A Conceptual Model for Agent-based Simulation of Physical Security ...

3 downloads 734 Views 113KB Size Report
ABSTRACT. Modeling and simulation of physical security systems involves designing and analyzing security systems, protocols, and policies that aim to protect ...
A Conceptual Model for Agent-based Simulation of Physical Security Systems Volkan Ustun

Levent Yilmaz

Jeffrey S. Smith

Department of Industrial and Systems Engineering Auburn University Auburn, AL, USA

Department of Computer Science and Software Engineering Auburn University Auburn, AL, USA

Department of Industrial and Systems Engineering Auburn University Auburn, AL, USA

[email protected]

[email protected]

[email protected]

Clearly, understanding a facility’s susceptibility is a precursor to designing effective physical security systems to prevent unauthorized access to the facility. Our goal is to develop a simulation-based problem solving environment and associated decision support tools to assist with the general facility and security system design problems. The facility design goal is to identify a security configuration that minimizes a facility’s vulnerability to intrusion at minimum cost. In this context, a security configuration includes the physical structure of the facility, the set of sensors included in the facility, and the set of guards and their respective operating/patrol strategies. To improve realism, credibility, and variability in these models, such strategies need to involve situation awareness, cooperative team behavior, planning, and deliberative decision making processes of guards.

ABSTRACT Modeling and simulation of physical security systems involves designing and analyzing security systems, protocols, and policies that aim to protect fixed-site facilities against intrusions by external threats, as well as unauthorized acts by insiders. Realistic and credible simulations of such systems require incorporation of human behavior models along with cooperative engagement policies such as team formation, allocation of roles, team reorganization, and distributed decision making. In this paper, we discuss agent-based conceptual design of a physical systems security simulation within the context of a shoplifting study. The primary contributions include (1) the use of a conceptual facility configuration meta-model that is used for flexible instantiation of environmental settings in which agents (i.e., customers, including shoplifters, workers, and security personnel) are situated, (2) a novel line-of-sight mechanism for realizing the visual perception subsystem of agents, and (3) the simulation of reactive as well as deliberate decision making processes of agents.

Security systems used in a typical retail store are good examples of physical security systems that we encounter everyday in our lives. In fact, retail stores are investing a significant amount of money in installation of physical security systems. It is estimated that more than $750 million annually is invested on security systems by retail stores in U.K alone [6]. The main reason for this expenditure is that a significant portion of inventory shrinkage in retail stores is attributed to shoplifting. Roughly, shoplifting can be defined as taking of retail merchandise without proper payment. 2004 National Retail Security Survey reports that estimated annual loss for U.S. retailers due to inventory shrinkage is approximately $31 billion, $9.1 billion of which is attributed to shoplifting. Clarke [2] lists several precautions that include hiring store detectives, using electronic article surveillance, installing and monitoring CCTV etc. against shoplifting. These security measures can be taken to diminish the losses, however, some of these security measures are also costly, and it is hard to estimate the returns.

Categories and Subject Descriptors I.6.5 [Simulation and Modeling]: Model Development – modeling methodologies.

General Terms Measurement, Design, Experimentation, Performance.

Keywords Intelligent agents, agent-based simulation, physical security systems, cooperative agents.

1. INTRODUCTION Intruder detection analysis involves assessing a facility’s susceptibility to intrusion/breach by unauthorized people. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. ACM SE’06, March, 10-12, 2006, Melbourne, Florida, USA Copyright 2006 1-59593-315-8/06/0004…$5.00

365

Modeling and simulation can be a cost effective tool in the design and analysis of a physical security system. Realistic and credible simulation models of such systems require inclusion of human behavior models along with cooperative engagement policies such as team formation, allocation of roles, team reorganization, and distributed decision making. We are currently developing an agent-based simulation test-bed, through which effectiveness and cost of various forms of security policies can be analyzed. The test bed is used to conduct a case study on the aforementioned retail industry

shoplifting problem in which we examine the effects of locations of security cameras, movement patterns of security personnel and security personnel with and without communication capabilities on the effectiveness of the security policy. This paper presents the conceptual model underlying the test-bed. The remainder of this paper is organized as follows. In Section 2, related work in physical security simulation is discussed. Then, the data model for the environment and general architecture used to represent the agents are explained in Section 3. Conceptual models for the agents in the test bed are discussed in Section 4. Finally, we conclude in Section 5

o

Intruders – Human participants that are trying to gain unauthorized access to specific locations within the facility.

o

Workers – Human participants whose responsibilities do not involve the protection or intrusion of a facility, but who are present and working in the facility.

3.1 Environment Static aspects of the facilities (i.e. structure and location of walls, rooms, shelves etc.) are used by the agents mainly in two forms. Mobile agents consider the static features of the environment to find a path to different locations in the facility. Vision, which is the main medium for perception, can be obstructed by static objects. To conduct the simulation experiment, a hypothetical retail store, which is comprised of aisles, shelves, fitting rooms, cashiers and doors, is used. Static features of this hypothetical retail store are represented using the conceptual data model defined by Ustun et al. [7]. This common meta-model is consumed by different modules of the software using several graphical constructs – such as zone movement graphs, portal visibility graphs etc.- that are also described by Ustun et al. [7]. Figure 1 depicts the layout of this hypothetical retail store using a snapshot from current version of the software.

2. RELATED WORK Jordan et al. [4] and Smith et al. [5] discuss the use of simulation in physical security systems. Jordan et al. [4] state that discrete event system simulation might be an alternative for exploring the responses of a given physical protection system under various threat scenarios at a moderate cost. The general system structure described by Smith et al. [5] defines intruders and guards as simulation entities for physical security discreteevent simulation. Intruder entities move through the facility in order to reach or acquire a specified target and guard entities are trying to detect the intruder entities in order to prevent them from achieving their goals. The simulation test bed that we are developing assumes a similar setting, where there are guard entities that are trying to detect shoplifters, detain them and recover the stolen goods. Airline security systems such as explosive detection systems, baggage screening systems or passenger flow systems can be considered as specific instances of physical security systems. These systems have been discussed extensively in recent years and most of these studies do not require the incorporation of human behavioral models in simulation. Furthermore, we have not encountered any studies directly related with simulation of shoplifting in retail stores. Nevertheless, there are several books and articles that discuss the criminal aspects of shoplifting problem, sociology of shoplifting, and ways to reduce loss of stolen goods.

3. COOPERATIVE TEAM BEHAVIOR IN PHYSICAL SECURITY SYSTEM DESIGN

Figure 1. Facility Layout

Viewing a physical security system as a multi-agent system requires explicit specification of the environment and organizational design. •

Facility – a set of buildings and other structures (fences, walls, etc.) within a well-defined geographical region.



Sensor – a device that can detect the presence or absence of a person, or object in a defined region.



Participants – people that have various responsibilities and roles in the facility. We define three classes of participants: o

3.2 Agents Capabilities that an entity might have include mobility, perception, autonomous behavior, and communication. Mobile agents can move within the layout and they have the capability to find their paths to different locations in the facility. Perception is mainly dependent on the vision of agents, and visual percepts form the basis for their behavior and communication. The entities used in the simulation conceptual model along with their capabilities are shown in Table 1. Communication provides a medium to exchange information on the state of the environment. General architecture of the test bed is depicted in Figure 2. Only reactive and deliberation layers are of interest in this paper. Shoplifters are deliberative and reason about the events occurring in the environment.

Guards – Human participants whose responsibilities involve protecting the facility by detecting and potentially intercepting intruders.

366

Table 1. System Entities

Regular customer Shoplifter Security personnel Surveillance camera Worker

Mobility Mobile Mobile Mobile Fixed Fixed

Perception No Yes Yes Yes Yes

Type Object Agent Agent Object Object

Communication Not capable Not capable Capable Not capable Capable

Customers arrive at the store with a static plan that is comprised of shopping activities that will be performed by the customer (like a shopping list). Customers move in the store in order to pick up items that are in their shopping list and upon completion of the shopping list, they pay for the picked-up items and leave the store. Pick up and pay activities of regular customers might raise suspicion with some probability, which we define as the false alarm rate, and hence it is possible for security personnel to mistakenly detain regular customers.

4.2 Reactive Security Personnel Agents Decision making of reactive agents is realized through an action function, which continually takes perceptual input and maps it to an action to perform. If there are a set of signals that trigger the perception system of a reactive agent, the agent performs the activity that is linked to the triggering signal. Security personnel’s activity cycle starts with patrol activity, which continues until a specific event happens. There are two types of events that particularly interest security personnel while patrolling. First type of event of interest is receipt of a critical activity signal originated by a shoplifter or customer activity, which might be part of a shoplifting activity sequence. A critical activity signal triggers the perception mechanism of the security personnel. Detection of critical activity results in committing to follow the entity that sent the critical activity signal. Second type of event that interrupts the patrol activity is receipt of an update message coming either from other security personnel in the store or workers. The update message basically signals the security personnel on a critical activity that happened somewhere in the retail store. This signal may also result in committing to follow the entity that performed the critical activity. Described control flow is represented by an interruptible activity region, which is shown as a dashed box on the activity diagrams. Second interruptible activity region on the security personnel activity diagram includes follow activity. If any of the specific events described above occur when the security personnel is following a person, a set of conditions is checked to decide whether to continue the current commitment, to change commitment, to cancel the current commitment or to detain the shoplifter (or customer). An activity diagram that shows the activities of the security personnel along with the rules that determine the control flow is presented in Figure 3.

Figure 2: Agent Architecture

The Belief-Desire-Intention architecture [1] is used to encapsulate the practical reasoning of shoplifters. Activities of regular customers are modeled as predetermined action sequences. Perception subsystem captures the ability to observe the environment to facilitate gathering the requisite information used in the decision making process. Communication subsystem provides agents a message-passing medium to interact with other agents in the environment. We use broadcasting as well as direct routing mechanisms to realize communication. Autonomous agents can make independent decisions through the control subsystem and hence their actions are under their own control. Finally, cooperation subsystem provides another medium to achieve interaction between agents. In addition to communication ability, cooperation protocols allow agents to distribute and coordinate tasks among them. The design details of the cooperation layer are beyond the scope of this paper.

4. AGENT ARCHITECTURE The design of the control module for the deliberation layer of agents in our study is critical. The activities carried out by agents in terms of their perception, action, and communication modules are prescribed in terms of the protocol embedded within the control module. UML Activity Diagrams are used to represent the activities and the control flow of the entities in the system. The specification of actions and communication events of an agent is defined using UML 2.0 Activity Diagram notation. The control module interprets activity diagrams to simulate agent behavior.

4.2.1 Perception Subsystem Vision is the primary method that is used to perceive the environment, and it is the main moderator of behavior of entities in our shoplifting simulation. In the current model, we are not using any cognitive recognition functions so physically seeing another entity is basically enough for detection.

4.1 Customer Objects Customers are passive entities that roam in the store and shop.

367

[end of shift] Patrol

Customer.Critical Activity

1

2

[followed customer] Shoplifter.Critical Activity

[not committed]

SecurityPersonnel. Update

[not committed]

[else] Process Message Worker.Update

[committed]

[not detected]

Customer.Critical Activity

SecurityPersonnel. Update

Shoplifter.Critical Activity

Worker.Update

Perceive

[detected]

2

3

[not committed] Commit [shift ended]

[committed]

Follow

[yes]

[different customer]

[no]

[followed customer]

1 Cancel commit

[give up]

Broadcast

Update

Change Commitment

SecurityPersonnel

X

Identify Activity [else]

3 [no]

[not caught]

Decide to detain [yes]

Figure 3. Security Personnel Activity Diagram Chase Detain

[caught]

We define the field of vision of an agent by three parameters – r the looking direction d or (D, θ, φ), Line-of-Sight (LoS) range R, and the cone half-angle α. The LoS range determines how far the agent can see, and the looking direction is defined by a vector (in 3-dimensional space) in which the agent is looking; lastly, the actual region of view is represented as a 3dimensional cone (with the vertex at the viewpoint of the entity) that is centered around the looking direction vector, with a half cone-angle specified by the third parameter above.

Here, we compute the visibility of multiple candidate points on agent j’s surface by casting rays from the viewpoint of agent i; if all the candidate points are not visible, then we conclude that agent j is not visible, and if at least one candidate point is visible, we conclude that agent j is visible. Visibility detection includes perspective projection of objects onto the view plane, and then using Graham Scan algorithm [3] to find the convex hull, and finally checking whether the projected target points lie within the convex hull of the projected object.

368

[yes] [final goal achieved] Deliberate

[else]

[not sound]

Means-end reasoning [Plan completed]

Plan

[sound]

Get Next Plan Step

Check Plan

[no]

Reconsider

[Plan not completed] Perceive

[Pay]

Pay

[pick up]

[conceal]

Pick up Item

[unconceal] [go to]

Conceal Item

Unconceal

Go to new location

Critical Activity

Camera

SecurityPersonnel

Worker

X

X

X

Figure 4. Activity Diagram for Shoplifters

Each time an agent wants to move within the facility, zones for start and destination are found. Then, Dijkstra’s algorithm is used to find the shortest path from start to destination, using distance as a cost metric. Agents follow the path generated by the algorithm to move from one zone to another through portals. By definition, zones are convex and hence agents can move within a zone without hitting any walls or in our context any bounding objects. However, obstacle avoidance algorithms are required to avoid objects inside the zones to prevent collision.

If a projected target point lies within the convex hull of any projected object, that point can not be seen. A demonstration is depicted in Figure 5. Here, an agent is looking towards another agent, which is represented by 6 points, sitting on the top of a wall. The looking agent can see only 4 out of 6 points since the wall obstructs the view of two points, which are representing the feet of sitting agent.

4.2.2 Action Subsystem A movement module is designed and implemented to model the agent movements in the facility. This module uses the information on the static features of the facility along with zone movement graphs [7], which define the possible movements between zones. Agents in the simulation can move from one zone to another zone if there is an edge between these two zones and the conditions for this edge are satisfied. Agents can move freely within the zones (not colliding with the objects that are in the zone), however, movements between zones will be controlled using the zone movement graph.

Figure 5. Perception (LoS) Mechanism

369

which is contingent on accomplishment of sub-goals (i.e., concealment of item i).

4.2.3 Action Subsystem Agents with communication capabilities can broadcast a message to all other agents. An example is that a worker watching the video stream coming from the surveillance cameras. The worker may perceive a criminal activity in the store. S/he then broadcasts this information as a message to the security personnel and they perform the necessary actions defined in their control module to deal with this new state.

4.3.3 Intentions and Plans Deliberation function of an agent picks up an option (desire) that is consistent with beliefs. When agent is committed to this option, it becomes the intention of the agent, and it uses meansend reasoning to generate a plan that accomplishes the goal. A plan is a sequence of activities of which the final is the goal activity. An agent might have an intention to conceal the item in Aisle 6 and if the agent is in Aisle 2, its plan is comprised of one go to activity from Aisle 6 to Aisle 2 and one conceal activity. In this example, action sub-system is solely responsible from the generation of the plan. After committing to an intention, agent starts to perform the actions in sequential order until the goal is achieved or it is impossible to continue the plan.

4.3 Deliberative Shoplifter Agents Shoplifters extend the activity diagram of regular customers by adding new actions to represent the shoplifting activities. Conceal item, unconceal item, and give-up are three actions that are introduced by shoplifters, in addition to the regular customer actions. From a security perspective, three important activities that need to be tracked are picking-up an item to steal, concealing that item, and leaving the store without paying for the item. In order to detain a customer, it is important to detect these activities. Hence, each time an agent performs one of these actions; respective signals are sent to present security personnel, workers and surveillance cameras in the store and respective perception mechanisms are triggered. Shoplifter agents’ decision process is modeled using the BDI framework. Major components of BDI architecture are beliefs, desires (or options), intentions, goals, and plans. A general agent control logic loop is shown in Figure 4 using UML Activity Diagrams. Beliefs pertain to the information the agent has about the environment. Desires represent states of affairs that the agent wishes to consider, and goals are the resultant states if desires are achieved. Intentions represent desires that the agent has committed to achieve

5. CONCLUSIONS Effective modeling of decision making processes of agents that participate in physical security systems simulation is critical for the credibility of simulation-based analysis. Agent based conceptual model discussed in this paper provides an infrastructure based on retail store security analysis and we believe that it is possible to extend this infrastructure for general physical security systems. As stated in the paper, we have not focused on the cooperation layer in the general agent architecture yet. Modeling cooperation between security personnel and shoplifters is a challenge that is expected to generate interesting results. Observation of emerging behaviors from cooperation possibilities is expected to provide further insights on physical security system design.

4.3.1 Beliefs

6. REFERENCES

A shoplifter’s perceptions are focused on the security measures available at different parts of the retail store. For this purpose, a shoplifter agent performs line-of-sight calculations using its perception subsystem to collect information on the locations and look directions of surveillance cameras, workers and security personnel. Collected information is mapped to different areas on the retail store considering the relationship between areas and shelves if an area includes a shelf. The collected information constructs the beliefs of a shoplifter agent. In basic form, a shoplifter agent can believe: (1) An area is permanently safe/unsafe. (2) An area is temporarily safe/unsafe. (3) S/he is being followed. Beliefs defined above are then used in deliberation and means-end reasoning functions of the shoplifters.

[1] Bratman, M. Intention, Plans, and Practical Reason. Harvard University Press: Cambridge, MA. 1987. [2] Clarke, R.V. Shoplifting. Problem-Oriented Guides for Police: Problem-Specific Series No.11. Office of Community Oriented Policing Services, U.S. Department of Justice.2003. [3] Cormen, T.H., C.E. Leiserson, R.R. Rivest. Introduction to Algorithms. MIT Press: Cambridge, MA. 1990 [4] Jordan, S.E., Snell, K. M., and Madsen, M. M., and Smith, J. S. and Peters, A. B. Discrete-Event Simulation for the Design and Evaluation of Physical Protection Systems. In Proceedings of the Winter Simulation Conference. 1998 [5] Smith, J.S., Peters, A. B. Jordan, E. S., and Snell, K. M. Distributed Real-Time Simulation for Intruder Detection System Analysis. In Proceedings of the 1999 Winter Simulation Conference. 1999.

4.3.2 Desires During the course of simulation, a shoplifter agent might have following desires: (1) Pickup item I (with shoplifting purpose) without being detected. (2) Conceal the item without being detected in zone Z, area A. (3) Give up (unhide the previously picked up/concealed item). (4) Leave the store with shoplifted item. Each desire is associated with completion of an action which represents the accomplishment of the goal. Whenever an agent completes one of these activities, accomplishment of the goal is established. Here, the main goal is to leave the store

[6] Tonglet, M. Consumer misbehaviour: An exploratory study of shoplifting. Journal of Consumer Behaviour. Vol.1, No.4, pp. 23-34.2002. [7] Ustun, V., Yapicioglu, H. Gupta, S., Ramesh, A. and Smith, S. J. A Conceptual Architecture for Static Features in Physical Security Simulations. In Proceedings of the 2005 Winter Simulation Conference. pp. 345-352. 2005.

370