Anomaly Detection in the Surveillance Domaine
av
Christoffer Brax
Akademisk avhandling
Avhandling för teknologie doktorsexamen i datavetenskap,
som enligt beslut av rektor kommer att försvaras offentligt
måndag den 19 september 2011 kl. 13.15,
Insikten, Kanikegränd 3A, Högskolan i Skövde
Opponent: Dr. Henric Johnson
Sektionen för datavetenskap och kommunikation,
Blekinge Tekniska Högskola
Örebro universitet
Akademin för naturvetenskap
och teknik
701 82 ÖREBRO
© Christoffer Brax, 2011
Title: Anomaly Detection in the Surveillance Domain Publisher: Örebro University 2011
www.publications.oru.se trycksaker@oru.se
Printer: Intellecta Infolog, Kållered 08/2011
issn 1650-8580 isbn 978-91-7668-810-6
Brax tryckort_1aug.indd 4 2011-08-01 11.02
Abstract
In the post September 11 era, the demand for security has increased in virtually all parts of the society. The need for increased security originates from the emergence of new threats which differ from the traditional ones in such a way that they cannot be easily defined and are sometimes unknown or hidden in the “noise” of daily life.
When the threats are known and definable, methods based on situation recognition can be used find them. However, when the threats are hard or im-possible to define, other approaches must be used. One such approach is
data-driven anomaly detection, where a model of normalcy is built and used to find anomalies, that is, things that do not fit the normal model. Anomaly detection
has been identified as one of many enabling technologies for increasing security in the society.
In this thesis, the problem of how to detect anomalies in the surveillance domain is studied. This is done by a characterisation of the surveillance do-main and a literature review that identifies a number of weaknesses in previous anomaly detection methods used in the surveillance domain. Examples of iden-tified weaknesses include: the handling of contextual information, the inclusion of expert knowledge and the handling of joint attributes. Based on the findings from this study, a new anomaly detection method is proposed. The proposed method is evaluated with respect to detection performance and computatio-nal cost on a number datasets, recorded from real-world sensors, in different application areas of the surveillance domain. Additionally, the method is also compared to two other commonly used anomaly detection methods. Finally, the method is evaluated on a dataset with anomalies developed together with maritime subject matter experts. The conclusion of the thesis is that the pro-posed method has a number of strengths compared to previous methods and is suitable for use in operative maritime command and control systems.
Keywords: Anomaly Detection, Information Fusion, Visual Surveillance,
Maritime Domain Awareness
Abstract
In the post September 11 era, the demand for security has increased in virtually all parts of the society. The need for increased security originates from the emergence of new threats which differ from the traditional ones in such a way that they cannot be easily defined and are sometimes unknown or hidden in the “noise” of daily life.
When the threats are known and definable, methods based on situation recognition can be used find them. However, when the threats are hard or im-possible to define, other approaches must be used. One such approach is
data-driven anomaly detection, where a model of normalcy is built and used to find anomalies, that is, things that do not fit the normal model. Anomaly detection
has been identified as one of many enabling technologies for increasing security in the society.
In this thesis, the problem of how to detect anomalies in the surveillance domain is studied. This is done by a characterisation of the surveillance do-main and a literature review that identifies a number of weaknesses in previous anomaly detection methods used in the surveillance domain. Examples of iden-tified weaknesses include: the handling of contextual information, the inclusion of expert knowledge and the handling of joint attributes. Based on the findings from this study, a new anomaly detection method is proposed. The proposed method is evaluated with respect to detection performance and computatio-nal cost on a number datasets, recorded from real-world sensors, in different application areas of the surveillance domain. Additionally, the method is also compared to two other commonly used anomaly detection methods. Finally, the method is evaluated on a dataset with anomalies developed together with maritime subject matter experts. The conclusion of the thesis is that the pro-posed method has a number of strengths compared to previous methods and is suitable for use in operative maritime command and control systems.
Keywords: Anomaly Detection, Information Fusion, Visual Surveillance,