Protection Outside the Lines

Multi-layer sensor networks tie systems together for increased perimeter protection<br>

• By Rob Welton
• Apr 02, 2007

WORLD events indicate the rate of growth in perimeter security requirements will continue to escalate for the foreseeable future. Airports, seaports and petrochemical facilities certainly qualify for increased protection, but schools, storage facilities, sporting events, bridges and tunnels are examples of new targets needing protection. Still, budgets for increased security are finite. In reality, the most effective security would be to position many well-trained, well-equipped security personnel to detect and deter intruders at some distance from a facility. But the budget required to deploy the numbers of personnel with equipment is prohibitive for all but the most-sensitive facilities. In this world of real-time communications, the need to share critical event information is more pressing than ever. The question is: “Can I improve the security of my perimeter and increase the awareness of stakeholders without a huge increase in dollars?”

The intersection between risk and cost works for high-risk critical infrastructure such as nuclear power plants, weapons facilities and military bases. These high-profile sites already employ expensive, state-of-the-art protection, including sizeable manpower, and operate on a cost curve commensurate with risk of loss or damage. As new targets of opportunity are realized by terrorists, and increased budget pressure is felt by public and private organizations, new architectures are needed to manage the risk/cost curve for this wider universe of organizations. As advanced sensor technology is produced to deal with threats, multi-layer security architectures hold significant promise to offer high-detection rates at lower costs, even with increased threats.

Unwrapping the Layers
Simply put, a multi-layer sensor network is a group of cooperating sensor systems, all communicating detection results to resolve ambiguity and simplify accurate detection of a real threat. An analog can be drawn from how GPS systems operate. GPS satellites circle the earth twice a day in a very precise orbit and transmit signal information to earth. GPS receivers process this information and use triangulation to calculate the user's exact location. Basically, the GPS receiver compares the time a signal was transmitted by a satellite with the time it was received. A calculation in time difference is made between satellite and receiver. Add more satellites and an updated electronic map and precise locations can be determined in real time. Two satellites are required to track location, and a third to determine bearing (direction of travel). With four or more satellites in view, the receiver can determine the user's 3-D position (latitude, longitude and altitude).

Once the user's position has been determined, the GPS unit can calculate information such as speed, bearing, track, trip distance, distance to destination.

GPS satellites and receivers face issues of time and space calculations and clear satellite signal reception. Ground-based perimeter sensor systems face the challenge of ground clutter, environmental noise and differing sensor performance rates. Multi-layer sensor networks, like multiple GPS satellites, triangulate on a target to increase the probability of an accurate detection while minimizing false alarm rates. No single layer is necessarily more important than another, and the layers are employed in a manner that minimizes inherent weaknesses while keeping overlap to a minimum.

As applied to the science of intrusion detection sensors, multi-layer is defined as different sensor types optimized to detect and assess intrusion threats. These sensors are both wide area (video, radar and microwave) and local (intelligent fence detection, ground sensors and access control systems). Each sensor system manages its own domain awareness through a computerized head end, which maintains the sensor algorithms, including location data, internal configuration criteria and sensor performance information. Communications from the sensor is typically delivered through a closed-network connection to the security operations center for analysis and action.

Not All Created Equal
Wide-area security tools, such as ground surveillance radars, operate well at extended distances to detect people and vehicles. However, ground clutter and line of sight present issues in accurately detecting targets without generating significant false alarms, and the radars are generally not good at assessing targets. Buried sensors (unattended seismic ground sensors) can detect well beyond the GSR range. However, these systems are easily fooled by weather, animal movement and even terrain shifts. Long-range cameras, equipped with dual infrared/CCD capability, can observe people and vehicles at a closer range to make accurate assessment, but require operators to constantly monitor screens to determine appropriate responses.

Intelligent video analytics is a promising technology that uses computer vision techniques to process video frames into predefined rules, where certain actions and behaviors can generate warning messages to the security team. This eliminates the requirement for operators to constantly observe the scene for suspicious activity and creates an exception-based methodology for intrusion detection. But differences in the ability of different manufacturers of products to filter non-productive information viewed per camera can lead to unwanted false alarms and an increased burden on the security team. For some systems, changes in ambient light (clouds passing overhead), blowing waves and trees, rain/snow and other weather-related phenomena can fool the system, making it less effective. At the edge of the perimeter, intelligent fence sensors provide reliable detection of attempts to cut, climb or lift the fence fabric for the purpose of an intrusion. The sensors form the quintessential last chance in the chain of perimeter security tools for informing security personnel of an intrusion attempt. Two issues exist with any good intelligent fence sensor—the ability to differentiate traffic (assessment capability) and the ability to provide increased response time (make detections earlier). In gateways and access portals, access control systems have been a popular tool used by security personnel to differentiate cleared and uncleared personnel. But the systems may be prone to defeat through tailgating, whereby a non-badgeholder enters an access point behind a properly authenticated person. How do security officials know the cardholder is authentic?

It is possible today to employ multiple sensor systems to detect threats from a distance and up close, but the lack of correlation and communications between these systems can leave information stovepiped and can actually exacerbate the problem of too much information and not enough knowledge. There lies the dilemma, gathering real-time threat information that is well-screened and precise as to the location, direction and nature of the intrusion without sending confusing, ambiguous data to security personnel.

In Action
 Consider the use of IVA as described earlier. IVA makes “dumb” cameras effective sensors to proactively detect and alert for intrusions and other behavioral activity. If two cameras along a perimeter are separated by 100 meters—with an overlapping field of view—is it realistic to expect exact performance in the detection of an intruder? No. Changes in ambient light as morning turns to afternoon, then to evening, will change the sensitivity of each camera throughout the day to make error-free detections.

Cameras along a waterfront face additional issues of processing wave and tidal action. However with proper design, no two cameras will each have the same high-error capacity simultaneously. One camera may detect shadow movement due to the wind blowing a tree near the perimeter line and report it as an intrusion. However, the second camera, looking at the same latitude/longitude values, does not process the event as an intrusion, due to a different field of view and corresponding environmental values. In a multi-layer network, the detection information is shared for further processing to create a high-confidence interval for intrusion values according to rules shared by the cameras. This technique, used with similar sensors with different performance rates, can be accurately called a micro multi-layer network.

Macro multi-layer networks incorporate different sensors to add fidelity to the precise detection of intruders. Fence sensors, for example, have some of the highest rates of detection performance. Coupling these values with detections made from IVA-equipped cameras will provide high-confidence intervals for accurately detecting intruders. Suppose IVA systems exhibit false alarm rates from a few to several per day. Qualifying the event with a sensor that produces one alarm per week (as is the case with intelligent fence sensors and buried cable systems) will further increase the confidence level of accurate detection. Using different sensors with different performance criteria (low false alarms for sensors with close-in ranges) can dramatically improve the performance for overall intrusion detection (wide area, close-in). Macro multi-layer networks can make an exponential improvement in the detection performance and cost structure for most installations.

Access control and RFID technologies provide personnel identification that is missing from wide-area technologies like camera surveillance using IVA or ground surveillance radar. But in a multi-layer sensor network, it’s possible to process the identification card or RFID tag and determine friendly from unfriendly when viewed from a security command center. The resulting decrease in false alarms can provide an exponential improvement in efficiency, allowing security personnel to see and react to more valid events and have better confidence of the extent of an intrusion based on global processing from multiple sensors.

Multi-layer security networks use the best of each system to combine long-range, early detection, with fail-safe, last-chance detection and assessment capabilities.

Improvements in digital signal processing and real-time event processing have made the fusion of information coming from multiple sensors practical for operating multi-layer networks. A multi-layer network can unify existing sensor systems to improve performance with a nominal investment in hardware and software. Typically, the video management or security management system will provide necessary interfaces and processing support to create a multi-layer network. Architectural decisions of whether it is preferable to process information nearer the edge of the perimeter or in a more central location are options good multi-layer architecture should allow with additional flexibility in defining points of redundancy for alarm processing and distribution. Multi-layer networks should allow event tracking to occur—one sensor updates another with collected intrusion information in order to follow a single intruder without creating non-productive alarms. Multi-layer networks use advances in secure IP networking to allow distribution of detection and assessment data to be made more seamless. Another concept being put into practice in regional locations throughout the United States are fusion centers. The efficient distribution of real-time event data, a fundamental of multi-layer networks, is essential.

Effective perimeter security is no longer the exclusive domain of the most highly visible elements of critical infrastructure, but increasingly extends to where Americans work and play. It is essential to find new techniques that enable high levels of awareness without breaking the budget. Multi-layer sensor networks tie existing and new sensor systems to create a highly accurate and optimized protection network that is scalable and able to communicate with approved stakeholders. This architecture will promote force projection and allow security managers to adopt new security technology in the future.