AI driven insider threat detction
The COGITO system is a technology-based concept and solution for the detection of suspects harboring malicious intent. It can detect “Internal Threat” (employees of governmental agencies and enterprises that have destructive intents), as well as Police interrogations and border security. The COGITO concept is derived from extensive interdisciplinary know-how in security, polygraph testing and field-proven security-related interrogation techniques.
The COGITO core technology is based on proprietary software – an “expert system” that emulates an investigator’s Modus Operandi by incorporating “soft decision-making” algorithms such as “Neural Networks” and “Fuzzy Logic”. All hardware elements are best-of-breed off-the-shelf third-party components. The technical solution is comprised of a front-end, the ‘Test Station’, and a back-office where multiple-station and multiple-site data is stored, managed and distributed.
COGITO presents a significant conceptual breakthrough that can assist international aviation and homeland security authorities in responding to increasingly sophisticated means of international terrorism. This concept is based on several well-established paradigms and assumptions.
Intent vs. Means
The COGITO concept focuses on detecting terrorist (malicious) intent as opposed to detecting the means (i.e. explosives or weapons). The value of detecting intent is based on several well-founded and proven assumptions. As proven in the 9/11 and many other terrorist attacks when entering a country, terrorists will not necessarily carry weapons or devices on their person. This has been well demonstrated in several international terror attacks. Moreover, terrorists with intent of perpetrating a chemical, biological or atomic terrorist attack are all the more not likely to carry such devices on their person while entering the United States through an official checkpoint or border crossing.
Stimulated Psycho Physical Reaction (SPPR)
The COGITO method is based on stimulating examinees with specific terrorism-related triggers using a “direct contact, interaction, conscious, portal” approach:
The COGITO method postulates that specific words or questions can force terrorist to generate a SPPR that is identifiably different than that of a non-terrorist’s SPPR to the same words or questions. Based on extensive field experience accumulated by Israeli security agencies, the only common characteristic to all suicide bombers and “effective terrorists” is their desire not to be caught by security authorities. The terrorist’s fundamental motivation to successfully perform the terrorist act and not be caught by security authorities clearly differentiates him from the innocent person not harboring such intent. This identifiable motivation is known as the “terrorist hunting–hunted syndrome” (THHS). In order to identify and isolate the terrorist, one needs to stimulate and detect the THHS.
In order to expose the terrorist, the COGITO system generates a specific monitored stimulation of the THHS (i.e. to check the terrorist individually with his full awareness to the fact that he is being checked, and with wording or questions having specific relevance to terrorism or terrorist culture and terminology). This stimulation will engender an uncontrolled reaction (SPPR) from the terrorist, different than the reaction common to the so-called “innocent person”. Direct contact will ensure accurate calibration of the sensors to each individual and to each specific stimulated interaction.
It follows that the only realistic way to effectively analyze suspect behavior and psycho-physical output is in a monitored and controlled situation. Moreover, current methods such as the visual detection of nervousness (body language, sweat, widening of pupils), seem no longer sufficient and incorporate certain methodological deficiencies.
Terrorists might be trained not to demonstrate any visual excitement and external behavior patterns.
Terrorists can use sedation and control their psycho-physical output. Only full-contact sensors can detect the alleged sedation by examining the individual’s reactions to specific stimulation.
There is no academic or field experience supporting the assumption that a terrorist will tend to externalize a higher level of nervousness than an ordinary traveler. This is accentuated by the fact that there are many reasons for which an ordinary traveler may show signs of nervousness. Conversely, and based on field experience accumulated by Israeli law-enforcement and security agencies, the typical suicide bomber is highly mission-focused, and in most cases, does not show his stress in a visible and detectable manner.
Uses of “general excitement detection” methods have been shown to yield unacceptably high positive-false alarms (30% and higher). Thus, any artificial statistic calibration to reduce positive false alarms will be of little value if not based on operational and field experience.
Irregular movement patterns. Any trained international terrorist will assume the existence of visual monitoring systems for the tracking of irregular movement patterns and will act accordingly.
Field-Proven Well Established Technology
The COGITO method is based on existing and field proven psycho-physical sensors (GSR and BVP). These sensors have been widely accepted by the FBI and the CIA and are widely used by most all security agencies worldwide. The flexibility of the COGITO method allows it to incorporate additional sensors whose effectiveness can be proven. COIGTO serves in 15 countries and allow law authorities to detect terrorist and prevent crimes.
Low false alarm
The system achieves results as low as 4% false-positive and negligible false-negative results. This is achieved through the specificities of the COGITO concept
Cross-referencing objective information with subjective reactions to specific terror related issues and stimulation
Using the “Guilty Knowledge Test” (GKT) method as opposed to the “Control Question Technique” (CQT)
Guilty Knowledge based
One of the tenets behind the COGITO method is the “Guilty Knowledge Test” (GKT)*. This method differs from the classic “Control Question Technique (CQT)”, more commonly used by polygraphists. This method offers a methodology that enables investigators to identify the perpetrators of a criminal act. This is achieved by questioning the suspect based on information that can only be known to the actual perpetrator and that is not available to the general public.
The underlying assumption of this theory is that when an individual performs an ”emotionally affecting” act involving guilt or fear (known only to himself and to the investigator) his reaction to a specific event-related stimulation will be different than that of a non-involved individual.
This is best explained by an example. Let us assume that a murderer used a red knife, wore a blue hat and committed a crime at 10:30 AM. These are the Relevant Stimulating Objects” (RSOs) known only to himself and to the investigating body. Presenting the murderer with these RSOs will engender a different and detectable reaction than that of an innocent person that has no awareness as to the relevance of these objects. If five knives, five hats and five different murder-times are presented to the murderer, with only one of each being the RSO, the murderer will accordingly react only to the RSOs and will show a lesser reaction to the non-relevant objects.
Using the GKT method enables COGITO to build and use an algorithm that can significantly reduce the levels of false-alarms. Cross-referencing the GKT results with additional objective passenger information reduces the level of false-alarm even further.
The system software is COGITO’ exclusively owned IP. It is comprised of a few software elements that have all been developed by COGITO over the course of 20 “man years”. The software component that is handling the “decision process” is a multi-layer algorithm:
The “Signal Analysis Input Algorithm”
The GSR output is analyzed by algorithms which are based originally on an “expert system”. This expert system resembles the way a polygraph specialist analyzes the polygraph visual graphs. COGITO engineers have studied thousands of polygraph tests under the supervision of leading polygraph specialists. This knowledge base has been transformed into 4 basic algorithms that have been improved upon based on trials and studies. These 4 different algorithms are being used to analyze 12 different parameters (signal slope, amplitude, etc.).
Signal analysis algorithm utilizes Sugeno type fuzzy interface system. The system uses several rules. For example: the height of the peak and the delay between the rise time of the reaction and the question. In the algorithm there are several rules with up to 4 inputs. The second part of the algorithm is Neural Network based. One of the inputs for the fuzzy system described above is the ‘dissimilarity’ of a reaction. In order to accomplish this subjective parameter, the COGITO signal analysis algorithm uses LMS linear neural network. The network is trained on the input signal [P(t)].
The System Back-Office
The back-office is designed to manage and control all the test stations in a given site. It serves as the central unit that stores all test histories and traveler profiles and is responsible for system administration, data distribution and interfacing to external systems and databases.
The back-office is the main data store for all stations in a single site i.e. in one airport. A site is a defined location comprising a system back-office and its affiliated test stations.
The back-office servers, database storage and network elements are based on standard industrial hardware components. The back-office is designed for high availability and best-of-breed data security.
The elements residing in the system back-office are the following:
SLPM: System-Level Profiling Module.
SLM: Self-Learning Module.
Database and Storage
Interface to External databases
NRE: Name Recognition Engine