kwc.org Photos Spare Cycles MythBusters

Talk: Identifying Terrorist Activity with AI Plan Recognition Technology

Peter Jarvis, Teresa Lunt, Karen Myers, NASA/PARC/SRI

Outline

  • Intelligence Analysis Problem
  • Computer aided plan recognition approach
  • Research priorities

Overview

Alert Overload * US security agencies had information necessary to prevent 9/11, but drowned in sea of information and pieces not put together

Intelligence Analyst's Desktop: have to put information from a variety of sources in a sea of information.

CAPRe Presentation

Group intelligence by evidence of goal * reduces cognitive load on analysts * prioritize * crisp presentation of intent, rather than trying to assemble observations * earlier recognition of hostile behavior

CAPRe Complements and Exploits other Approaches * Data mining: complements broad-shallow analysis with CAPRE's narrow-deep causal approach * Alert correlation: CAPRe relies on the focused grouping of alerts with correlation techniques.

Technique

Two-phased reasoning to generate open hypotheses and score them. Based on hypotheses will try to issue more information requests.

Representation

Hierarchical Task Network

Templates (e.g. Bribe): tasks, conditions, effects. Allow for partial template instantiation. Information gathering requests can be issued to try and fill missing information.

Two-phased Reasoning

Seedling generation: explanations for each observation in isolation. work way towards higher-level goal. Not the computational bottleneck (fraction of a second).

Seedling composition: * try to combine seedlings consistently and score. Examine each element of the powerset of seedlings. * hostile domain: assume that enemy may be trying to game system. * Search through the elements in order of increasing cardinality. * Computational bottleneck * An element is a hypothesis if: * the template paths are consistent * the bindings are consistent * all conditions are satisfied

Experiments

Varied signal-to-noise, vary number of attack steps, vary noise coherence, fixed attack plan.

broke down at 25 events

Research goals

  • two orders of magnitude increase in alert cluster size (25 -> 2500)
  • probabilistic reasoning
  • integrated information gathering planning
  • try experimenting with tripwire events rather than brute force all events

Applications

  • NASA: recognize astronaut/pilot's intent. proactive assistance, capture slips (instrument mode errors, frequent action trumping a similar infrequent action).

Q and A

  • test data synthesize by subject matter experts (confidentiality issue)
  • terrorists do stand out. If everyone of suspicious background were to visit nuclear power plants, problem would be much harder.
  • want analysts to focus on mental exercise of dreaming up plans
  • hasn't seen anything that looked at alert streams on analysts desks to see if anything could have been detected.

Post a comment


related entries.

what is this?

This page contains a single entry from kwc blog posted on July 27, 2004 3:24 PM.

The previous post was Talk: A Multi-Resolution Pyramid for Outdoor Robot Terrain Perception.

The next post is Talk: Useful Roles of Emotions in Artificial Agents.

Current entries can be found on the main page.