute the conventional computing devices. Mobile device users have adopted smartphones for online payments, sending emails, social networking, and stores the user sensitive information. The ever increasing mobile devices has attracted malware authors and cybercriminals to target mobile platforms. Android, the most popular open source mobile OS is being targeted by the malware writers. In particular, less monitored third party markets are being used as infection and propagation sources. Given the threats posed by the increasing number of malicious apps, security researchers must be able to analyze the malware quickly and efficiently; this may not be feasible with the manual analysis. Hence, automated analysis techniques for app vetting and malware detection are necessary. In this chapter, we present DroidAnalyst, a novel automated app vetting and malware analysis framework that integrates the synergy of static and dynamic analysis to improve accuracy and efficiency of analysis. DroidAnalyst generates a unified analysis model that combines the strengths of the complementary approaches with multiple detection methods, to increase the app code analysis. We have evaluated our proposed solution DroidAnalyst against a reasonable dataset consisting real-world benign and malware apps.

Today’s military teams are required to operate in environments that are increasingly complex. Such settings are characterized by the presence of ill-structured problems, uncertain dynamics, shifting and ill-defined or competing goals, action/feedback loops, time constraints, high stakes, multiple players and roles, and organizational goals and norms. Warfare scenarios are real world systems that typically exhibit such characteristics and are classified as Complex Adaptive Systems. To remain effective in such demanding environments, defence teams must undergo training that targets a range of knowledge, skills and abilities. Thus oftentimes, as the complexity of the transfer domain increases, so, too, should the complexity of the training intervention. The design and development of such complex, large scale training simulator systems demands a formal architecture and development of a military simulation framework that is often based upon the needs, goals of training. In order to design and develop intelligent military training systems of this scale and fidelity to match the real world operations, and be considered as a worthwhile alternative for replacement of field exercises, appropriate Computational Intelligence (CI) paradigms are the only means of development. A common strategy for tackling this goal is incorporating CI techniques into the larger training initiatives and designing intelligent military training systems and wargames. In this chapter, we describe an architectural approach for designing composable, multi-service and joint wargames that can meet the requirements of several military establishments using product-line architectures. This architecture is realized by the design and development of common components that are reused across applications and variable components that are customizable to different training establishments’ training simulators. Some of the important CI techniques that are used to design these wargame components are explained swith suitable examples, followed by their applications to two specific cases of Joint Warfare Simulation System and an Integrated Air Defence Simulation System for air-land battles is explained.

The accurate estimation of helicopter component loads is an important factor in life cycle management and life extension efforts. This chapter explores continued efforts to utilize a number of computational intelligence algorithms, statistical and machine learning techniques, such as artificial neural networks, evolutionary algorithms, fuzzy sets, residual variance analysis, and others, to estimate some of these helicopter dynamic loads. For load prediction using indirect computational methods to be practical and accepted, demonstrating slight over-prediction of these loads is preferable to ensure that the impact of the actual load cycles is captured by the prediction and to incorporate a factor of safety. Subsequent calculation of the component’s fatigue life can verify the slight over-prediction of the load signal. This chapter examines a number of techniques for encouraging slight over-prediction and favoring a conservative estimate for these loads. Estimates for the main rotor normal bending on the Australian S-70-A-9 Black Hawk helicopter during a left rolling pullout at 1.5 g manoeuvre were generated from an input set consisting of thirty standard flight state and control system parameters. The results of this work show that when using a combination of these techniques, a reduction in under-prediction and increase in over-prediction can be achieved. In addition to load signal estimation, the component’s fatigue life and load exceedances can be estimated from the predicted load signal. In helicopter life cycle management, these metrics are more useful performance measures (as opposed to mean squared error or correlation of the load signal), therefore this chapter describes the process followed to calculate these measures from the load signal using Rainflow counting, material specific fatigue data (S-N curves), and damage theory. An evaluation of the proposed techniques based on the fatigue life estimates and/or load exceedances is also made.

Defence and security organisations rely on the use of scenarios for a wide range of activities; from strategic and contingency planning to training and experimentation exercises. In the grand strategic space, scenarios normally take the form of linguistic stories, whereby a picture of a context is painted using storytelling principles. The manner in which these stories are narrated can paint different mental models in planners’ minds and open opportunities for the realisation of different contextualisations and initialisations of these stories. In this chapter, we review some scenario design methods in the defence and security domain. We then illustrate how evolutionary computation techniques can be used to evolve different narrations of a strategic story. First, we present a simple representation of a story that allows evolution to operate on it in a simple manner. However, the simplicity of the representation comes with the cost of designing a set of linguistic constraints and transformations to guarantee that any random chromosome can get transformed into a unique coherent and causally consistent story. Second, we demonstrate that the representation being utilised in this approach can simultaneously serve as the basis to form a strategic story as well as the basis to design simulation models to evaluate these stories. This flexibility fulfils a large gap in current scenario planning methodologies, whereby the strategic scenario is represented in the form of a linguistic story, while the evaluation of that scenario is completely left for the human to subjectively decide on it.

This chapter is a review of how computational intelligence methods have been used to help design various types of sensor networks. We examine wireless sensor networks, fixed sensor networks, mobile ad hoc networks and cellular networks. The goal of this review is to describe the state of the art in using computational intelligence methods for sensor network design, to identify current research challenges and suggest possible future research directions.

The importance of the optimal Sensor Resource Management (SRM) problem is growing. The number of Radar, EO/IR, Overhead Persistent InfraRed (OPIR), and other sensors with best capabilities, is limited in the stressing tasking environment relative to sensing needs. Sensor assets differ significantly in number, location, and capability over time. To determine on which object a sensor should collect measurements during the next observation period k, the known algorithms favor the object with the expected measurements that would result in the largest gain in relative information. We propose a new tasking paradigm OPTIMA for sensors that goes beyond information gain. It includes Sensor Resource Analyzer, and the Sensor Tasking Algorithm (Tasker). The Tasker maintains timing constraints, resolution, and geometric differences between sensors, relative to the tasking requirements on track quality and the measurements of object characterization quality. The Tasker does this using the computational intelligence approach of multi-objective optimization, which involves evolutionary methods.

Unmanned underwater vehicles (uuvs) are increasingly used in maritime applications to acquire information in harsh and inaccessible underwater environments. uuvs can autonomously run intelligent topology control algorithms to adjust their positions such that they can achieve desired underwater wireless sensor network (uwsn) configurations. We present a topology control mechanism based on particle swarm optimization (pso), called 3d-pso, allowing uuvs to cooperatively protect valued assets in unknown 3d underwater spaces. 3d-pso provides a user-defined level of protection density around an asset and fault tolerant connectivity within the uwsn by utilizing Yao-graph inspired metrics in fitness calculations. Using only a limited information collected from a uuv’s neighborhood, 3d-pso guides uuvs to make movement decisions over unknown 3d spaces. Three classes of applications for uwsn configurations are presented and analyzed. In 3d encapsulation class of applications, uuvs uniformly cover the underside of a maritime vessel. In planar distribution class of applications, uuvs form a plane to cover a given dimension in 3d space. The third class involves spherical distribution of uuvs such that they are uniformly distributed and maintain connectivity. Formal analysis and experimental results with respect to average protection space, total underwater movement, average network connectivity and fault tolerance demonstrate that 3d-pso is an efficient tool to guide uuvs for these three classes of applications in uwsns.