Best ICT Student Paper Award at the 3rd International Postgraduate School Students Conference (2011)

Boštjan Kaluža received Best ICT Student Paper Award at the 3rd International Postgraduate School Students Conference for the paper Identifying Suspicious Behavior from Multiple Events with Gal Kaminka and Milind Tamb.

Identification of suspicious activities arises in many domains where an adversary has a motivating goal and exhibits behavior that deviates from behavior of normal users. The goal is to augment traditional security measures by scrutinizing behavior of all subjects in the environment. This can be applied, for example, to detect a passenger at an airport who plans to smuggle drugs while keeping contacts with authorities at minimum, to detect a pirate vessel that plans to capture a transport vessel and therefore avoids security patrols, to identify a user that misuses access to the server, to catch a reckless driver, a shoplifter, etc. We established a formal framework and show how to optimally detect suspicious behavior from a set of observed events, where no single event is sufficient to decide whether a person behaves suspiciously or not. Unfortunately, optimal detection is not feasible in practice because we cannot estimate all required parameters. We show two approximate methods (naïve and heuristic) and compare them on an airport domain. The heuristic approach achieves high performance, discovering almost all suspicious passengers with low false-alarm ratio.