IC CAE-sponsored National Security Research

Distributed AI-driven Anomalous Behavior Detection from Multi-camera Surveillance Using Cloud and Visualization in Virtual Environments

Surveillance cameras are ubiquitous in metropolitan areas of developing and developed countries. They are now common in schools, stores, and government buildings. The surveillance feeds generated from these thousands of cameras contain image data of vast human activity, but it is difficult to manually monitor these cameras for suspicious activity.  Artificial Intelligence (AI) is capable of automatically detecting anomalous human activity from a single surveillance feed, however there is a need to improve detection techniques in large environment that relies on multiple surveillance cameras whose feeds are stored in a cloud environment. In this research, we seek to improve our current image detection methods by improving visualization and scenario creation in a virtual environment. We will apply AI-driven body tracking detection to synchronized surveillance feeds from multiple Azure Kinect cameras. Expected research outcomes include detection of intruders and/or weapons from multiple cameras, body-tracking, and regeneration of these data into a virtual scene to complement real-time surveillance models.

Anomaly Detection from System Logs

Identifying abnormal behavior automatically to detect attacks on systems based on operational data logs could function as a powerful proactive security tool. Towards this goal, we present Anomaly Detection from System Logs using Transformer, a tool for automatically detecting anomalies in distributed execution environments. With the massive volume of logs generated from systems, it is impossible for human operators to verify and keep track of the log files. Thus, an automated way of detecting abnormal behavior from log files, that were undetected by system, can be achieved via the use of deep learning models. A Transformer-based AI system detects anomalies by inspecting operational data logs and identifying abnormal behavior. Given log entries generated by a system, the anomaly detection framework parses the log entries and detects anomalies. By combining natural language-based learning models, the anomaly detection framework parses the log information stored in log files, learns normal behavior from the parsed log data, and detects abnormal behaviors from new log entries. The data used for this model includes OS logs such as auth.log, kern.log, and syslog and network logs. These anomalies are reported, at the discretion of a supervisor, who provides feedback to the model.