printer friendly version

Big data’s next conquest: physical security

Big data is a big business. Companies everywhere are tapping into big data to transform themselves. Still, for all its notoriety, big data is hard to pin down. Ask 10 different experts what big data is and you’ll get 10 different answers.

Bob Banerjee

Many physical security firms have latched onto the big data buzzword. But what does big data really mean in the context of physical security today, and how will it transform physical security tomorrow?

Since it is still very much in the infancy stage, I’ve developed a layered big data maturity model that shows a progression of physical security solutions on a big data continuum. The further up the pyramid, the closer they are to a true big data solution. The first four layers are capabilities that are commonly used today. Further up the pyramid are concepts which bring us closer to true big data solutions but do not exist in physical security today.

Layer 1: Datafication – the foundation of big data

The bottom layer of the pyramid is what is referred to as datafication (or big data generation). Organisations need to be able to capture information about the real world as data so they can analyse it, and the continuing shift from analogue to digital physical security systems makes this possible. Most information was once analogue – think of CCTV camera video, telephone conversations, TV news reports. But increasingly, such information is becoming ‘datafied.’ This simply means it’s generated in a digital format which makes it easier to collect and process in meaningful ways.

Layer 2: Data collection from multiple siloed sources

The next layer on the pyramid is big data collection. Solutions included in this layer collect and combine data from multiple siloed sources, such as a video surveillance, access control, radar, sonar, perimeter intrusion systems, and so on. This system integration can be achieved through a PSIM (Physical Security Information Management System) or other unifying interface. Having more data and having it all in one place can be useful for managing situations, but that’s assuming the security operator knows about the threat in the first place, which brings us to our next layer in the pyramid – alarm generation.

Layer 3: Alarm generation

With alarm generation, the collecting system processes incoming data from each data source independently using special rules to generate alarms. But the system is not able to connect the dots between these various alerting events. So a security operator might be alerted to the fact that a vehicle just tried to enter a secure area, but he may be totally unaware that the video analytics detected that the vehicle was a large white van (not a car), that its licence plate was on an access control blacklist, and even more tellingly that an intrusion detection system had picked up a breach at a separate gate just minutes earlier.

Layer 4: Alarm correlation

Alarm correlation creates a much higher level of situational awareness because the system can correlate the results of different rules applied across different data sets. In simple terms the system looks to see if one condition was met and another, and so on, and if so, decides that what’s occurring is less likely to be a false alarm and more likely to be a legitimate threat. The system can instantly send a high alert to the security operator by correlating multiple threat factors, as in the example above.

Layer 5: Data mining

By using artificial intelligence (AI) algorithms to uncover correlations, data mining can reveal insightful patterns, things that one might not even have thought to look for. This concept of letting the data speak for itself, where artificial intelligence invents the rules triggering alerts rather than a human, is an uncomfortable notion for many because it appears uncontrolled and imprecise. But in fact, data mining insights are the result of exhaustive mathematical analysis seeking statistically probable correlations.

Building on the example above, a data mining solution might uncover that in the past the blacklisted van had raised alarms at another remote highly secure site, but that they were always ignored when a certain guard was on duty. Further data mining might uncover that every time just before the van arrived at the gate, that the corresponding PTZ camera was turned away by that same guard.

Layer 6: Proactive action based on similarity

Proactive action based on similarity uses data-mined patterns gleaned from many similar past experiences to predict the future. Here, patterns can be used to create fresh rules for proactive security. For example, as soon as the system sees a large white van, at any of the secured sites, to automatically point cameras towards it and notify security guards.

Layer 7: Proactive action based on abnormality

This exception-based approach to physical security (where the system would learn for itself what it considers normal based on patterns extracted from vast quantities of data) marks the highest level of maturity for a big data system in physical security. The approach uncovers patterns to define what is normal, and then triggers an alarm if anything happens outside the definition of normal. For example, the secure facility in the above example might be surrounded by public roads, travelled by cars, vans and other vehicles. If the system spots the same white van circling the facility three times in 20 minutes that could be considered unusual.

Big data is real and is already part of our lives – Google, Amazon and others use it to predict our desires and actions. However, within physical security, big data exists only at a foundational stage. It is inevitable that one day big data will be a cornerstone of intelligent security systems but today, the higher levels of the big data pyramid are a promise of what’s to come. Until then this maturity model can be used to assess the degree to which something is ‘big data’ or not, instead of relying on nebulous and uninformed marketing claims.

Share this article:

Further reading: