research-article

PADUA: Parallel Architecture to Detect Unexplained Activities

Authors:

Cristian Molinaro,

Vincenzo Moscato,

Antonio Picariello,

Andrea Pugliese,

Antonino Rullo,

V. S. SubrahmanianAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 14, Issue 1

Article No.: 3, Pages 1 - 28

https://doi.org/10.1145/2633685

Published: 07 August 2014 Publication History

Abstract

There are numerous applications (e.g., video surveillance, fraud detection, cybersecurity) in which we wish to identify unexplained sets of events. Most related past work has been domain-dependent (e.g., video surveillance, cybersecurity) and has focused on the valuable class of statistical anomalies in which statistically unusual events are considered. In contrast, suppose there is a set A of known activity models (both harmless and harmful) and a log L of time-stamped observations. We define a part L'⊆ L of the log to represent an unexplained situation when none of the known activity models can explain L' with a score exceeding a user-specified threshold. We represent activities via probabilistic penalty graphs (PPGs) and show how a set of PPGs can be combined into one Super-PPG for which we define an index structure. Given a compute cluster of (K + 1) nodes (one of which is a master node), we show how to split a Super-PPG into K subgraphs, each of which can be independently processed by a compute node. We provide algorithms for the individual compute nodes to ensure seamless handoffs that maximally leverage parallelism. PADUA is domain-independent and can be applied to many domains (perhaps with some specialization). We conducted detailed experiments with PADUA on two real-world datasets—the ITEA CANDELA video surveillance dataset and a network traffic dataset appropriate for cybersecurity applications. PADUA scales extremely well with the number of processors and significantly outperforms past work both in accuracy and time. Thus, PADUA represents the first parallel architecture and algorithm for identifying unexplained situations in observation data, offering both scalability and accuracy.

References

[1]

Amit Adam, Ehud Rivlin, Ilan Shimshoni, and David Reinitz. 2008. Robust real-time unusual event detection using multiple fixed-location monitors. IEEE Trans. Pattern Anal. Mach. Intell. 30, 3 (2008), 555--560.

Digital Library

[2]

Rakesh Agrawal and Ramakrishnan Srikant. 1994. Fast algorithms for mining association rules in large databases. In Proceedings of the (VLDB). 487--499.

Digital Library

[3]

Safaa O. Al-Mamory and Hongli Zhang. 2009. IDS alerts correlation using grammar-based approach. J. Comput. Virology 5, 4 (2009), 271--282.

[4]

Massimiliano Albanese, Sushil Jajodia, Andrea Pugliese, and V. S. Subrahmanian. 2011a. Scalable analysis of attack scenarios. In Proceedings of the 16th European Symposium on Research in Computer Security (ESORICS'11). Lecture Notes in Computer Science, Vijay Atluri and Claudia Díaz (Eds.), Vol. 6879, Springer, Berlin, 416--433.

Digital Library

[5]

Massimiliano Albanese, Cristian Molinaro, Fabio Persia, Antonio Picariello, and V. S. Subrahmanian. 2011b. Finding “unexplained” activities in video. In Proceedings of the 22nd International Joint Conference on Artificial Intelligence (IJCAI'11). Toby Walsh (Ed.), IJCAI/AAAI, 1628--1634.

Digital Library

[6]

Massimiliano Albanese, Vincenzo Moscato, Antonio Picariello, V. S. Subrahmanian, and Octavian Udrea. 2007. Detecting stochastically scheduled activities in video. In Proceedings of the 20th International Joint Conference on Artificial Intelligence (IJCAI'07). Manuela M. Veloso (Ed.), 1802--1807.

Digital Library

[7]

Alexander Artikis and Georgios Paliouras. 2009. Behaviour recognition using the event calculus. In Artificial Intelligence Applications and Innovations III. Springer, 469--478.

[8]

Carmen E. Au, Sandra Skaff, and James J. Clark. 2006. Anomaly detection for video surveillance applications. In Proceedings of the 18th International Conference on Pattern Recognition (ICPR'06)., Vol. 4, IEEE Computer Society, 888--891.

Digital Library

[9]

Leonard E. Baum and Ted Petrie. 1966. Statistical inference for probabilistic functions of finite state Markov chains. Ann. Math. Stat. 37, 6 (1966), 1554--1563.

[10]

Stefano Bordoni and Gisella Facchinetti. 2001. Insurance fraud evaluation - A fuzzy expert system. In Proceedings of the 10th IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). IEEE, 1491--1494.

[11]

Matthew Brand, Nuria Oliver, and Alex Pentland. 1997. Coupled hidden Markov models for complex action recognition. In Proceedings of the (CVPR). IEEE Computer Society, 994--999.

Digital Library

[12]

Luc Brun, Alessia Saggese, and Mario Vento. 2012. A clustering algorithm of trajectories for behaviour understanding based on string kernels. In Proceedings of the 8th International Conference on Signal Image Technology and Internet Based Systems. IEEE, 267--274.

Digital Library

[13]

Naresh P. Cuntoor, B. Yegnanarayana, and Rama Chellappa. 2008. Activity modeling using event probability sequences. IEEE Trans. Image Process. 17, 4 (2008), 594--607.

Digital Library

[14]

Pedro García-Teodoro, Jesús E. Díaz-Verdejo, Gabriel Maciá-Fernández, and Enrique Vázquez. 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Comput. Security 28, 1--2 (2009), 18--28.

Digital Library

[15]

Zoubin Ghahramani. 1998. Learning dynamic Bayesian networks. In Adaptive Processing of Sequences and Data Structures. Springer, Berlin, 168--197.

Digital Library

[16]

Malik Ghallab. 1996. On chronicles: Representation, on-line recognition and learning. In Proceedings of the 5th International Conference on Principles of Knowledge Representation and Reasoning (KR). 597--606.

[17]

Raffay Hamid, Yan Huang, and Irfan Essa. 2003. Argmode-activity recognition using graphical models. In Proceedings of the Conference on Computer Vision and Pattern Recognition Workshop (CVPRW'03). Vol. 4, IEEE, 38--38.

[18]

Somboon Hongeng, Ramakant Nevatia, and François Brémond. 2004. Video-based event recognition: Activity representation and probabilistic recognition methods. Comput. Vision Image Understand. 96, 2 (2004), 129--162.

Digital Library

[19]

Derek Hao Hu, Xian-Xing Zhang, Jie Yin, Vincent Wenchen Zheng, and Qiang Yang. 2009. Abnormal activity recognition based on HDP-HMM models. In Proceedings of the 21st International Joint Conference on Artificial Intelligence (IJCAI'09), Craig Boutilier (Ed.), 1715--1720.

Digital Library

[20]

Fan Jiang, Ying Wu, and Aggelos K. Katsaggelos. 2009. Detecting contextual anomalies of crowd motion in surveillance video. In Proceedings of the International Conference on Image Processing (ICIP'09). IEEE, 1117--1120.

Digital Library

[21]

Fan Jiang, Junsong Yuan, Sotirios A. Tsaftaris, and Aggelos K. Katsaggelos. 2010. Video anomaly detection in spatiotemporal context. In Proceedings of the International Conference on Image Processing (ICIP'10). IEEE, 705--708.

[22]

Anita Jones and Song Li. 2001. Temporal signatures for intrusion detection. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC'01). IEEE Computer Society, 252--261.

Digital Library

[23]

David R. Karger and Clifford Stein. 1996. A new approach to the minimum cut problem. J. ACM 43, 4 (1996), 601--640.

Digital Library

[24]

Jaechul Kim and Kristen Grauman. 2009. Observe locally, infer globally: A space-time MRF for detecting abnormal activities with incremental updates. In Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'09). IEEE, 2921--2928.

[25]

Peter Lancaster and Kestutis Salkauskas. 1986. Curve and Surface Fitting: An Introduction. Academic Press, London.

[26]

Dhruv Mahajan, Nipun Kwatra, Sumit Jain, Prem Kalra, and Subhashis Banerjee. 2004. A framework for activity recognition and detection of unusual activities. In Proceedings of the 4th Indian Conference on Computer Vision, Graphics & Image Processing (ICVGIP'04). Bhabatosh Chanda, Sharat Chandran, and Larry S. Davis (Eds.), Allied Publishers Private Limited, 15--21.

[27]

Alessandro Mecocci and Massimo Pannozzo. 2005. A completely autonomous system that learns anomalous movements in advanced videosurveillance applications. In Proceedings of the International Conference on Image Processing (ICIP'05). Vol. 2, IEEE, 586--589.

[28]

Christopher Mutschler and Michael Philippsen. 2012. Learning event detection rules with noise hidden Markov models. In Proceedings of the NASA/ESA Conference on Adaptive Hardware and Systems (AHS). 159--166.

[29]

Peng Ning, Yun Cui, and Douglas S. Reeves. 2002. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS'02). Vijayalakshmi Atluri (Ed.), ACM, 245--254.

Digital Library

[30]

Adam J. Oliner, Ashutosh V. Kulkarni, and Alex Aiken. 2010. Community epidemic detection using time-correlated anomalies. In Proceedings of the 13th International Symposium Recent Advances in Intrusion Detection (RAID'10). Somesh Jha, Robin Sommer, and Christian Kreibich (Eds.). Lecture Notes in Computer Science, vol. 6307, Springer, Berlin, 360--381.

Digital Library

[31]

Nuria Oliver, Eric Horvitz, and Ashutosh Garg. 2002. Layered representations for human activity recognition. In Proceedings of the 4th IEEE International Conference on Multimodal Interfaces (ICMI'02). IEEE Computer Society, 3--8.

Digital Library

[32]

Girish Keshav Palshikar and Manoj M. Apte. 2008. Collusion set detection using graph clustering. Data Min. Knowl. Discov. 16, 2 (2008), 135--164.

Digital Library

[33]

Xinzhou Qin. 2005. A Probabilistic-based framework for INFOSEC alert correlation. Ph.D. Dissertation. Georgia Institute of Technology.

Digital Library

[34]

Xinzhou Qin and Wenke Lee. 2003. Statistical causality analysis of INFOSEC alert data. In Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection. Lecture Notes in computer Science, Giovanni Vigna, Erland Jonsson, and Christopher Krügel (Eds.), vol. 2820., Springer, 73--93.

[35]

Michael O. Rabin. 1963. Probabilistic automata. Inform. Control 6, 3 (1963), 230--245.

[36]

Ivandro Sanches. 2000. Noise-compressed hidden Markov models. IEEE Trans. Speech Audio Process. 8, 5 (2000), 533--540.

[37]

Namrata Vaswani, Amit K. Roy Chowdhury, and Rama Chellappa. 2005. “Shape activity”: A continuous-state HMM for moving/deforming shapes with application to abnormal activity detection. IEEE Trans. Image Process. 14, 10 (2005), 1603--1616.

Digital Library

[38]

Ricardo Vilalta and Sheng Ma. 2002. Predicting rare events in temporal domains. In Proceedings of the ICDM. 474--481.

Digital Library

[39]

Junbo Wang, Zixue Cheng, Mengqiao Zhang, Yinghui Zhou, and Lei Jing. 2012. Design of a situation-aware system for abnormal activity detection of elderly people. In Proceedings of the 8th International Conference on Active Media Technology. Runhe Huang, Ali A. Ghorbani, Gabriella Pasi, Takahira Yamaguchi, Neil Y. Yen, and Beijing Jin (Eds.), vol. 7669, Springer, Berlin, 561--571.

Digital Library

[40]

Lingyu Wang, Anyi Liu, and Sushil Jajodia. 2006. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29, 15 (2006), 2917--2933.

Digital Library

[41]

Gary M. Weiss and Haym Hirsh. 1998. Learning to predict rare events in event sequences. In KDD. 359--363.

[42]

Tao Xiang and Shaogang Gong. 2008. Video behavior profiling for anomaly detection. IEEE Trans. Pattern Anal. Mach. Intell. 30, 5 (2008), 893--908.

Digital Library

[43]

Rui Xu and Donald C. Wunsch. 2005. Survey of clustering algorithms. IEEE Trans. Neural Netw. 16, 3 (2005), 645--678.

Digital Library

[44]

Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan. 2008. Sensor-based abnormal human-activity detection. IEEE Trans. Knowl. Data Eng. 20, 8 (2008), 1082--1090.

Digital Library

[45]

Dong Zhang, Daniel Gatica-Perez, Samy Bengio, and Iain McCowan. 2005. Semi-supervised adapted HMMs for unusual event detection. In Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05). Vol. 1, IEEE Computer Society, 611--618.

Digital Library

[46]

Xian-Xing Zhang, Hua Liu, Yang Gao, and Derek Hao Hu. 2009. Detecting abnormal events via hierarchical dirichlet processes. In Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining (PAKDD'O9). Thanaruk Theeramunkong, Boonserm Kijsirikul, Nick Cercone, and Tu Bao Ho (Eds.), Lecture Notes in computer science, vol. 5476, Springer, Berlin, 278--289.

Digital Library

[47]

Hua Zhong, Jianbo Shi, and Mirkó Visontai. 2004. Detecting unusual activity in video. In Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04). Vol. 4, 819--826.

Digital Library

[48]

Yue Zhou, Shuicheng Yan, and Thomas S. Huang. 2007. Detecting anomaly in videos from trajectory similarity analysis. In Proceedings of the IEEE International Conference on Multimedia and Expo (ICME'07). IEEE, 1087--1090.

Cited By

Salerno GPugliese AMolinaro C(2024)Work-in-Progress: Protecting Knowledge Graph-based Descriptions of Digital Twins2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00085(701-705)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00085
Longo GLupia FPugliese ARusso E(2024)Physics-aware targeted attacks against maritime industrial control systemsJournal of Information Security and Applications10.1016/j.jisa.2024.10372482(103724)Online publication date: May-2024
https://doi.org/10.1016/j.jisa.2024.103724
Pugliese A(2023)Activity Modeling and Detection for Emergency Response2023 International Conference on Information and Communication Technologies for Disaster Management (ICT-DM)10.1109/ICT-DM58371.2023.10286940(1-4)Online publication date: 13-Sep-2023
https://doi.org/10.1109/ICT-DM58371.2023.10286940
Show More Cited By

Index Terms

PADUA: Parallel Architecture to Detect Unexplained Activities
1. Computing methodologies
  1. Artificial intelligence
    1. Knowledge representation and reasoning
2. Theory of computation
  1. Logic

Recommendations

Towards unobtrusive detection and realistic attribute analysis of daily activity sequences using a finger-worn device

Detection and analysis of activities of daily living (ADLs) are important in activity tracking, security monitoring, and life support in elderly healthcare. Recently, many research projects have employed wearable devices to detect and analyze ADLs. ...
Augmenting motion sensing to improve detection of periods of unusual inactivity
HealthNet '08: Proceedings of the 2nd International Workshop on Systems and Networking Support for Health Care and Assisted Living Environments

Two sensing options are examined for their potential to improve the sensitivity of a system that detects periods of inactivity in the homes of elderly persons. A previous prototype used passive infrared motion sensors and door sensors combined with a ...
Promoting Social Connectedness through Human Activity-Based Ambient Displays
ITAP '16: Proceedings of the International Symposium on Interactive Technology and Ageing Populations

Existing research in ambient assisted living (AAL) confirms the success of context aware applications in conveying feelings of connectedness and creating a sense of co-presence. Awareness of an elder's activities could trigger emotional responses and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 14, Issue 1

Special Issue on Event Recognition

July 2014

161 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/2659232

Editor:
Munindar P. Singh
Department of Computer Science, North Carolina State University

Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 August 2014

Accepted: 01 April 2014

Revised: 01 March 2014

Received: 01 October 2013

Published in TOIT Volume 14, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Army Research Office
Ministero dell'Istruzione, dell'Università e della Ricerca
Technological District on Cyber Security PON

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
316
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Salerno GPugliese AMolinaro C(2024)Work-in-Progress: Protecting Knowledge Graph-based Descriptions of Digital Twins2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00085(701-705)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00085
Longo GLupia FPugliese ARusso E(2024)Physics-aware targeted attacks against maritime industrial control systemsJournal of Information Security and Applications10.1016/j.jisa.2024.10372482(103724)Online publication date: May-2024
https://doi.org/10.1016/j.jisa.2024.103724
Pugliese A(2023)Activity Modeling and Detection for Emergency Response2023 International Conference on Information and Communication Technologies for Disaster Management (ICT-DM)10.1109/ICT-DM58371.2023.10286940(1-4)Online publication date: 13-Sep-2023
https://doi.org/10.1109/ICT-DM58371.2023.10286940
Cinque MDella Corte RMoscato VSperlí G(2021)A graph-based approach to detect unexplained sequences in a logExpert Systems with Applications: An International Journal10.1016/j.eswa.2020.114556171:COnline publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1016/j.eswa.2020.114556
Guzzo AIanni MPugliese ASaccà D(2020)Modeling and efficiently detecting security-critical sequences of actionsFuture Generation Computer Systems10.1016/j.future.2020.06.054Online publication date: Jul-2020
https://doi.org/10.1016/j.future.2020.06.054
Greco LRitrovato PVento M(2020)On the use of semantic technologies for video analyticsJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-020-02021-yOnline publication date: 13-May-2020
https://doi.org/10.1007/s12652-020-02021-y
Giatrakos NArtikis ADeligiannakis AGarofalakis M(2017)Complex event recognition in the big data eraProceedings of the VLDB Endowment10.14778/3137765.313782910:12(1996-1999)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.14778/3137765.3137829
Alevizos ESkarlatidis AArtikis APaliouras G(2017)Probabilistic Complex Event RecognitionACM Computing Surveys10.1145/311780950:5(1-31)Online publication date: 26-Sep-2017
https://dl.acm.org/doi/10.1145/3117809
Moscato VPicariello A(2017)Multimedia Data Modeling and ManagementA Comprehensive Guide Through the Italian Database Research Over the Last 25 Years10.1007/978-3-319-61893-7_16(269-284)Online publication date: 31-May-2017
https://doi.org/10.1007/978-3-319-61893-7_16
Albanese MCooke NCoty GHall DHealey CJajodia SLiu PMcNeese MNing PReeves DSubrahmanian VWang CYen J(2017)Computer-Aided Human Centric Cyber Situation AwarenessTheory and Models for Cyber Situation Awareness10.1007/978-3-319-61152-5_1(3-25)Online publication date: 7-Jul-2017
https://doi.org/10.1007/978-3-319-61152-5_1
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents