Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Coupled hidden Markov models for complex action recognition
CVPR '97 Proceedings of the 1997 Conference on Computer Vision and Pattern Recognition (CVPR '97)
Large-Scale Event Detection Using Semi-Hidden Markov Models
ICCV '03 Proceedings of the Ninth IEEE International Conference on Computer Vision - Volume 2
Activity Recognition and Abnormality Detection with the Switching Hidden Semi-Markov Model
CVPR '05 Proceedings of the 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05) - Volume 1 - Volume 01
A probabilistic plan recognition algorithm based on plan tree grammars
Artificial Intelligence
Incorporating observer biases in keyhole plan recognition (efficiently!)
AAAI'07 Proceedings of the 22nd national conference on Artificial intelligence - Volume 2
Hypothesis pruning and ranking for large plan recognition problems
AAAI'08 Proceedings of the 23rd national conference on Artificial intelligence - Volume 2
Probabilistic Graphical Models: Principles and Techniques - Adaptive Computation and Machine Learning
ESCAPES: evacuation simulation with children, authorities, parents, emotions, and social comparison
The 10th International Conference on Autonomous Agents and Multiagent Systems - Volume 2
A formal framework for positive and negative detection schemes
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
IEEE Transactions on Image Processing
Hi-index | 0.00 |
In many multiagent domains, no single observation event is sufficient to determine that the behavior of individuals is suspicious. Instead, suspiciousness must be inferred from a combination of multiple events, where events refer to the individual's interactions with other individuals. Hence, a detection system must employ a detector that combines evidence from multiple events, in contrast to most previous work, which focuses on the detection of a single, clearly suspicious event. This paper proposes a two-step detection system, where it first detects trigger events from multiagent interactions, and then combines the evidence to provide a degree of suspicion. The paper provides three key contributions: (i) proposes a novel detector that generalizes a utility-based plan recognition with arbitrary utility functions, (ii) specifies conditions that any reasonable detector should satisfy, and (iii) analyzes three detectors and compares them with the proposed approach. The results on a simulated airport domain and a dangerous-driver domain show that our new algorithm outperforms other approaches in several settings.