The National Academies Press

Currently Skimming:

2 Data Fusion for Security Operations
Pages 19-32

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 19... ... 2006. Data Fusion for Air Transportation Security, Technical Report 2006-3, Department of Systems and Information Engineering, University of Virginia, Charlottesville, February 14. Read the entire page →
From page 20... ... Some transportation security data fusion systems may involve information extracted from hundreds of thousands of files or records, the processing of results, and the selection and then the transfer of the proper information. And yet the developer may propose fielding such systems never having tested the extraction and transfer of more than a few files, and never having carried out the whole process end to end in real time. Read the entire page →
From page 21... ... With this knowledge, the fused output should have a quantified error rate that is less than that of any of the individual security systems. Other parts of data preparation include data cleaning and normalization. Read the entire page →
From page 22... ... The committee has not made any assumptions about the applicability of these notional examples to current security systems or existing technology, and it has not performed a detailed statistical analysis of the issues. Security System 1 reports integer values between 2 and 13 with an average of 4, and each value is converted into a probability of detection (PD) Read the entire page →
From page 23... ... FIGURE 2-2 Notional individual security system response histograms (top) and response profiles (bottom) Read the entire page →
From page 24... ... Detects Threat Individual Input Response Decision Security Object System FIGURE 2-4 Individual security system operational mode with no data fusion. Security system manufacturers can set the threshold for detection; the threshold results in a probability for true positives (sensitivity) Read the entire page →
From page 25... ... , where the results of the tests are examined for true detections, missed detections, false positives, and true negatives, as shown. Threat Seen No Threat Seen Present True Missed Threat Detection Detection False Threat True Negative Positive No FIGURE 2-6 Example of a Bayes table for examining test results. Read the entire page →
From page 26... ... Detects Threat Signals Alert Security System 2 Input Security Object System 1 FIGURE 2-7 Decision-data fusion with AND logic. This approach is designed to reduce the number of false positives. Read the entire page →
From page 27... ... The OR decision-data fusion logic works to decrease the FAR, but at the cost of increased missed detections. This example shows that simply assuming that a decision-data fusion approach will improve performance is not always correct. Read the entire page →
From page 28... ... NOTE: PD, probability of detection. As shown in the ROC curves in Figure 2-12, parametric-data fusion provides better results than the other models in trading off true positives versus false positives in the ROC curves. Read the entire page →
From page 29... ... nor the OR combination logic (Figure 2-10) could achieve a 0.8 true positive rate without accepting something more than 0.2 in the rate for false positives. Read the entire page →
From page 30... ... Increasing the complexity and changing the performance of the security systems would change the resulting ROC curves. In particular, the AND decision-data fusion approach does not always dominate the OR decision-data fusion approach. Read the entire page →
From page 31... ... FIGURE 2-14 Receiver operating characteristic (ROC) curves for random permutations of security system measurements in different modes of operation: individual security systems without fusion, systems' decision outputs combined with AND and OR logic, and systems' responses combined with parametricdata fusion. Read the entire page →
From page 32... ... Recommendation 1: Before implementing a data fusion approach for a specific set of security systems, the TSA should perform a formal analysis to select the specific data fusion approach that would increase the detection rate, or that would raise throughput and/or reduce false alarms while maintaining the existing detection rate. Read the entire page →

From page 19...

... 2006. Data Fusion for Air Transportation Security, Technical Report 2006-3, Department of Systems and Information Engineering, University of Virginia, Charlottesville, February 14.

Read the entire page →

From page 20...

... Some transportation security data fusion systems may involve information extracted from hundreds of thousands of files or records, the processing of results, and the selection and then the transfer of the proper information. And yet the developer may propose fielding such systems never having tested the extraction and transfer of more than a few files, and never having carried out the whole process end to end in real time.

Read the entire page →

From page 21...

... With this knowledge, the fused output should have a quantified error rate that is less than that of any of the individual security systems. Other parts of data preparation include data cleaning and normalization.

Read the entire page →

From page 22...

... The committee has not made any assumptions about the applicability of these notional examples to current security systems or existing technology, and it has not performed a detailed statistical analysis of the issues. Security System 1 reports integer values between 2 and 13 with an average of 4, and each value is converted into a probability of detection (PD)

Read the entire page →

From page 23...

... FIGURE 2-2 Notional individual security system response histograms (top) and response profiles (bottom)

Read the entire page →

From page 24...

... Detects Threat Individual Input Response Decision Security Object System FIGURE 2-4 Individual security system operational mode with no data fusion. Security system manufacturers can set the threshold for detection; the threshold results in a probability for true positives (sensitivity)

Read the entire page →

From page 25...

... , where the results of the tests are examined for true detections, missed detections, false positives, and true negatives, as shown. Threat Seen No Threat Seen Present True Missed Threat Detection Detection False Threat True Negative Positive No FIGURE 2-6 Example of a Bayes table for examining test results.

Read the entire page →

From page 26...

... Detects Threat Signals Alert Security System 2 Input Security Object System 1 FIGURE 2-7 Decision-data fusion with AND logic. This approach is designed to reduce the number of false positives.

Read the entire page →

From page 27...

... The OR decision-data fusion logic works to decrease the FAR, but at the cost of increased missed detections. This example shows that simply assuming that a decision-data fusion approach will improve performance is not always correct.

Read the entire page →

From page 28...

... NOTE: PD, probability of detection. As shown in the ROC curves in Figure 2-12, parametric-data fusion provides better results than the other models in trading off true positives versus false positives in the ROC curves.

Read the entire page →

From page 29...

... nor the OR combination logic (Figure 2-10) could achieve a 0.8 true positive rate without accepting something more than 0.2 in the rate for false positives.

Read the entire page →

From page 30...

... Increasing the complexity and changing the performance of the security systems would change the resulting ROC curves. In particular, the AND decision-data fusion approach does not always dominate the OR decision-data fusion approach.

Read the entire page →

From page 31...

... FIGURE 2-14 Receiver operating characteristic (ROC) curves for random permutations of security system measurements in different modes of operation: individual security systems without fusion, systems' decision outputs combined with AND and OR logic, and systems' responses combined with parametricdata fusion.

Read the entire page →

From page 32...

... Recommendation 1: Before implementing a data fusion approach for a specific set of security systems, the TSA should perform a formal analysis to select the specific data fusion approach that would increase the detection rate, or that would raise throughput and/or reduce false alarms while maintaining the existing detection rate.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

2 Data Fusion for Security Operations Pages 19-32

2 Data Fusion for Security Operations
Pages 19-32