AI Technology as a Proactive Security Accelerator

AI Technology as a Proactive Security Accelerator

image provided by pixabay

This post is also available in: heעברית (Hebrew)

Written by Or Shalom

The implementation of active security has many benefits. This kind of security is active and proactive by nature and is meant to prevent the incident or event during its early stages and even before it happens. In contrast, classical passive security usually begins acting when the event begins, during, or even after it happens. This means that in such a situation the adversary has gained an advantage they can exploit and will be evident in the final results of the event.

On the other hand, active security is deliberately targeted at active actions for deterrence, detecting and pointing out unusual things, and “beating the attacker to it.” If for example, we analyze the significance of security in a shopping center (like a mall), a financial infrastructure, an embassy, a hospital, a train station, or a detention center, we will understand the values and importance[1]. In complex security tasks under varying environmental conditions, such as convoy security or remote battlefield security (control and security sequencing in the area or strategic structures within a hostile environment, etc.), this capability also provides a critical advantage for the protector.

The integration of active security also involves analyzing the various security circles to integrate active capabilities in both the physical circles (reviewed below) and in the online space, with the goal of locating the anomaly in its early stages and with minimal friction or impact in the “field.” For example, in the online space, there is the ability to collect information from the Internet (OSINT) regarding the intentions of an attack by analyzing posts on social media, looking at discussion and discourse, and analyzing trends that indicate intent for organization and advanced stages[2]. Prior planning and preparing in various security circles requires creativity against the adversary’s efforts, as well as the ability to translate it into rules to be fed to artificial intelligence (AI) that provides “human thinking” to the system, and later ensures performance improving processes and self-learning through machine learning (ML)[3]. The ML feature has an advantage and added value since the system’s ability to learn and improve its performance will greatly reduce the opponent’s possible actions and reactions, as well as their ability to surprise the secure cell area.

Following are 3 case studies that illustrate the possible uses for integrating proactive security through AI-based technologies:

Initiating and implementing drone operator detection technologies to thwart convoy drone threats:

Analyzing threats to a convoy or security personnel raises possible threats of drone use with the aim of defiance, reconnaissance, or a physical attack[4]. This threat has been proven on several occasions, like former German Chancellor Angela Merkel’s speech as part of a campaign in September 2013[5]. Alongside physical scans, preparing for this threat also enables technological solutions in passive implementation (like using frequency-blocking guns after the drone is detected). In contrast, there are capabilities to actively implement technologies to search and locate drone operators in nearby environments. Research from Ben-Gurion University showed an interesting autonomous ability to locate drone operators based on communication between the operator and the drone, tracking the drone’s route, and intercutting from different angles to assess the operator’s location[6]. The research itself is interesting, since even though the study achieved 73% accuracy, the capabilities still needed to be improved using resources like AI and ML due to the complexity of the process, the analysis, and the insights (the more combined these are, the more they will improve the ability to assess the location of the operator). Moreover, there are complexities and limitations that depend on the environment, like multiple signals and drones, frequency skipping, angles of collection, and of course the operator’s skill and ability to fool and block detection systems. This brings another insight whereby even integration of technological capabilities requires learning the gaps or weaknesses in the specialized technologies that are used. This should be done to prepare as part of redundancy with various types of technologies, compensatory controls, or planning in additional security circles. For example, the balance between the implementation of different technologies and the wide coverage of used frequencies, as well as the combination of a jump-in force or proactive patrol in the area of the incident in order to locate the operators, as well as to provide coverage for the use of autonomous drones.

Implementing analytical-based active technologies in mass sports events:

The working assumptions in preparing and planning for mass sporting events are also based on the challenge of dealing with a terrorist squad or “lone wolf” attacker in a way that allows compartmentalization, secrecy, and leaving a low signature, all to make it difficult to locate. Nevertheless, quite a few events saw a retroactive proof of anomaly patterns and a deviation from the normal and accepted by both digital (network) and physical means. The findings of the 2013 Boston bombing investigation showed unusual patterns in the various circles (including OSINT) in a way that provided retroactive insights and derivatives from security. This included, among other things, the placing of a bag and leaving it unsupervised for an abnormal amount of time, as one of the brothers in that incident was observed leaving the place without the bag with which he was documented arriving. This data reinforces the fact that there are abnormal patterns of behavior that can be collected and analyzed through analytics. Thus, in this case, the definition of anomalies is expressed in the connection and separation between two entities in different directions, as well as the connection between the object and its being left in the area[7]. A combination of AI and ML capabilities can have a significant impact on better analytics and smart and efficient security. In doing so, analytical rules can be established to detect the exception through cumbersome movement (which may indicate the carrying of heavy weight), movement opposite to that of a crowd, movement between forbidden areas, analysis of connections between an entity and an object (such as putting an object down and moving away from it within a radius of 10 meters at most), wandering in side streets as a possible indication of suspicious activity or organization, and more.

The terrain at the opening event of the 2024 Olympics presents quite a few challenges and difficulties in the ability to detect incriminating patterns, as well as the ability to control the crowd in accordance with the unfolding events. The environmental conditions of these opening events (which will not convene in a closed stadium) will be along the Seine River with at least 500,000 guests and visitors, some in sections that do not require tickets, and about 200 heads of state that are expected to participate. Controlling such a complex event requires proactive capabilities integrated with AI to ensure effective security. Therefore, the manner of planning should provide the ability to predict and indicate abnormal behavior and anomalies (like a gathering larger than the norm, followed by putting special security attention in these areas, staying in prohibited areas, etc.) in a manner that will enable quick response[8].

Implementing active qualities through AI in critical infrastructure protection:

Critical infrastructure security is complex in and of itself, both because of the huge scale deployment, the terrain, and the opponent’s ability to use opportunities for intelligence gathering or attack purposes. Along with security officials and personnel, there are various uses for technologies such as radar, monitoring systems, detection systems, and cameras. The ability to detect and locate anomalies as well as make accurate decisions about the response and manner of treatment all require resources and the use of analytics and AI. The complexity of wide-scale deployment in the face of various possible threats as seen by the attacker requires integration and use of autonomous systems, robots, and AI-based drones. In this way, the use of drones allows for rapid mobility, and the ability to provide high-quality aerial images on the move and from various angles while performing AI-based processes as part of real-time anomaly comparison and detection (a breach in a fence, change of terrain, etc.). This comparative ability is a tiebreaker when it comes to pointing out the anomalies on the scene. Furthermore, the use of drones allows to assess risks and track threats without being detected, as well as plan follow-up tasks according to the unfolding events. These features provide the security team with power-enhancing capabilities when dealing with the threats. In order to ensure competence and learning-based performance enhancement, complex exercises and field examinations must be performed to detect changes and deviations.

The opponent’s level of sophistication, organizational resources, and means, all require creative security and a change of perception for proactive security. A significant power enhancement must include equipping the various security circles with technologies including AI and ML-based smart analytics, ensuring an appropriate level of security in the face of these threats.

The author is a security, cyber and HLS technology expert and consultant to government ministries and defense industries. He holds a master’s degree, as well as civil and national qualifications in the realm of HLS and Cyber Security. He has experience in consultation and business development for security companies and groups in matters of planning and building defense, innovation and security technology, exercises, and training in security and cyber.



[3] Marvin Miskin defines AI: “the science of designing machines capable of doing things that require intelligence when they are done by humans”