Information Fusion and Geographic Information Systems: Proceedings of the Fourth International Workshop, 17-20 May 2009 (Lecture Notes in Geoinformation and Cartography)

Lecture Notes in Geoinformation and Cartography Series Editors: William Cartwright, Georg Gartner, Liqiu Meng, Michael P. Peterson

Vasily V. Popovich · Manfred Schrenk · Christophe Claramunt · Kyrill V. Korolenko (Eds.)

Information Fusion and Geographic Information Systems Proceedings of the Fourth International Workshop, 17–20 May 2009

123

Editors Vasily V. Popovich Deputy Director of SPIIRAS for Research, Professor, Dr Sci Tech 39, 14th Linia, V.O. 199178 St. Petersburg Russia [email protected]

Christophe Claramunt Naval Academy Research Institute Lanveoc-Poulmic BP 600 F-29240 Brest Naval France [email protected]

Manfred Schrenk CEIT ALANOVA gemeinnützige GmbH Central European Institute of Technology Department for Urbanism, Transport, Environment and Information Society Am Concorde Park 2, Gebäude F A-2320 Schwechat Austria [email protected]

Kyrill V. Korolenko, P.E. Chief Scientist/NUWC Code 1543, B1320 1176 Howell St. Newport RI 02841-1708 USA [email protected]

ISSN 1863-2246 ISBN 978-3-642-00303-5 DOI 10.1007/978-3-642-00304-2

e-ISBN 978-3-642-00304-2

Springer Dordrecht Heidelberg London New York Library of Congress Control Number: 2009922217 c Springer-Verlag Berlin Heidelberg 2009  This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover design: deblik, Berlin Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com)

Preface

This volume contains the papers presented at the International Workshop “Information Fusion and Geographic Information Systems” (IF&GIS’09) held in St. Petersburg, Russia in May 2009. The workshop was organized by the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS). The workshop continues a series organised biannually, and attracts academics and industrials from a wide range of disciplines including computer science, geography, statistics, mathematics, hydrography, geomorphology, and environmental sciences. The objective of this workshop is to provide a forum for innovative research oriented towards Geographic Information Science and technologies and Corporate Information Systems whose close association highlight novel theoretical and practical challenges. The papers selected by the International Program Committee cover a wide range of innovative areas including ontological and semantic approaches for the representation of geographical data, geographical data monitoring, situation management and forecast, to emerging applications oriented to the maritime environment, disaster management and security threats. While traditional topics of GIS conferences are well represented and still being advanced, several new domains appear and stress the need for the development of versatile monitoring systems and decision making systems. While GIS already have a de facto standard for geographical monitoring and analysis, the papers accepted in this volume also illustrate several novel directions of application whose objective is more closely oriented to process modeling and decision making, and where the nature of the objects represented is revisited using ontological and semantic approaches. One of the emerging application that is particularly represented is the one of security threats. Since the devastating 9/11 attacks in 2001, monitoring security threats has become one of the most important challenge to international governments. It is then vitally important to monitor terrorist threats using novel mathematical and GIS methods in order to find appropriate scientific approaches to prevent terrorist acts. Maritime GIS are also at the leading edge of the novel applications oriented to navigation safety and are also addressed by several contributions presented at the workshop. The issues of information assurance and protection for GIS have been also integrated in the workshop program, v

vi

Preface

including computer system protection, complex security maintenance of information technologies, these being applicable to GIS and whose impact should be surely larger. The submission process attracted 41 abstracts from 14 countries, from which 35 papers were selected for submission. After a thorough reviewing process the International Program Committee accepted 25 papers from 8 countries for publication, including two invited papers. The accepted papers were allocated to the following six sessions: Corporate Information Systems and GIS; GIS as a Basis for Monitoring Systems; Ontology and Programming Technologies for GIS and GIS Applications; Monitoring of Terrorist Threat Based on GIS; Maritime GIS; Information Assurance and Protection in GIS. The IF&GIS’09 program was enriched by contributions from two distinguished invited speakers: Gennady Andrienko from the Fraunhofer Institute in Germany, and Victor Lobo from the Portuguese Naval Academy whose papers are also included in the volume. The success of the workshop was assured by the team efforts of sponsors, organizers, reviewers and participants. We would like to acknowledge the contribution of the International Program Committee members and thank all reviewers for their support and hard work. Our sincere gratitude goes out to all participants and all the authors of submitted papers. We are grateful to our sponsors, the Russian Academy of Sciences and the US Office of Naval Research Global (ONRGlobal) for their generous support. Finally, we wish to express our gratitude to Springer’s LNCS team, managed by Dr. Christian Witschel for their efficacious help and collaboration. May 2009

Vasily Popovich Manfred Schrenk Christophe Claramunt Kyrill Korolenko

Table of Contents

Preface ........................................................................................... v Organization ................................................................................. xi Invited Papers Visual Analytics for Geographic Analysis, Exemplified by Different Types of Movement Data G. Andrienko, N. Andrienko ................................................................... 3 Application of Self-Organizing Maps to the Maritime Environment Victor J.A.S. Lobo................................................................................. 19 CIS and GIS Concept for Corporate Information Systems Development Based on GIS Technologies V. Popovich........................................................................................... 39 Data Harmonization in CIS A. Pankin, V. Kuzenny .......................................................................... 63 iRank: Integral Ranking of Geographical Information by Semantic, Geographic, and Topological Matching F. Mata, S. Levachkine ......................................................................... 77 GIS as a Basis for Monitoring System A Multi-scale and Multi-modal Transportation GIS for the City of Guangzhou S. Chen, C. Claramunt, C. Ray, J. Tan ................................................. 95 GIS for Profile-Based Context Formation in Situation Management A. Smirnov, N. Shilov, T. Levashova, A. Kashevnik............................ 113 vii

viii

Table of Contents

Immunocomputing for Geoinformation Fusion and Forecast A. Tarakanov ...................................................................................... 125 Ontologies and Programming Technologies for GIS and GIS Application A Model-driven Approach for Designing Adaptive Web GIS Interfaces M. Angelaccio, A. D’Ambrogio, A. Krek ............................................ 137 Semantic Similarity Applied to Geomorphometric Analysis of Digital Elevation Models M. Moreno-Ibarra, S. Levachkine, M. Torres, R. Quintero, G. Guzman .......................................................................................... 149 Dynamic Models of Geographic Environment Using Ontological Relations M. Martinez, S. Levachkine ................................................................ 165 Geospatial Information Integration Approach Based on Geographic Context Ontologies M. Torres, R. Quintero, S. Levachkine, M. Moreno, G. Guzman ....... 177 An Approach to Comparing Different Ontologies in the Context of Hydrographical Information L. M. Vilches-Blazquez, J. A. Ramos, F. J. Lopez-Pellicer, O. Corcho, J. Nogueras-Iso................................................................ 193 A Web-Service Approach for Multisensor Data Fusion and Geographic Information Systems M. C. Florea, N. Duclos-Hindie, E. Bosse, P. Valin .......................... 209 Monitoring of Terrorist Threat Based on GIS Theoretical Investigation of Terrorism. Ontology Development P. Galjano, V. Popovich ..................................................................... 227 Terrorists: Statistical Profile V. Osipov, Y. Ivakin ............................................................................ 241

Table of Contents

ix

Geographical Information System for Analysis of Critical Infrastructures and their Hazards due to Terrorism, Man-Originated Catastrophes and Natural Disasters for the City of Gdansk M. Kulawiak, Z. Lubniewski, K. Bikonis, A. Stepnowski .................... 251 Maritime GIS IGIS Capabilities Application to Controlling Polystatic Detection Systems Ensuring Security of Marine Economic Activity V. Ermolaev, S. Kozlovskiy, A. Makshanov ........................................ 265 Real-time Web-based GIS for Analysis, Visualization, and Integration of Marine Environment Data J. Dabrowski, M. Kulawiak, M. Moszynski, K. Bruniecki, L. Kaminski, A. Chybicki, A. Stepnowski ............................................ 277 On Optimizing Search Efforts (Area Effectively Swept) Allocation in the Course of Search and Rescue Operations A. Makshanov, V. Ermolaev ............................................................... 289 Information Assurance and Protection in GIS Design of Entrusting Protocols for Software Protection V. Desnitsky, I. Kotenko...................................................................... 301 Vector Finite Groups as Primitives for Fast Digital Signature Algorithms N. Moldovyan, A. Moldovyan ............................................................. 317 Multisignature Protocols and Problem of Simultaneous Signing a Package of Contracts P. Moldovyanu, E. Dernova, A. Kostina, N. Moldovyan .................... 331 Integrated Usage of Data Mining Methods for Malware Detection D. Komashinskiy, I. Kotenko .............................................................. 343 Schemes for Data and User Authentication in Distributed GIS S. Shtanko, A. Pankin......................................................................... 359 Author Index ............................................................................... 370

Organization

Workshop Charmen General Chairman

Rafael M. Yusupov

St. Petersburg Institute for Informatics and Automation, Russia

Program Committee Chairman

Vasily V. Popovich Manfred Schrenk Christophe Claramunt Kyrill Korolenko

St. Petersburg Institute for Informatics and Automation, Russia MULTIMEDIAPLAN.AT, Vienna, Austria Naval Academy Research Institute Lanveoc-Poulmic, Brest Naval, France NAVSEA, Newport, USA

xi

xii

Organization

Program Committee Andrienko Gennady Axberg Stefan Badard Thierry Bertolotto Michela Billen Roland Breunig Martin Carswell James D. Engelke Dirk Guibert Eric Hovanov Nikolay Huang Bo Jakobson Gabriel Jiang Bin Krek Alenka Kotenko Igor Kokar Mieczyslaw M. Moldovyan Nikolay Prisyagnuk Sergei Peytchev Evtim Rimashevsky Adam Rodionov Anatoly Smirnov Alexander Sokolov Boris Tarakanov Alexander Tomko Martin Vasyukov Vladimir Zykov Grigory

(Fraunhofer Institute IAIS, Germany) (Swedish National Defense College, Stockholm, Sweden) (University Laval, Quebec, Canada) (School of Computer Science and Informatics, University College Dublin, Ireland) (University of Liege, Belgium) (Research Centre for Geoinformatics and Remote Sensing, University of Osnabrueck, Germany) (Spatial Scientist Digital Media Centre Dublin Institute of Technology, Ireland) (Spatial Planning, member of pakora.net) (Hong Kong Polytechnic) (St. Petersburg State University, Russia) (Department of Geomatics Engineering University of Calgary, Canada) (altusys, Boston, USA) (Division of Geomatics Department of Technology and Build Environment University of Gävle, Gävle, Sweden) (HafenCity University Hamburg Institute for Urban, Regional and Environmental Planning, Germany) (St. Petersburg Institute for Informatics and Automation, Russia) (Northeastern University, Boston, USA) (SPECTR, St. Petersburg, Russia) (Institute of Telecommunications. St. Petersburg, Russia) (The Nottingham Trent University, UK) (VADM, Russian Navy) (RAS, St. Petersburg, Russia) (St. Petersburg Institute for Informatics and Automation, Russia) (St. Petersburg Institute for Informatics and Automation, Russia) (St. Petersburg Institute for Informatics and Automation, Russia) University of Zurich, Switzerland (RADM, Russian Navy) (Naval Academy, St. Petersburg, Russia)

Organization

xiii

Reviewers Andrienko Gennady Axberg Stefan Badard Thierry Bertolotto Michela Billen Roland Breunig Martin Carswell James D. Guibert Eric Hovanov Nikolay Huang Bo Jakobson Gabriel Jiang Bin Krek Alenka Kotenko Igor Moldovyan Nikolay Prisyagnuk Sergei Peytchev Evtim Smirnov Alexander Sokolov Boris Tarakanov Alexander Tomko Martin

(Fraunhofer Institute IAIS, Germany) (Swedish National Defense College, Stockholm, Sweden) (University Laval, Quebec, Canada) (School of Computer Science and Informatics, University College Dublin, Ireland) (University of Liege, Belgium) (Research Centre for Geoinformatics and Remote Sensing, University of Osnabrueck, Germany) (Spatial Scientist Digital Media Centre Dublin Institute of Technology, Ireland) (Hong Kong Polytechnic) (St. Petersburg State University, Russia) (Department of Geomatics Engineering University of Calgary, Canada) (altusys, Boston, USA) (Division of Geomatics Department of Technology and Build Environment University of Gävle, Gävle, Sweden) (HafenCity University Hamburg Institute for Urban, Regional and Environmental Planning, Germany) (St. Petersburg Institute for Informatics and Automation, Russia) (SPECTR, St. Petersburg, Russia) (Institute of Telecommunications. St. Petersburg, Russia) (The Nottingham Trent University, UK) (St. Petersburg Institute for Informatics and Automation, Russia) (St. Petersburg Institute for Informatics and Automation, Russia) (St. Petersburg Institute for Informatics and Automation, Russia) University of Zurich, Switzerland

Visual Analytics for Geographic Analysis, Exemplified by Different Types of Movement Data

Gennady Andrienko and Natalia Andrienko Fraunhofer Institute for Intelligent Analysis and Information Systems IAIS, Schloss Birlinghoven, 53754 Sankt Augustin, Germany

Abstract. Visual analytics is introduced in the sense of a new research discipline defined as the science of analytical reasoning facilitated by interactive visual interfaces. Visual analytics combines automated analysis techniques with interactive visualizations so as to extend the perceptual and cognitive abilities of humans and enable them to extract useful information and derive knowledge from large and complex data, and to solve complex problems. In particular, data and problems involving geospatial components are inherently complex and therefore call for visual analytics approaches. The problems of analyzing data about movement of various discrete objects in geographical space are discussed in detail. The paper considers three types of movement data: data describing movements of a single entity during a long time period, data about simultaneous movements of multiple unrelated entities, and data about simultaneous movements of multiple related entities. The pertinent analysis tasks significantly differ for these types of data. For each type of data, the visual analytics techniques and tools lately developed by the authors are briefly described.

1 Visual Analytics The concept and research discipline of visual analytics emerged in response to the grand challenge posed by the overwhelming and rapidly V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_1, © Springer-Verlag Berlin Heidelberg 2009

3

4

G. Andrienko, N. Andrienko

growing amounts of data and information from numerous sources. This includes such diverse types of data as texts (documents, news, Web pages, email, etc.), databases (corporate, government, scientific, etc.), images and video (satellite and aerial images, security observation, traffic monitoring, etc.), sensor measurements (environment, medicine, manufacturing, etc.), and other. People need to make sense from these oceans of heterogeneous data in order to make right and timely decisions. The information may be disparate, incomplete, inconsistent, or dynamically changing. Among the massive bodies of data, relevant information content may be hidden in a few nuggets. A real challenge is to support the analyst in: – – –

Distilling the relevant nuggets of information from disparate information streams Understanding the connections among relevant information Gaining insight from data.

However, current technologies cannot support the scale and complexity of the growing analytical challenge. On the one hand, purely automatic analysis procedures work only for well-defined problems whereas most of the realworld problems are ill-defined. Such problems can only be solved with the participation of human analysts applying their creative and versatile thinking, imagination, multifaceted knowledge and experience, as well as common sense. On the other hand, while the computer performance grows rapidly, the basic human skills and abilities do not change significantly. There are fundamental limits, which are being asymptotically approached. This means that large-scale problems have to be reduced to a scale that humans can comprehend and act on. Hence, the advances in the computer technology in themselves are insufficient. Moreover, they are doomed to be under-utilized unless principally new solutions are found which fundamentally improve the division of labor between humans and machines so that the computational power could amplify the human perceptual and cognitive capabilities. Finding such new solutions is the task of visual analytics. The term “Visual Analytics” stresses the key role of visual representations as the most effective means to convey information to the human mind and prompt human cognition and reasoning. As stated in [11], “An estimated 50% of the brain’s neurons are associated with vision. Visualization <…> aims to put that neurological machinery to work.” Visual analytics is defined as the science of analytical reasoning facilitated by interactive visual interfaces [13]. Visual analytics combines automated analysis techniques with interactive visualizations so as to extend the perceptual and cognitive abilities of humans and enable them to:

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data – – – –

5

Synthesize information and derive insight from massive, dynamic, ambiguous, and often conflicting data Detect the expected and discover the unexpected Provide timely, defensible, and understandable assessments Communicate assessment effectively for action.

Data and problems involving geographical components are an appropriate target for visual analytics [3].

2 Geographic Analysis Geographic analysis, or spatial analysis, explicitly takes into account the spatial localization of the phenomenon under study, and various spatial relationships between components of the phenomenon and between the phenomenon and its environment. Geospatial data are typically massive and complex, as a consequence of the inherent complexity and heterogeneity of the geographical space [2]. Geospatial data need to be treated in specific ways taking into account the particular features of the geographical space, such as spatial autocorrelation, anisotropy, and scale dependence. As the heterogeneity of the space and the variety of properties and relationships occurring within it cannot be adequately represented in a machine-oriented form for fully automatic processing, the geographic analysis relies heavily upon the human analyst’s sense of the space and place, tacit knowledge of their inherent properties and relationships, and space/place-related experiences. These are incorporated into the analysis through the use of an appropriate human-oriented (i.e., visual) representation of the geographical space that serves as an adequate model of reality. However, the size and complexity of the data and problems require combining visualization with computational analysis methods, database queries, data transformations, and other computer-based operations. The goal is to create visual analytics environments for synergetic work of humans and computers where the computational power amplifies the human abilities and is, in turn, directed by human background knowledge and insights gained.

3 An Application: Analysis of Movement in Geographical Space Thanks to the recent progress in positioning and tracking technologies, the data about various mobile objects or agents are currently collected in

6

G. Andrienko, N. Andrienko

growing amounts. Analysis of such data can yield valuable knowledge about the behaviors of the moving objects and about the environment in which they move. Traditional approaches to visualization and interactive exploration of movement data, such as animated maps [6] or interactive space–time cubes [9, 10], cannot cope with the large amounts of now available movement data. There is a pressing need in appropriate visual analytics methods for movement data. Development of such methods has been a major topic in our recent research. Several example datasets with real movement data of different types have been used: – – –

Data describing movements of a single entity during a long time period Data about simultaneous movements of multiple unrelated entities Data about simultaneous movements of multiple related entities.

It has been found out that the pertinent analysis tasks significantly differ for these types of data, as shown in Table 1. Table 1. Types of movement data and related analysis tasks Data Movements of a single entity Movements of multiple unrelated entities

Movements of multiple related entities

Analysis tasks Analysis of the entity’s behavior: significant places, times and durations of the visits to different places, typical trips, times and durations of the trips, deviations and their reasons (1) Studies of space use, accessibility, permeability, connectivity, major flows, typical routes between places (2) Studies of emerging patterns of collective movement: concentration/dispersion, convergence/divergence, propagation of movement characteristics, etc. Studies of relative movements (approaching, encountering, following, evading, etc.) and interactions between the entities

Due to the difference of the analysis tasks, each type of data requires its own analytical procedures. However, some analytical techniques may be applicable to more than one type of movement data. Let us consider examples of the three aforementioned types of movement data and the possible analyses performed with the use of visual analytics techniques.

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data

7

3.1 Analysis of a Single Entity Movement One of the example datasets that has been used includes positions of a private car that has been GPS-tracked for almost a year. The data have been voluntarily provided by the car owner. An important task in the analysis of individual movement behavior is an extraction of significant places of the moving agent. In case of data about a person, these are the places like home, work, shops, school(s), and/or kindergarten(s) attended by the person’s child or children, homes of the person’s friends and relatives, etc. Significance of a place is indicated by considerable amounts of time spent there and/or repeated visits to this place. Hence, in order to discover the significant places of some moving agent, one should extract the stops, i.e., the time intervals when the agent did not move, and the corresponding spatial positions. This can be done by means of database queries. Then spatial clustering can be applied to the extracted positions of the stops to find the places of repeated stops. To interpret the places, it is useful to take into account the typical times and durations of the stops occurring in these places. Thus, to discover and interpret the significant places of the car owner, first, the positions of the stops lasting three or more hours have been extracted and the spatial clustering tool, that produced two major clusters, was applied. The distribution of the stop times over the days of a week and the hours of a day has been visualized by means of segmented histograms with the segments corresponding to the clusters (Fig. 1). Figure 1 shows that the stops of cluster 1 (grey) occur on all days of the week and the stops of cluster 2 (black) occur from day 1 to day 5, i.e., from Monday to Friday. Figure 1 shows that the stops of cluster 1 occur mostly in the second half of the day; the maximum occurrences are from 1900 to 2000 hours. The stops of cluster 2 occur mostly in the morning hours. (A) 53

(B) 63 50

25

25

1

7

0

23

Fig. 1 The temporal histograms show the weekly (A) and daily (B) distributions of the personal car’s stops that lasted three or more hours

8

G. Andrienko, N. Andrienko

Such a distribution proves that cluster 1 is located near the person’s home and cluster 2 is near the person’s work. In a similar way, the places of shorter visits [4] were extracted, analyzed, and interpreted. In particular, in order to find the places of the person’s shopping, the interactive filtering was applied to consider separately the times of visits on week-days and at weekends. The next group of analysis tasks deals with the trips, described by the sequences of recorded positions between the stops. To discover the typical trips, the spatial clustering tool, using appropriate distance functions measuring the degree of similarity between two position sequences, was applied. The cluster analysis is supported by an interactive visual interface, which allows the analyst to interpret the results of the clustering and to direct the work of the clustering tool. Figures 2–4 demonstrate examples of findings resulting from the trip analysis. Figure 2 presents three alternative routes from work to home that have been discovered by clustering the trips according to the routes’ similarity. The clusters of trips are shown on a map in a summarized form. The three selected clusters are shown in orange, blue, and purple colors. Dark grey indicates common parts of two or more routes. The frequency histogram of the trip durations in Fig. 3 shows that the “orange” route typically takes much less time than the other two, what may mean that the person makes intermediate stops on the “blue” and “purple” routes. In Fig. 4, the graduated circles represent the mean times spent in different places along the routes. The two biggest circles are located in two shopping areas that have been previously detected among the other significant places of the person. More details about the trip analysis can be found in [4].

Fig. 2 Three different routes from work to home

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data

9

As can be seen from these examples, aggregation and summarization are used in the analysis of large amounts of data, even when the data describe the movement of just a single entity. The use of aggregation and summarization becomes indispensable when it comes to analyzing the movement of hundreds or thousands of entities. Thus, one of the datasets used in this research contains over two million records collected by GPStracking of 17,241 cars in Milan (Italy) during one week (the data have been kindly provided by the Municipality of Milan to be used within the project GeoPKDD). 42

30

20

10

Fig. 3 The frequency histogram of the trip durations. The colored segments correspond to the clusters of trips shown in Fig. 2

Fig. 4 The graduated circles show the mean times spent in different places along the three selected routes

10

G. Andrienko, N. Andrienko

3.2 Analysis of Multiple Unrelated Entities’ Movements To approach the subject in a systematic way, a decision was made to introduce a formal model of collective movement of multiple entities as function μ : E × T → S where E is the set of moving entities, T (time) is the continuous set of time moments and S (space) is the set of all possible positions [5, 7]. As a function of two independent variables, μ can be viewed in two complementary ways: – {μ e : T → S e ∈ E}, where each function μ e : T → S describes the movement of a single entity. We call the function μ e the trajectory of the entity e . The decomposition of μ into a set of μ e may thus be called trajectory-oriented view; – {μt : T → S t ∈ T }, where each function μt : E → S describes the spatial positions (and, possibly, additional attributes) of all entities at a time moment t . We call the function μt the traffic situation on the moment t (the term “traffic” is used in an abstract sense and may be applied to any kind of entities). The decomposition of μ into a set of μt may be called traffic-oriented view. Hence, in the trajectory-oriented view, the movement is seen as a set of trajectories of all entities. In the traffic-oriented view, the movement is seen as a time-ordered sequence of traffic situations. For each of the two views, different methods of aggregation and summarization are appropriate. In the traffic-oriented view, it is necessary to aggregate and summarize traffic situations. These basically consist of points in space and point-related characteristics. Therefore, the aggregation and summarization methods suitable for point data can be applied here. In particular, the points can be aggregated by spatial compartments (e.g., cells of a regular grid), by time intervals, which may be defined according to the linear or cyclical model of time, and by values of movement attributes such as direction and speed. The resulting aggregated data can be visualized by means of animated or static maps with the use of coloring or shading, graduated symbols, diagrams, and non-cartographic displays such as temporal histograms. We particularly suggest two cartographic visualization techniques: mosaic diagrams for the exploration of cyclical patterns in traffic variation (Fig. 5) and directional bar diagrams for the exploration of movements in different directions. These and other methods are described in more detail in [1].

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data

11

Fig. 5 A map with mosaic diagrams

In the trajectory-oriented view, it is necessary to aggregate and summarize trajectories, which are much more complex objects than points. One of the possible approaches is to group trajectories according to the positions of their starts and ends using a previously defined partitioning of the space into areas. The aggregation is done by putting together the trajectories with the starts and the ends fitting in the same areas. The aggregates can be visualized by means of an origin–destination matrix and by a map with vectors (directed lines) varying in their widths and/or colors or shades according to the characteristics of the aggregates. Thus, Fig. 6 demonstrates an origin–destination matrix where the sizes of the graduated squares in the cells are proportional to the numbers of moves between the respective districts of the city during a selected time interval. The matrix can also show other aggregate characteristics of the groups of trajectories, such as the mean (median, minimum, and maximum) travel time or speed of the movement.

12

G. Andrienko, N. Andrienko

Fig. 6 An origin–destination matrix

Another kind of aggregation and summarization is used in combination with clustering of trajectories. The method is based on treating trajectories as sequences of moves between small areas, which are defined automatically using characteristic points of the trajectories, i.e., starts, ends, turns, and stops. The areas are built as circles around clusters of characteristic points from multiple trajectories and around isolated points. The aggregation is done by putting together moves connecting the same areas. To visualize a cluster of trajectories, only the moves from the trajectories of this cluster are aggregated. The aggregated moves are shown on a map by vectors (this aggregation-based visualization method has already been used in Figs. 2 and 4). The visualization can be interactively manipulated. Thus, the user may choose to see only the moves occurring in at least k trajectories, where the parameter k can be dynamically changed (Fig. 7). The visual analytics methods for the analysis of massive data about movements of multiple unrelated entities are described in more detail in [12] (cluster analysis) and [1] (aggregation).

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data

13

Fig. 7 Summarized representation of the major clusters of trajectories from the suburbs of Milan towards the center on Wednesday morning. Only the moves occurring in at least ten trajectories are visible as a result of interactive filtering

3.3 Analysis of Multiple Related Entities’ Movements In analyzing movements of related entities, the analyst may be interested in uncovering the interactions between the entities in the process of their movement. Movement data usually consist of time-stamped position records and do not contain any explicit information about interactions; hence, it is only possible to detect indications of possible interactions. An important indication is spatial proximity between two or more objects at some time moment or during a time interval. The notion of spatial proximity depends of a number of factors; some of them are listed in Table 2.

14

G. Andrienko, N. Andrienko

Table 2. Factors influencing the notion of spatial proximity Factor Type of movement Type of relation in focus (analysis task) Place Time

Factor Walking, cycling, driving, … Possibility to observe, possibility to talk, possibility to touch, … City centre, shopping mall, nature park, highway, … Early morning, rush hours, late evening, night, …

An example dataset requiring the analysis of possible interactions between moving agents was collected by tracking movements of 303 school children while they were playing an outdoor mobile game. According to the rules of the game, the children were supposed to visit various places in a city and answer place-related riddles. The players were organised in competing teams. The goals of the analysis were to find out whether the players cooperated within the teams and whether there were conflicts between members of different teams. Detecting and examining indications of possible interactions between the players may help answer these questions. In the case of a large dataset, possible interactions must be extracted from the data by means of computational techniques. A simple and fast computational method has been developed by the authors for extracting possible interactions from movement data. The user is expected to specify threshold values for the spatial and temporal distances between positions of two objects. The method first searches for pairwise interactions. For each pair of objects, it tries to find respective positions in their trajectories such that the spatial and temporal distances between them are within the given thresholds. For the detection of such positions, the following positions of the trajectories are checked. After extracting the pairwise interactions, the method combines interactions sharing a fragment of a trajectory. Extracted interactions may be visualized on a map and in a space–time cube (Fig. 8) prior to inspection by the analyst. More details about the methods for the extraction, visualization, and interactive examination of possible interactions between moving entities are available in [8]. A major problem encountered in developing methods and tools for the analysis of interactions is the large number of possible interactions that can be extracted from movement data. Thus, hundreds of possible interactions (the exact number depends on the chosen threshold values) can be extracted from the data about the mobile game. This exceeds the capacity of the analyst to inspect and interpret each interaction. Hence, there is a need for automated classification of interactions according to their essential properties. For this purpose, it is necessary to define the essential properties of interactions and the ways of extracting these properties from movement data. This is a topic of further research.

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data

15

Fig. 8 Visual representation of possible interactions between moving entities

4 Conclusion The mission of visual analytics is to help people analyze large and complex data by amplifying their perceptual and cognitive capabilities. For this purpose, visual analytics combines automated analysis techniques with interactive visualizations. Spatial analysis is an important application area for visual analytics. In the above research, the visual analytics methods and tools for analysis of different varieties of movement data were developed by the authors. Three different types of movement data, the major analysis tasks related to these data types, and the appropriate methods, which combine visual representations and interaction techniques with database processing, clustering, computational aggregation and summarization, and other computational techniques, have been considered in this paper. Acknowledgements The work has been done partly within the EU-funded research project GeoPKDD – Geographic Privacy-aware Knowledge Discovery and Delivery (IST-6FP-014915; http://www.geopkdd.eu) and partly within the research

16

G. Andrienko, N. Andrienko

project ViAMoD – Visual Spatiotemporal Pattern Analysis of Movement and Event Data, funded by DFG – Deutsche Forschungsgemeinschaft (German Research Foundation) within the Priority Research Programme “Scalable Visual Analytics” (SPP 1335).

References 1. Andrienko G and Andrienko N (2008) Spatio-temporal aggregation for visual analysis of movements. In: Proceedings of IEEE Symposium on Visual Analytics Science and Technology (VAST 2008), IEEE Computer Society Press, pp 51–58 2. Andrienko G, Andrienko N, Dykes J, Fabrikant S, and Wachowicz M (2008) Geovisualization of dynamics, movement and change: Key issues and developing approaches in visualization research. Inform Visual 7(3/4): 173–180 3. Andrienko G, Andrienko N, Jankowski P, Kraak M-J, Keim D, MacEachren A, and Wrobel S (2007) Geovisual analytics for spatial decision support. Setting the research agenda. Int J Geogr Inform Sci 21(8):839–857 4. Andrienko G, Andrienko N, and Wrobel S (2007) Visual analytics tools for analysis of movement data. ACM SIGKDD Explor 9(2):38–46 5. Andrienko N and Andrienko G (2007) Designing visual analytics methods for massive collections of movement data. J Cartogr 42(2):117–138 6. Andrienko N, Andrienko G, and Gatalsky P (2000) Supporting visual exploration of object movement. In: Gesù VD, Levialdi S, Tarantino L (eds) Proceedings of the Working Conference on Advanced Visual Interfaces AVI 2000, Palermo, Italy, ACM Press, pp 217–220 7. Andrienko N, Andrienko G, Pelekis N, and Spaccapietra S (2008) Basic concepts of movement data. In: Giannotti F, Pedreschi D (eds) Mobility, Data Mining and Privacy – Geographic Knowledge Discovery, Berlin, Springer, pp 15–38 8. Andrienko N, Andrienko G, Wachowicz M, and Orellana D (2008) Uncovering interactions between moving objects. In: Cova TJ, Miller HJ, Beard K, Frank AU, Goodchild MF (eds) GIScience, 5th international conference, Proceedings, pp 16–26 9. Kapler T and Wright W (2005) GeoTime information visualization. J Inform Visual 4(2):136–146 10. Kraak M-J (2003) The space-time cube revisited from a geovisualization perspective. In: Proceedings of the 21st International Cartographic Conference, Durban, South Africa, pp 1988–1995

Visual Analytics Geographic Analysis, Exemplified Different Types Movement Data

17

11. McCormick B, DeFanti T, and Brown M (1987) Definition of visualization. ACM SIGGRAPH Comput Graph 21(6):3 12. Rinzivillo S, Pedreschi D, Nanni M, Giannotti F, Andrienko N, and Andrienko G (2008) Visually-driven analysis of movement data by progressive clustering. Inform Visual 7(3/4):225–239 13. Thomas JJ and Cook KA (2005) Illuminating the Path. IEEE Computer Society

Application of Self-Organizing Maps to the Maritime Environment

Victor J.A.S. Lobo Portuguese Naval Academy, Alfeite, 2810-001 Almada, Portugal, [email protected]

Abstract. Self-Organizing Maps (SOMs), or Kohonen networks, are widely used neural network architecture. This paper starts with a brief overview of how SOMs can be used in different types of problems. A simple and intuitive explanation of how a SOM is trained is provided, together with a formal explanation of the algorithm, and some of the more important parameters are discussed. Finally, an overview of different applications of SOMs in maritime problems is presented. Keywords: Self-organizing maps; SOM; Kohonen networks

1 Introduction Although the term “Self-Organizing Map” has been used to designate a number of different entities, it generally refers to Kohonen’s Self Organizing Map [1], or SOM for short. These maps are also referred to as “Kohonen Neural Networks” [2], “Topological Neural Networks” [3], “Self-organizing Feature Maps (SOFM),” or “Topology preserving feature maps” [1], or some variant of these names. Professor Kohonen worked on auto-associative memory during the 1970s and early 1980s, and presented his SOM algorithm in 1982 [4]. However, it was not until the publication of the second edition of his book “Self-Organization and Associative Memory” in 1988 [5], and his paper named “The Neural Phonetic Typewriter” on IEEE Computer [5] that his V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_2, © Springer-Verlag Berlin Heidelberg 2009

19

20

Victor. J.A.S. Lobo

work became widely known. Since then, there have been many excellent papers and books on SOM, but his 2001 book [1] is generally regarded as the main reference on the subject. This book has had very flattering reviews, presenting a thorough covering of the mathematical background for SOM, its physiological interpretation, the basic SOM, developments, and applications. Although Professor Kohonen has retired, his research group maintains a very good web-site at Helsinki’s Technical University at “http:// www.cis.hut.fi/research.” That site contains public domain software, various manuals, papers, technical reports, and a very thorough and searchable list of papers dealing with SOM (available at “http://www.cis.hut.fi/ research/som-bibl” and containing a total of 7,718 references in December 2008). The som_pak programs, that are available with source code, and the Somtoolbox for Matlab, are of particular interest to anyone wanting to experiment with SOM. We strongly recommend a visit to these sites. Kohonen himself describes SOM as a “visualization and analysis tool for high dimensional data.” These are indeed the two most attractive characteristics of SOM, but, as we shall see, it can be used for many other applications. 1.1 What Can a SOM Do? Despite the simplicity of the SOM algorithm, it can and has been used to perform many different tasks, the most common of which are: 1. Clustering (k-means type clustering): This is probably the most common application of SOM, albeit probably not the best. In this context, the SOM is used as an alternative to k-means clustering [6–8], i.e., given a fixed number k of clusters, the SOM will partition the available data into k different groups. As an example, we may want to divide customers into four different groups according to their characteristics, for marketing purposes. The main advantage of SOM in this case is that it is less prone to local minima than the traditional k-means clustering algorithm, and thus can act as a good initialization algorithm for that method. In fact, it can substitute k-means altogether, for as noted in [9], the final stages of the SOM training algorithm are exactly the same as the k-means algorithm. An extra bonus of the SOM algorithm is that the clusters obtained are topologically ordered, i.e., similar clusters are (usually) grouped together.

Application of Self-Organizing Maps to the Maritime Environment

21

2. Exploratory data analysis and visualization: This is, arguably, the most important application of SOM. In this case, the SOM is used as a nonlinear projection algorithm, mapping n-dimensional data onto a one or two dimensional grid. The SOM can thus be an alternative to PCA projections, principal curves, or multidimensional scaling (MDS) algorithms such as Sammon mappings [10]. Different projection algorithms perform different trade-offs when mapping from high to low dimensions, since in all but the most trivial cases some information will be lost. The main advantage of projecting multidimensional data onto one or two dimensions is that we can easily visualize the data in these dimensions. From this visualization, we can identify outliers (data points that are far from other data), identify data that are similar to a given reference, or generally compare different data. If we project data onto one dimension, we may then plot histograms, and thus identify “natural” clusters of data. A similar result may be obtained with a technique closely related to SOM called U-Matrix [11] that can be extended to visualize what can loosely be interpreted as a twodimensional histogram. 3. Ordering of multidimensional data: This type of application makes use of the topological ordering of the SOM to organize a given set of data vectors according to some criteria. As an example, a 1-dimensional SOM can be used to solve the well-known traveling salesman or related problems [12]. Another interesting use of this ordering capacity of a SOM is to create color palettes from pictures. 4. Supervised data classification: The SOM is not meant to be a classifier, and a related technique called linear vector quantization (LVQ) [1] is best suited for this task. However, just like the centroids obtained by a k-means algorithm, a SOM may also be used to supervise classification by labeling the neurons (or units) with the classes of the data that are mapped to it. 5. Sampling: The units of a SOM have a probability distribution that is a function of the probability distribution of the data used for training. Generally, the SOM will over-represent regions of the input space that have a low density, but that is frequently an advantage since it helps detect outliers and novel data patterns. 6. Feature extraction: Since the SOM performs a mapping from a high-dimensional space to a low dimensional one, it may be used for feature extraction. In the simple case, the new features are simply the coordinates of the mapped data point. This is one of the few cases where SOMs with a dimension greater than two are easy to use. 7. Control and/or data sensitive processing: A SOM can be used to select, based on available data, the best model, controller, or data

22

Victor .J.A.S. Lobo

processor for a given situation. The main idea behind this type of application is that instead of designing a rather complex controller, multiple simple controllers may be used, each one tuned to a particular type of situation. During the training of the SOM the input data are partitioned into various Voronoi regions, and each of these is used to train or define the parameters of a different controller. 8. Data interpolation: When using the SOM to interpolate data, the output space of the SOM will have the same dimension as the input space, but since the units are ordered on a regular grid, that grid provides a locally linear interpolator for the data. Beyond these more typical applications of SOM, there have been many others, and a complete list is not practical or indeed interesting. An example of an unexpected application is the use of SOM to draw cartograms [13].

2 Basic Principles A SOM is single layer neural network. The name neural network, or more correctly artificial neural network, is due to the historical fact that they were originally inspired by the way biological neurons were believed to work. Although this analogy is, generally speaking, still valid, developments in artificial neural networks and in our knowledge of how biological neurons actually work have led many researchers to refer to the basic computing units of artificial neural networks not as “neurons,” but as “units.” In this paper, to stress the difference between the mathematical model of a biological neuron and our computational units, we will follow the more recent conventions, and refer to them simply as “units.” There are also many terms used to designate the data that are used to train the network, or later to use it. In this paper, we will follow the term most used in the pattern recognition community, which is simply “pattern” or “data pattern.” Different communities will call it “sample,” “instance,” “point,” or “entity.” In a SOM, the units are set along an n-dimensional grid. In most applications, this grid is two-dimensional and rectangular, though many applications use hexagonal grids, and one, three, or more dimensional spaces. In this grid, we can define neighborhoods in what we call the output space, as opposed to the input space of the data patterns. Each unit, being an input layer unit, has as many weights or coefficients as the input patterns, and can thus be regarded as a vector in the same space as the patterns. When we train or use a SOM with a given input pattern, we calculate the distance between that pattern and every unit in the

Application of Self-Organizing Maps to the Maritime Environment

23

Output space Grid of SOM units

xn xn1 xn1 xn3 xn1

Input space Input patterns (n-dimensional) and units

z y

x

Output space Grid of SOM units

xn xn1 xn1 xn3 xn1

Input space Input patterns (n-dimensional) and units

z y

x

Output space Grid of SOM units 1.5 1 0.5

Input space Input patterns (n-dimensional), and units

0 -0.5 1.5 1 0.5 0 -0.5 -0.5

0

0.5

1

1.5

Fig. 1 Basic SOM architecture. On the bottom, the input patterns are shown as a four-dimensional vector (left) or three-dimensional point (right). The units are also points in this input space. On the top, the grid of units is shown (left) together with a U-matrix coloring of a SOM

network. We then select the unit that is closest as the winning unit (or best matching unit – BMU), and say that the pattern is mapped onto that unit. If the SOM has been trained successfully, then patterns that are close in the input space will be mapped to units that are close (or the same) in the output space and, hopefully, vice-versa. Thus, SOM is “topology preserving” in the sense that (as far as possible) neighborhoods are preserved through the mapping process. Generally, no matter how much we train the network, there will always be some difference between any given input pattern and the unit it is mapped to. This is a situation identical to vector quantization, where there is some difference between a pattern and its code-book vector representation. This difference is called quantization error, and is used as a measure of how well map units represent the input patterns. We can look at a SOM as a “rubber surface” that is stretched and bent all over the input space, so as to be close to all the training points in that

24

Victor. J.A.S. Lobo

space. In this sense, a SOM is similar to the input layer of a radial basis function neural network (e.g., [14]), a neural gas model [15], or a k-means algorithm. The big difference is that while in these methods there is no notion of “output space” neighborhood (all units are “independent” from each other), in a SOM the units are “tied together” in the output space. It thus imposes an ordering of the units that is not present in the other methods. These ties are equivalent to a strong lateral feedback, common in other competitive learning algorithms. Let us imagine a very simple example, where we have four clusters of three-dimensional training patterns, centered at four of the vertices of the unit cube: (0,0,0), (0,0,1), (1,1,0), and (1,1,1). If we trained a two-dimensional, four node map, we would expect to obtain units centered at those vertices. If we use a larger map, with 16 nodes, for example, we would expect to obtain a map where the units are grouped in clusters of four nodes on each of the vertices (see Fig. 2).

Fig. 2 Left: a 4-unit 2D SOM clustering some vertices of a 3D unit cube. On the far left we can see the units in the input (data) space, and center left in the output (grid) space. Right: a 16-unit SOM clustering the same data

Before training, the units may be initialized randomly. During the first part of training, they are “spread out,” and pulled towards the general area (in the input space) where they will stay. This is usually called the unfolding phase of training. After this phase, the general shape of the network in the input space is defined, and we can then proceed to the fine tuning phase, where we will match the units as far as possible to the input patterns, thus decreasing the quantization error. To visualize the training process, let us follow a two-dimensional to one-dimensional mapping presented in [1]. In this problem, two-dimensional data points are uniformly distributed in a triangle, and a one-dimensional

Application of Self-Organizing Maps to the Maritime Environment

0

20

100

1000

10000

25

25000

Fig. 3 2D to 1D mapping by a SOM, from [1]

SOM is trained with these patterns. Figure 4 represents the evolution of the units in the input space. As training proceeds, the line first unfolds (steps 1–100), and then fine-tunes itself to cover the input space.

3 Description of the Training Algorithm 3.1 The Algorithm Let x k (with k = 1 to the number of training patterns N ) be the ndimensional training patterns. Let wij be the unit in position (i, j ) . Let 0 ≤ α ≤ 1 be the learning rate (sometimes referred to as η), and h (wij , wmn , r ) be the neighborhood function (sometimes referred to as Λ or N c ). This neighborhood function has values in [0,1] and is high for units that are close in the output space, and small (or 0) for units far away. It is usual to select a function that is 1 if wij = wmn , monotonically decreases as the distance in the grid between them increases up to a radius r (called neighborhood radius) and is zero from there onwards. Let wbmu be the best matching unit for a given input pattern. The algorithm for training the network is then: For each input pattern xk : 1. Calculate the distances between the pattern x k and all units wij : d ij = x k − wij .

2. Select the nearest unit wij as best matching unit wbmu = wij : d ij = min (d mn ). 3. Update each unit wij according to the rule wij = wij + α h(wbmu , wij , r ) x k − wij .

4. Repeat the process until a certain stopping criterion is met. Usually, the stopping criterion is a fixed number of iterations. To guarantee convergence and stability of the map, the learning rate α and neighborhood radius r are decreased in each iteration, thus converging to zero.

26

Victor. J.A.S. Lobo

The distance measure between the vectors is usually the Euclidean distance, but many others can and are used, such as norm-based Minkowski metrics, dot products, director cosines, Tanimoto measures, or Hausdorff distances. 3.2 Neighborhood Functions The neighborhood function provides a bond between a unit and its neighbors, and is responsible for the topological ordering of the map. In fact, without this neighborhood function (or when its radius is zero), the SOM training algorithm is exactly the same as the incremental k-means algorithm [6]. The two most common neighborhood functions are the Gaussian and the square (or bubble) functions:

hg ( wij , wmn , r ) = e

2 2 1 ⎛ (i −n ) +( j −m ) − ⎜ r 2⎜ ⎝

⎞ ⎟ ⎟ ⎠

2

,

⎧⎪ 1 ⇐ (i − n) 2 + ( j − m) 2 ≤ r hs ( wij , wmn , r ) = ⎨ 2 2 ⎪⎩0 ⇐ (i − n) + ( j − m) > r.

In both cases, r decreases to 0 or 1 during training. If r → 0 the final quantization error will be minimized, but the topological ordering may be lost, since the algorithm is performing a k-means clustering. On the other hand, forcing r → 1 will preserve the ordering of the units, but the quantization error will not be minimized. Moreover, in this case, there will be a border effect, by which units close to the border will be dragged to the center, and present higher quantization errors. The algorithm is surprisingly robust to changes in the neighborhood function, and our experience is that it will usually converge to approximately the same final map, whatever our choice, providing the radius and learning rate decrease to 0. The Gaussian neighborhood tends to be more reliable (different initializations tend to converge to the same map), while the bubble neighborhood leads to smaller quantization errors, and is computationally much faster. A theoretic discussion of the effect of neighborhood functions (although only for the one-dimensional case) can be found in [17], and a less rigorous but more general one in [18].

Application of Self-Organizing Maps to the Maritime Environment

27

3.3 Other Parameters and Training Options As mentioned before, training is usually done in two phases: the unfolding phase, and the fine-tuning phase. The algorithm is exactly the same in both cases, but while in the first phase the neighborhood radius and learning rate have rather high values (to allow for a general orientation of the map), in the second phase they will have smaller values, to perform only fine adjustments on the unit’s positions. As a rule of thumb, the initial radius for the first phase should be roughly the length of the smaller side of the map, while for the second it should be the radius of the expected size of clusters in the output space. The size of the map will depend a lot on the particular problem at hand and on the data available. If the SOM is to be used as an alternative to k-means, one unit per desired cluster should be used. For that type of application, a one-dimensional SOM will usually provide the best results [9]. For exploratory data analysis, a larger map should be used. These are sometimes called emergent-SOM or ESOM [19]. Depending on the amount and variability of available data, a rule of thumb could be to use one unit for each 4–20 or more data patterns, but in some cases one might use more units than data patterns (to obtain very clear cut U-Matrices). 3.4 U-Matrices U-Matrices were introduced by Ultsch [11] and are one of the most popular and useful ways of visualizing clusters with a SOM. A U-Matrix is obtained by computing the distance in the input space of units that are neighbors in the output space. If these differences are small, it means that the units are close together, and thus there is a cluster of similar data in that region of the input space. On the other hand, if the distances are large, the units are far apart, and there isn’t much data in that region of the input space. The U-Matrix can thus be seen as a sort of extension of an inverted histogram for multidimensional data projected on a lower dimensional space: low values indicate large concentrations of data and high values indicate sparse regions. U-Matrices are usually presented as colorcoded maps: white regions indicate low values (and thus clusters), while dark regions indicate separations between clusters.

28

Victor. J.A.S. Lobo

4 SOM Variants Many different variants of the basic SOM algorithm have been proposed, and a complete review of these is beyond the scope of this paper. Some reviews of these variants have been published [20, 21], and we will overview some of them to show how the basic algorithm can be adapted to different problems. The original SOM algorithm and most of its variants deal with vector data only. Some variants for nonvector data have also been proposed namely the dissimilarity SOM [22], the Kohonen multiple correspondence analysis and the Kohonen algorithm on disjunctive table [23]. For the simpler case of binary valued data, both the original algorithm using 0 and 1 as real numbers and binary variants of SOM produce good results [24, 25]. SOMs have frequently been used to analyze temporal data, such as EEG or Stock Exchange data. In most cases, time can be imbedded into the data vector, and a standard SOM algorithm is used, treating that vector as a simple input pattern. More interesting uses of SOM have been made by changing the learning rule or by changing the topology or structure of the network so as to explicitly take time into consideration. In the former case, the learning rule may, for example, consider only the neighbors of the last BMU as candidates for the next input pattern, or separate the time variable from the rest when computing the similarity. As for changes in topology and structure, some approaches use hierarchical SOMs with different time frames, or include time delay memories in the units. A review of the different ways in which this has been done, together with a proposal for a taxonomy of temporal SOMs, is available in [26]. Geographical information science problems also have a special variable (special location) that should, like time, be treated in a different way. To this end a variant called GeoSOM has been developed [21, 27, 28]. Hierarchical SOMs [29, 30] combine several SOMs to process data at a low level, and then use their outputs as inputs to a high level SOM that fuses the results. In some applications, the notion of output grid is substituted by a more general graph, such as happens in the minimum spanning tree SOM [20], tree-structured SOM [29], or growing cells [31, 32]. The links and concept of output space may even disappear, as happens in the neural gas model [15, 33, 34]. Another important type of variants on the basic SOM algorithm are those that try and overcome the theoretical obstacles raised by the fact that the SOM does not minimize a global energy function. One solution is to

Application of Self-Organizing Maps to the Maritime Environment

29

change the learning rule slightly, as was done in [35]. Another solution is to use a variation of Gaussian mixture models to derive a topologically ordered map, as is done with generative topographic mapping [36]. However, despite the theoretical soundness of these methods, they do not provide significantly better results and are computationally more complex than the original algorithm.

5 Applications in Maritime Environment Given the wide range of capabilities of the SOM there have been many applications of this technique on maritime problems. SOMs have been used quite frequently to cluster and classify satellite images [3, 37–41]. In most cases, the SOM is basically used as a classifier, and each pixel of the satellite image forms a data pattern. When analyzing satellite images, the ground truth (i.e., the real class of a given pixel) is usually established by an expert, and is rather slow, expensive, and prone to errors. Therefore not many classified pixels are available. One advantage of the SOM in this case is that it may be trained with all the data, including nonclassified pixels, and then labeled with only the classified ones. This labeling may then be extended to other units that belong to the same cluster, improving the classification capabilities of the system. Very similar approaches have been made with data that combine satellite images with other data [42], data obtained by radar [43], data obtained by meteorological stations [44], airborne lasers [45], or even data obtained by simulators. The common factor in all these cases is that a two-dimensional map with pixels that are multidimensional vectors is presented to a SOM for clustering and classification. Let us look at one of these in a little more detail, and then overview the problems where these approaches were successfully applied. One application of SOM to satellite images, that concerns reflectance spectra of ocean waters, is presented in [3]. In this case, a 20 × 20 unit probabilistic SOM (or more precisely PSOM) is trained with 43,000 sixdimensional vectors. Each of these corresponds to sampled pixels of a satellite image with five preprocessed frequency bands, and an extra value corresponding to the spatial standard deviation of one of those measurements. A human expert will then label some of the pixels, and these are used to label the SOM units, either directly or indirectly, after these are clustered with a hierarchical clustering algorithm. The authors point out that the method used provides a good overall classification of the data, in part due to the fact that that the probabilistic nature of PSOM allows for a

30

Victor. J.A.S. Lobo

confidence level to be assigned to each classification. The PSOM is also considered useful by showing that a lot of resources are dedicated to separating clouds from other pixels, thus leading to the suggestion that the images be preprocessed to remove these clouds. The author’s main interest is in the characterization of Sahara dust, clouds, and other aerosols present over the ocean, and they do not go into great detail on the parameterization of the PSOM. It could be argued that a nonsquare map would lead to a better stabilization of the training process, and that the use of a U-Matrix would help define larger clusters (instead of using hierarchical clustering), but the authors did not follow that path. The SOM has been used in a similar way (i.e., for clustering and classifying data contained in two-dimensional maps or images), in many applications of environmental science, climatology, geology, and oceanography. These include analyzing sea surface temperature [46–49], plankton [50, 51], ocean current patterns [43, 52], estuary and basin dynamics [53], sediment structure [54], atmospheric pressure [55, 56], wind patterns [39], storm systems [41], the El Niño weather conditions [42], clouds [57], ice [53, 58, 59], rainfall [44, 60, 61], oil spills [45], the influence of ocean conditions in droughts [62], and the relationship between sardine abundance and upwelling phenomena [40]. Data concerning fisheries were analyzed in different perspectives using a SOM in [63]. The use of SOM in this case clearly shows the existence of well-defined changes in fisheries over time, and relationships between different species. A more creative use of SOM in shown in [64], where the SOM is used to segment maps of the seafloor obtained with multibeam sonars. The segmented data is then classified with specialized classifiers for each segment. The SOM is thus used to preprocess the data so that multiple simpler or more precise classifiers can be used to obtain the desired results. Although classical harmonical methods can provide good sea level predictions in most cases, those predictions can have rather large errors in basins, estuaries, or regions where weather conditions have a large influence. In those cases, SOMs have been used to predict sea levels with greater accuracy in [65]. Following an approach common in several problems in robotics [66], the SOM has been used to control an underwater autonomous vehicle (AUV) [67–69]. The basic idea in this type of application is that the SOM receives the sensor inputs, and based on that chooses a unit that will provide the guidance for the AUV. The main advantage of the SOM in this case is that each of the units has a quite simple control law (as opposed to a complicated nonlinear controller), and the topological ordering of the SOM makes it relatively robust to noise in the inputs.

Application of Self-Organizing Maps to the Maritime Environment

31

With the increase in maritime traffic, the consequences of accidents, and the availability of vessel traffic systems (VTS), the automatic detection of anomalous behaviors of ships became a pressing problem. This problem was addressed, in [70], where track data (heading, speed, etc.) from navy exercises was used to train a SOM. Clusters were then identified on that SOM, and both suspicious behavior clusters and outliers were flagged as potential threats. The same problem was tackled in a similar way in [71]. In this case, the emphasis in more on visualization of the data, and on estimating the probability of a given situation occurring in the dataset. Also related to ship trajectories, SOMs have been used to plan patrol trajectories of naval vessels in [72]. The approach followed was basically the one used to solve the traveling salesman problem with a SOM (e.g., [12]). In this case, the geographical locations of “incidents” (accidents and illegal fishing) were used as training patterns, and the trajectory obtained tries to maximize the probability of passing in the area where there were “incidents” in the past. In underwater acoustics, SOMs have been used extensively to analyze passive sonar recordings [73–76]. Although ship noise or transient recognition is basically a supervised task, it is very important to detect novelties, and to relate those novelties to known causes. The SOM can provide this by using large maps which will have many unlabeled units. Additionally, it provides an easy to use and understand interface for the operators. Also concerning fluids, although not directly applied to the maritime environment, an interesting use of SOM is given in [77, 78] for analyzing movement in fluids by tracking particles in suspension. The idea is to use successive images of the fluid for training a map, and then infer the movement by observing how the units change from one step to the next.

6 Conclusions An introduction to how a SOM works and how it can be used has been presented. Despite its simplicity, the SOM can be used for a wide variety of applications. Some of its shortcomings were also pointed out, as well as the main issues that must be taken into consideration when using them. An overview of applications in the marine environment has been given, showing that it has successfully been used in many real maritime problems. I believe that its use in this field is still at a preliminary stage, and more and more powerful uses will be given to SOM. It is frequently used simply for k-means type clustering and supervised classification. While those types of applications are useful, I think that the greatest potential of

32

Victor. J.A.S. Lobo

SOM is its ability to project and visualize multidimensional data. Many authors have criticized clustering through visualization as too subjective for engineering purposes. I would argue that clustering is intrinsically a subjective problem, and that the human eye and judgment are the best tools available for that task. The computer algorithms should only present the data in a suitable way, which is exactly what a SOM does. I also believe that there is still a lot of potential for using SOM in nonlinear control and routing or piping problems aboard ships. As SOMs become more mainstream, and software for their use becomes more widespread, they will probably be used in creative ways in even more problems.

References 1. Kohonen T (2001) Self-Organizing Maps, 3rd ed. Information Sciences. Berlin Heidelberg, Springer 2. Fu L (1994) Neural Networks in Computer Intelligence. Singapore, McGraw Hill 3. Niang A, et al. (2003) Automatic neural classification of ocean color reflectance spectra at the top of the atmosfphere with introduction of expert knowledge. Remote Sens Environ 86:257–271 4. Kohonen T (1982) Clustering, taxonomy, and topological maps of patterns. In: Proceedings of the 6th International Conference on Pattern Recognition 5. Kohonen T (1988) The ‘neural’ phonetic typewriter. Computer 21(3):11–22 6. MacQueen J (1967) Some methods for classification and analysis of multivariate observation. In: 5th Berkeley Symposium on Mathematical Statistics and Probability, University of California Press 7. Loyd SP (1982) Least squares quantization in PCM. Trans Inform Theory 28(2):129–137 8. Selim SZ and Ismail MA (1984) k-Means type algorithms: a generalized convergence theorem and characterization of local optimality. IEEE Trans Pattern Anal Mach Intell 6:81–87 9. Bacao F, Lobo V, and Painho M (2005) Self-organizing maps as substitutes for k-Means clustering. In: Sunderam VS, et al. (eds) Lecture Notes in Computer Science, Berlin Heidelberg, Springer, pp 476–483 10. Sammon JWJ (1969) A nonlinear mapping for data structure analysis. IEEE Trans Comput C-18(5):401–409 11. Ultsch A and Siemon HP (1990) Kohonen’s self-organizing neural networks for exploratory data analysis. In: Intl Neural Network Conf INNC 90, Paris 12. Altinel IK, Aras N, and Oommen BJ (2000) Fast, Efficiente and accurate solutions to the Hamiltonian path problem using neural approaches. Comput Oper Res 27:461–494 13. Henriques R (2006) Cartogram creation using self-organizing maps. In: ISEGI, Lisbon, New University of Lisbon, p 144

Application of Self-Organizing Maps to the Maritime Environment

33

14. Haykin S (1999) Neural Networks: A Comprehensive Foundation. 2 ed 15. Martinetz TM, Berkovich SG, and Schulten KJ (1993) Neural-gas network for vector quantization and its application to time-series prediction. IEEE Trans Neural Networks 4(4):558–569 16. Kohonen T (1995) Self-Organizing Maps, 1st ed. Berlin Heidelberg, Springer 17. Erwin E, Obermeyer K, and Schulten K (1991) Convergence properties of self-organizing maps. In: Kohonen T, et al. (eds) Artificial Neural Networks, Amsterdam, Elsevier, pp 409–414 18. Ritter H, Martinetz TM, and Schulten K (1992) Neural Computation and SelfOrganizing Maps: An Introduction. Reading, MA, Addison-Wesley 19. Ultsch A (2005) Clustering with SOM: U*C. In: WSOM 2005, Paris 20. Kangas JA, Kohonen TK, and Laaksonem JT (1990) Variants of self-organizing maps. IEEE Trans Neural Networks 1(1):93–99 21. Bação F, Lobo V, and Painho M (2005) The self-organizing map, the Geo-SOM, and relevant variants for geosciences. Comput and Geosci 31(2):155–163 22. Ambroise C, et al. (1996) Analyzing dissimilarity matrices via Kohonen maps. In: 5th Conference of the International Federation of Classification Societies (IFCS 1996). Kobe, Japan 23. Cottrell M, Ibbou S, and Letremy P (2004) SOM-based algorithms for qualitative variables. Neural Networks 17(8–9):1149–1167 24. Lobo V, Bandeira N, and Moura-Pires F (1998) Distributed Kohonen networks for passive sonar based classification. In: FUSION 98, Las Vegas, NV, USA 25. Lourenço F, Lobo V, and Bação F (2004) Binary-based similarity measures for categorical data and their application in self-organizing maps. In: JOCLAD 2004, XI Jornadas de Classificação e Análise de Dados, Lisbon 26. Guimarães G, Lobo V, and Moura-Pires F (2002) A taxonomy of self-organizing maps for temporal sequence processing. Intell Data Anal 7(4):269–290 27. Bacao F, Lobo V, and Painho M (2008) Applications of different self-organizing map variants to geographical information science problems. In: Agarwal P, Skupin A (eds) Self-Organizing Maps, Applications in Geographic Information Science, Chichester, Wiley, p 205 28. Bação F, Lobo V, and Painho M (2005) Geo-SOM and its integration with geographic information systems. In: WSOM 05, 5th Workshop On SelfOrganizing Maps, Paris 29. Koikkalainen P and Oja E (1990) Self-organizing hierarchical feature maps. In: International Joint Conference on Neural Networks (IJCNN’90), Washington, DC, USA 30. Kemke C and Wichert A (1993) Hierarchical self-organizing feature maps for speech recognition. In: World Conference on Neural Networks (WCNN’93), Lawrence Erlbaum, Hillsdale 31. Fritzke B (1991) Let it grow – self-organizing feature maps with problem dependent cell structure. In: ICANN-91, Helsinki, Elsevier 32. Fritzke B (1996) Growing self-organizing networks – why? In: ESANN’96 European Symposium on Artificial Neural Networks

34

Victor. J.A.S. Lobo

33. Fritzke B (1995) A growing neural gas network learns topologies, in Advances. In: Tesauro G, Touretzky DS, Leen TK (eds), Neural Information Processing Systems, Cambridge MA, MIT Press, pp 625–632 34. Hammer B, Hasenfuss A, and Villmann T (2007) Magnification control for batch neural gas. Neurocomput 70(7–9):1225–1234 35. Heskes T (1999) Energy functions for self-organizing maps. In: Oja E and Kaski S (eds) Kohonen Maps, Amsterdam, Elsvier pp 303–316 36. Bishop CM, Svensen M, and Williams CKI (1998) GTM: The generative topographic mapping. Neural Comput 10(1):215–234 37. Mather PM, Tso B, and Koch M (1998) An evaluation of Landsat TM spectral data and SAR-derived textural information for lithological discrimination in the Red Sea Hills, Sudan. Int J Remote Sens 19(4):587–604 38. Villmann T, Merenyi E, and Hammer B (2003) Neural maps in remote sensing image analysis. Neural Networks 16(3–4):389–403 39. Richardson AJ, Risien C, and Shillington FA (2003) Using self-organizing maps to identify patterns in satellite imagery. Prog in Oceanogr 59(2–3): 223–239 40. Hardman-Mountford NJ, et al. (2003) Relating sardine recruitment in the Northern Benguela to satellite-derived sea surface height using a neural network pattern recognition approach. Prog in Oceanogr 59(2–3):241–255 41. Parikh JA, et al. (1999) An evolutionary system for recognition and tracking of synoptic-scale storm systems. Pattern Recognit Lett 20(11–13):1389–1396 42. Leloup JA, et al. (2007) Detecting decadal changes in ENSO using neural networks. Clim Dyn 28(2–3):147–162 43. Liu Y, Weisberg RH, and Shay L (2007) Current patterns on the West Florida shelf from joint self-organizing map analyses of HF radar and ADCP data. J Atmos Ocean Technol 24:702–712 44. Cavazos T (2000) Using self-organizing maps to investigate extreme climate events: An application to wintertime precipitation in the Balkans. J Clim 13(10):1718–1732 45. Lin B, et al. (2002) Neural networks in data analysis and modeling for detecting littoral oil-spills by airborne laser fluorosensor remote sensing. In: Conference on Ocean Remote Sensing and Applications, Hangzhou, Peoples Republic of China, Spie-Int Soc Optical Engineering 46. Liu YG, Weisberg RH, and He RY (2006) Sea surface temperature patterns on the West Florida Shelf using growing hierarchical self-organizing maps. J Atmos Ocean Technol 23(2):325–338 47. Liu YG, Weisberg RH, and Yuan YC (2008) Patterns of upper layer circulation variability in the South China Sea from satellite altimetry using the selforganizing map. Acta Oceanol Sin 27:129–144 48. Tozuka T, et al. (2008) Tropical Indian Ocean variability revealed by selforganizing maps. Clim Dyn 31(2–3):333–343 49. Marques NC and Chen N (2003) Border detection on remote sensing satellite data using self-organizing maps. In: 11th Portuguese Conference on Artificial Intelligence, Beja, Portugal; Springer, Berlin

Application of Self-Organizing Maps to the Maritime Environment

35

50. Chazottes A, et al. (2006) Statistical analysis of a database of absorption spectra of phytoplankton and pigment concentrations using self-organizing maps. Appl Opt 45(31):8102–8115 51. Solidoro C, et al. (2007) Understanding dynamic of biogeochemical properties in the northern Adriatic Sea by using self-organizing maps and k-means clustering. J Geophys Res Oceans 112(C7):13 52. Liu YG and Weisberg RH (2005) Patterns of ocean current variability on the West Florida Shelf using the self-organizing map. J Geophys Res Oceans 110(C6):12 53. Reusch DB and Alley RB (2006) Antarctic sea ice: a self-organizing mapbased perspective. In: International Symposium on Cryospheric Indicators of Global Climate Change, Cambridge, England, Int Glaciological Soc 54. Kropp J and Klenke T (1997) Phenomenological pattern recognition in the dynamical structures of tidal sediments from the German Wadden Sea. Ecol Model 103(2–3):151–170 55. Cassano EN, et al. (2006) Classification of synoptic patterns in the western Arctic associated with extreme events at Barrow, Alaska, USA. Clim Res 30(2):83–97 56. Hewitson BC and Crane RG (2002) Self-organizing maps: applications to synoptic climatology. Clim Res 22(1):13–26 57. Kubo M and Muramoto K (2007) Classification of clouds in the Japan Sea area using NOAA AVHRR satellite images and self-organizing map. In: IEEE International Geoscience and Remote Sensing Symposium (IGARSS), Barcelona, Spain 58. Reusch DB, Alley RB, and Hewitson BC (2007) North Atlantic climate variability from a self-organizing map perspective. J Geophys Res Atmos 112(D2):20 59. Fukumi M, et al. (2005) Drift ice detection using a self-organizing neural network. In: 9th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, Melbourne, Australia; Springer, Berlin 60. Uotila P, et al. (2007) Changes in Antarctic net precipitation in the 21st century based on Intergovernmental Panel on Climate Change (IPCC) model scenarios. J Geophys Res Atmos 112(D10):19 61. Chandrasekar V (2004) SOM of space borne precipitation radar rain profiles on global scale. In: IEEE International Geoscience and Remote Sensing Symposium, Anchorage, AK 62. Barros AP and Bowden GJ (2008) Toward long-lead operational forecasts of drought: An experimental study in the Murray-Darling River Basin. J Hydrol 357(3–4):349–367 63. Hyun K, et al. (2005) Using an artificial neural network to patternize longterm fisheries data from South Korea. Aquat Sci 67(3):382–389 64. Chakraborty B, et al. (2003) Application of artificial neural networks to segmentation and classification of topographic profiles of ridge-flank seafloor. Curr Sci 85(3):306–312 65. Ultsch A and Roske F (2002) Self-organizing feature maps predicting sea levels. Inform Sci 144(1–4):91–125

36

Victor. J.A.S. Lobo

66. Barreto GA, Araújo AFR and Ritter HJ (2003) Self-organizing feature maps for modeling and control of robotic manipulators. J Intell Robot Sys 36(4): 407–450 67. Nishida S, et al. (2004) Adaptive learning to environment using selforganizing map and its application for underwater vehicles. In: 4th International Symposium on Underwater Technology, Taipei, Taiwan 68. Ishii K, et al. (2004) A self-organizing map based navigation system for an underwater robot. In: IEEE International Conference on Robotics and Automation, New Orleans, LA 69. Nishida S, et al. (2007) Self-organizing decision-making system for AUV. In: 5th International Symposium on Underwater Technology/5th Workshop on Scientific Use of Submarine Cables and Related Technologies, Tokyo, Japan 70. Patton R, Webb M, and Gaj R (2001) Covert Operations Detection for maritime applications. Can J Remote Sens 27(4):306–319 71. Riveiro M, Falkman G, and Ziemke T (2008) Visual analytics for the detection of anomalous maritime behavior. In: 12th International Conference Information Visualisation 2008, London, England 72. Lobo V and Bacao F (2005) One dimensional self-organizing maps to optimize marine patrol activities. In: Oceans 2005 Europe International Conference, Brest, France 73. Lobo V and Moura-Pires F (1995) Ship noise classification using Kohonen Networks. In: EANN 95, Helsinki, Finland 74. Lobo V, Bandeira N, and Moura-Pires F (1998) Ship recognition using distributed self organizing maps. In: EANN 98, Gibraltar 75. Lobo V (2002) Ship noise classification: a contrinution to prototype based classifier design, In: Departamento de Informatica, Universidade Nova de Lisboa, Lisbon 76. Oliveira PM, et al. (2002) Detection and classification of underwater transients with data driven methods based on time–frequency distributions and non-parametric classifiers. In: MTS/IEEE Oceans’02, Biloxi, Mississipi, USA 77. Labonté G (1998) A SOM neural network that reveals continuous displacement fields. In: IEEE World Congress on Computational Intelligence, Anchorage, AK, USA 78. Ohmia K (2008) SOM-Based particle matching algorithm for 3D particle tracking velocimetry. Appl Math Comput 205(2):890–898

Concept for Corporate Information Systems Development Based on GIS Technologies

Vasily Popovich St. Petersburg Institute for Informatics and Automation of the RAS 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. This paper covers up-to-date paradigms for the construction of complex information systems – corporate information systems. The concept of the corporate information system used here is understood as any information system realizing the hierarchic system for decision-making support. The problem of corporate information systems is considered under three angles: theoretical basics, basic technologies, and general architecture. At that, the geoinformation systems technology is selected as the backbone basis. The material is based on long-term research carried out in SPIIRAS, in terms of both theory and technology. Many ideas formulated in the paper have already been subjected to practical validation and implementation through international research projects and R&D work for various clients. Keywords: Corporate information system; Intelligent GIS; Data harmonization; Integration and fusion

1 Introduction Many information technologies (IT) professionals remember that quite recently a dominating idea was that introducing the modern computer hard- and software into practice would automatically solve any automation related problem. As noted in [5] and many other up-to-date publications, the time of “naïve IT-romanticism” is over. The efficiency of IT application V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_3, © Springer-Verlag Berlin Heidelberg 2009

39

40

V. Popovich

is defined by IT specific influence upon the core activities or businesses either of the advanced companies or of the managerial and technical systems rather than by the existence of advanced techniques and standard software. While not going into historical details of IT development for businesses let us note that an aggregate of research and development offers in the given area can be unified into one concept: corporate information systems (CIS). At present this term is not yet stable, and covers a whole range of issues related to automation of various kinds and scales. In most cases it is understood as the development of ERP class systems, e.g., the R/3 system developed by SAP. This paper proposes the concept based on theoretical and technological developments of SPIIRAS carried out during the last decade and aimed at forming a CIS. CIS is understood as the information support system in corporate management. The CIS allows the control of a certain enterprise or a complex managerial and technical system (hereinafter – Enterprise), covering such steps as concept, decision-making, planning, implementation, control, and analysis of the entire Enterprise activity. The purpose of CIS concept development was to work out the system of views, approaches, and technical solutions incorporating a package of measures that regard the development of information support systems for corporate management and assures a maximal realization of the Enterprise potentials at meeting the Enterprise main task or mission. In the light of the above mission, CIS plays the role of a subsystem supporting an operative and correct decision-making at all management levels. It is well known that the Enterprise management system is specified by a great number of complex heterogeneous components, whose target functioning requires realizing complicated horizontal and vertical relationships. The existing methodologies of the information systems creation do not allow any common project to encompass all the aspects of such a system, and the models being built on the above methodologies turn out to be cumbersome enough to make their apprehension and realization as the final software components quite difficult. Therefore, with the above approach realization the analysis of existing methodologies and technological solutions aimed at the complex information systems development was performed. Also, the best existing theoretical considerations substantiating the methodologies for developing the class of information systems for a large-scale enterprise, corporation, or region were analyzed. The above analysis enabled the singling out of three main constituents for the concept of CIS development.

Concept for Corporate Information Systems Development Based GIS Technologies

41

Firstly, the above scope assumes the development of the CIS theoretical basics. A theoretical basis is a necessary condition for making wellgrounded decisions over the CIS complete life cycle. Basic research allows the maximal realization of the given subject domain experts’ intelligence as well as to competently run the CIS being implemented. Secondly, basic solutions for CIS creation are proposed. Basic solutions are the minimal set of technologies providing the processes’ automation at acquiring, processing, and distributing the information, necessary for making well-grounded managerial decisions concerning the situation in the timescale defined by the tasks’ level (strategical, operational, and tactical) over the complete life cycle of a business process or a management object. And, finally, this is the development of general CIS architecture in the interests of advanced business.

2 CIS Concept: Main Constituents 2.1 CIS Theoretical Basics CIS theoretical basics include scientifically well grounded approaches, mathematical and information models, algorithms, and methods aimed at substantiating the solutions proposed for CIS. The need for developing the CIS theoretical basics has arisen because the existing approaches do not allow for integrally solving the CIS Enterprise-establishing tasks. As the research carried out has shown, the main problem that theoretical basics are called on to solve is the task of processing large bodies of heterogeneous information [1]. The analysis performed of a current status of the components of the Enterprise’s level information systems (IS) showed that the methodology put in the basis of such systems building is targeted first of all at the automation of certain business processes. As a rule, Enterprise IS consists of the autonomous projects aimed at automating some business function. Even if a separate project assumes an information interaction with other projects, it could only be within a specified project and not providing for the existence of general principles of their organization. A typical approach to business process automation is as follows: there appears a need for automation that is documented as the system of requirements based upon the list of expected end results for such automation. Suppose the need for a special form document appears, then for the above document the requirement will govern its content, information sources, creation, and handling regulations. The task of such document forming is

42

V. Popovich

automated and successfully used later on. More and more similar tasks arise in the area of document forming. In due course, more and more such documents appear, thus increasing the demand for automating their exchange and registration. The main requirement for such a system will be a provision of exchange of the said list of documents between users. The realization of this project faces the problem that different documents are formed by different tools. Because of this the necessity arises to create special components supporting the operations with documents of any separate type. Evidently, should all documents be created on similar basic principles it would be much easier to realize such a system. The given example demonstrates the need for the uniform principles and approaches to the Enterprise’s activity automation. To effectively use the available information and to provide for the justified managerial decisions, it is necessary to develop scientifically grounded methodology, enabling information interaction between the system’s heterogeneous components, using general theoretical approaches to information processing. To solve the given problem, it is proposed to use harmonization, integration, and data fusion concept. The realization of this problem assumes the consideration of several tasks: 1. Substantiation and realization of a unified data representation model. The unified data representation model is the model defining properties and status of the system’s components, as well as the interrelations with other components. It is appropriate to realize the unified data representation model by defining basic notions and their relationships (ontology) over relevant subject areas and/or responsibility fields. The unified data representation model will enable: − − − −

Simplifying the mechanism of heterogeneous data processing Increasing the reliability of the used information Minimizing the time of the required data acquisition Managing the enterprise in operative (real time) mode.

2. The development of new systems’ transformation method. The new systems’ transformation method is a harmonization process enabling conversion of new systems’ information models into a unified information conversion process. So, if the need for automating certain business processes has appeared at the Enterprise, the method’s development would enable implementing new subsystems in CIS through the same algorithm without developing special decisions for each separate case. This would also noticeably simplify the introduction of new subsystems in the future.

Concept for Corporate Information Systems Development Based GIS Technologies

43

3. The development of a method aimed at transforming the existing system’s components. The method transforming the existing components is a harmonization process of the systems components’ information models into the unified information representation model. The method provides for the identification (set up a correspondence) of the Enterprise’s ontologies. The development of this method will enable the introduction in CIS of the existing Enterprise’s subsystems, the subsystems’ users are accustomed to, thus avoiding extra expense on the personnel training and retraining. The majority of modern management’s problems involve the “information” matter or notion. A vital need for developing the system of views and the system of technologies aimed at solving urgent problems and tasks related to the notion of information has appeared. At the conceptual level and in accordance with advanced tendencies propagated within the information community, it is reasonable to single out three levels or three procedures of information processing (operating) [2]: − − −

Information harmonization Information integration Information fusion.

The history of the information notion goes back to the rise of mankind. The given notion is so versatile and sophisticated that only some theoretical and/or applied aspects could be discussed. Considerable interest in the notions of information and data arose at the appearance of GIS. Perhaps the GIS developers were the first who were faced with the problems of using the heterogeneous and rather bulky information on real or close to real time scales. GIS technologies have appeared quite recently, just several decades ago, and formed a series of urgent and important tasks in data and information processing. Disregarding the fact that a big difference exists between the notions of data and information in this paper, the above distinction will not be underlined because the general mechanisms of their processing are practically identical. The potential mechanisms are reduced to three relatively independent leads: harmonization, integration, and fusion. 2.1.1 Data Harmonization

The given process assumes the definition of basic notions and their relationships (ontology) over respective subject and/or responsibility areas. For instance, division can be performed over the existing areas of knowledge: management, planning, resource distribution, etc. The information harmonization solves the following main tasks:

44

V. Popovich − − −

Providing access to possibly greater numbers of primary information sources Enabling information transforming into user friendly form (decodings, recognition, translation, …) Providing access to existing information resources.

In a wide sense, the harmonization can be interpreted as data standardization. In the interests of CIS the following examples of information sources could be generally suggested: − − − − − −

Nonformalized information (regular text, bitmapped graphics, photos, etc.) Formalized information (e.g., in XML format) Formalized measurement results (text or digital form) Various formats of databases Cartographical information in specialized formats Media information in various specialized formats.

Graphically, the information harmonization can be illustrated by Fig. 1. Information Source

Information Consumers

Executive Component

User 1 Source 1 X1 h1 := X1

{H} User 2

Source 2 X2

h2 := X2

Source N

User M

Xn hn := Xn

Fig. 1 Data harmonization

Concept for Corporate Information Systems Development Based GIS Technologies

45

As a rule, an access to each information source is realized by different protocols, methods, and/or mechanisms. The access to Internet/Intranet resources, databases, GPS, GSM-data, archives, analytics, and others can serve as an example. The heart of harmonization is in the realization of understandable data access principles and mechanisms, their unifying, and reducing the types’ number. The World Meteorological Organization (WMO) codes can be given as an example. Currently, the main part of the data is sent out in the form of facsimile telegrams; that greatly hampers the data processing as well as their further use. At present, WMO is converting all data into a unified XML format that considerably simplifies dealing with such data. Orientation of harmonization result to a great number of consumers is a distinctive feature of the information harmonization process. As pointed out in [4], information harmonization is a much more general problem than CIS. For instance, the information about the environment is essentially important in regional, national, European, and global contexts. In the first place it determined by: −

− − −

Global monitoring of the Earth’s surface, natural resources, and other data to be processed and realized in accordance with the Kyoto Protocol Environmental policy in Europe, including environment protection, urban development, protection from natural cataclysms Threat of harmful emissions, geographical hazards and technological risks International cooperation, security policy implemented through developing the maps, and systems for decision-making support.

The development of regional, national, European, or global spatial data infrastructure puts in a claim for information accessibility and exchange. From this follows the demand for standardization and respective technologies’ development. The actual state of affairs brings up the issue of information accessibility for various communities, thus stimulating the efforts in data harmonization through the development of the common data geomodel. Development of the common data geomodel will allow users to access various data sources and use various kinds of software in their own interests. The European geoinformation community has posed a problem of establishing an open body that would coordinate efforts in information harmonization. By the initiative of the British Geological Survey (BGS) and the Geological Survey of Canada (GSC), a meeting took place in Edinburgh in

46

V. Popovich

November 2003. The representatives of 15 geological agencies from various countries and continents (Europe, America, Asia, Australia) participated in the meeting, and a working group was formed to develop a data model. The above group functions under the auspices of the Commission for the Management and Application of Geoscience Information (CGI); this is a new commission of the International Union of Geological Sciences (IUGS). The working group has established three subgroups: “Conceptual Model/ Interchange,” “Testbed,” and “Classification Requirements.” In 1998 in Germany, a governmental commission, IMAGI (Interministerial Committee for Geo Information), was formed to develop and implement the German National Spatial Database (Geodateninfrastruktur Deuschland: GDI-DE). The main objective of the database being developed is to harmonize and present the necessary geodata by requests via Internet. Today, the following standards can be underlined in the interests of GIS: 1. Open GIS Consortium, GML, ISO standards. 2. ESRI Marine Data Model. 3. OGC Reference Model. 4. Open GIS specifications. Unfortunately, no such common standards exist for CIS, and this is conditioned by the specific nature of each enterprise or enterprises’ system business. Information harmonization supposes the solving the series of tasks, whose totality can be divided into the following groups: 1. Organizational tasks, requiring to define data sources and consumers, data acquisition systems, and user information awareness. 2. Technical tasks. Realizing the protocols and standards by software and technical methods, and data access. 3. Legal issues. Development of license agreements, copyright, data statuses, common information sharing, arranging for security, copying, and intellectual property protection. 4. Economic and social aspects. Providing for various jobs’ funding and assessing the cost of information and services rendered. Definition of information market size and cost, as well as the profit made and its distribution. 2.1.2 Data Integration

Data integration is understood as data fusion (access to information resources) aimed at solving current tasks (modeling) (Fig. 2). Integration inevitably leads to an increase of data bodies. As a rule, it is stipulated by a

Concept for Corporate Information Systems Development Based GIS Technologies

47

Fig. 2 Data integration

need to operate large data bodies in real time. Integration is performed for the sake of solving a relatively narrow range of tasks. Various formats can serve as the integration examples. For GIS, they are S 57, VPF, and some other specialized formats. By means of these formats, information is represented in a certain form, as structured data arrays. The designation of such data arrays is solving a certain range of tasks. For example, data in the S 57 format are meant for providing the navigation safety in the set region. The SXF data provide for solving the topographic tasks within the Russian Federation. At present, a tendency to develop complex, distributed data arrays based on the XML technology can be observed. OWL (Web Ontology Language) language is the basis of such technology. Access to the data is performed by using different mechanisms and depends on several factors: − −

Required data processing speed (real time or with a certain delay) A need for large data bodies parallel processing and/or visualization.

Depending on the above factors, access is provided directly in the same format the data are stored in. However, an intermediate data transformation is often required. Such need appears, as a rule, in data visualization systems. It is stipulated by the technical constraints of graphic stations and by the performance of the network and/or processors.

48

V. Popovich

A distinguishing feature of information integration is that the result is aimed at solving a definite class of tasks. 2.1.3 Data Fusion

Gaining qualitatively new information (information body reduction) is the most complicated and poorly studied phase of data transformation and, as a rule, requires an analytical in-depth study of the subject area. In essence, the information fusion is shown in Fig. 3. The information fusion diagram for the monitoring systems, intended for various purposes, is given as an example in Fig. 4. The given figure shows a hierarchic, from bottom to top, change of the information quality. If it is taken into account that monitoring systems are complex and spatially distributed the data fusion

Fig. 3 Data fusion

Concept for Corporate Information Systems Development Based GIS Technologies

49

Fig. 4 Data fusion in monitoring systems

idea becomes evident. Such a complex system simply cannot function without this mechanism. A distinctive feature of information fusion process is gaining new quality of information and reduction of its body. The levels marked in Fig. 4 [1] are qualitative leaps in information representation. In this case, Hegel’s principle of a transition from quantity to quality is illustrated. However, the nuance here is that no universal mechanisms exist capable of such qualitative transformations. This is rather a whole system of special research, including quite a number of scientific leads. A data fusion system for monitoring systems shown in Fig. 4 can also be applied in the interests of medium and big business. 2.2 Base Technologies for CIS Realization To increase the feasibility of developing various CIS components it is necessary to use software solutions aimed at performing standard tasks appearing in the course of the Enterprise business processes automation, and to develop on their basis applied technical solutions intended for various purposes and scales. SPIIRAS formalizes such solutions as the following basic technologies for CIS developing: − − − − − −

Intelligent geoinformation system (IGIS) System of ontologies Expert system System of documents’ transform System of calculation models Simulation and modeling system.

50

V. Popovich

The largest part of the tasks facing the society’s different managerial structures is related to spatial data processing. To solve such tasks, the implementation of intelligent geoinformation operating with spatial data is proposed. Intelligent GIS, except for standard functions, possesses the following specific properties: −

− −

−

− −

Support of distributivity and multi-platforming (in particular, on the basis of J2EE technology application), thus providing for the CIS flexibility at using various platforms stipulating software independence of the operating system Multi-level architecture: allows for making complex hybrid information solutions Application of DBMS and other heterogeneous data sources: enables the completeness of the required information at its acquisition from different sources Application of subject area ontologies: enables information structuring to the required level and stores full information avoiding its redundancy Application of expert systems: provides for implementing the intelligent support for making the managerial decisions Application of Web-services and complete support of the SOA concept: realizes the concept of creating “thin” clients.

The system of ontologies is one more basic technology. The ontology is understood as a detailed formalized specification of the structure in a definite subject area. The ontology’s structure is constructed to meet the requirements of the notion’s unity, completeness, and consistency. The ontology is a formal evidence description of notions within the considered subject areas of classes, each class properties describing different properties. The ontology along with a set of classes’ individual instances forms an information basis. Classes are at the centre of ontology. Classes describe notions in the subject area. Properties describe different characteristics of classes and their instances. The system of ontologies is the main information basis of CIS functioning. Use of the ontology provides for a truly unified information space for all CIS constituents. An ontology constituent should provide for realizing the following capabilities: 1. A real world object combines the properties’ multitude: however, each ontology stores a definite set of information about the object, from the point of view of a definite subsystem. Therefore, to obtain the necessary information, it is required to use the multiple inheritance mechanism.

Concept for Corporate Information Systems Development Based GIS Technologies

51

2. One of the functions supported by CIS is a capability of restoring the system’s state at a certain instant of time. For this purpose, a history of object properties is saved. For efficient realization of status saving and data processing optimization, the partitioning of object constant and varying data is provided for. 3. Different participants of business processes at decision-making have a need for different information about CIS objects. Thus, the participants can be divided into groups based on their significant information. Therefore, the ontology is capable of filtering the information for different user groups. Another basic technology is the expert system (Fig. 5) included in intelligent GIS as a component supporting the decision-making. The expert system, being part of GIS, solves the following tasks: − −

The task, classical for expert systems, to work out recommendations for decision making The less traditional for expert systems task is a modeling process control, including control of object functioning and reaction to events at the upper management level.

Fig. 5 Example of decision-making support process

52

V. Popovich

The expert decision-making support system enables the representation of all knowledge in the subject area that is necessary for modeling the complex spatial processes. Based upon visual tools providing for a high degree of visualization and control, the expert system is developed as an object-based ontology and rules for the expert systems. This system generates recommendations for decision making, performs an assessment of the decisions made, control of processes and their participants’ actions, and also other types of analysis based on the rules of the expert systems knowledge base. The transform system is intended for the unified representation and information exchange between different CIS subsystems, as well as for an information exchange with external sources. It enables the representation of electronic documents as the aggregate of objects and their links. The documents transform system realizes the following functions: − − − −

Conversion of verbal information into an object one, in particular, from Microsoft Office and Open Office documents Integration of document management tools into a geoinformation system Displaying the objects described in a verbal document on an electronic map Information transfer control.

Each document can be regarded in the document transform system as a separate information flow with its model for data representation. The component’s task is to transform the information contained in the documents into a type of the corresponding ontology. The system for the documents’ transform functionally supplements the existing workflow systems. The existing workflow systems copy the traditional workflow, resulting in duplication, loss of simplicity, and increase in the personnel involved rather than in perfecting the paper workflow. The proposed system of the document content is regarded as an information array with a certain structure. The information is transformed through a respective adapter in the mediator of the ontology system into the information perceived by other system’s components. The workflow system becomes the data source for the system of the subject area ontologies. One more basic technology is the complex system of calculation models (Fig. 6) representing a system of mathematical libraries for a model support of decision making and business processes’ management. The system of calculation models possesses the following properties: − −

To be easily extended for newly appearing task solving To provide a user with the list of realized functions, grouped by subjects and sections, and their mathematical formulae

Concept for Corporate Information Systems Development Based GIS Technologies

53

Fig. 6 Variant of calculation models’ system realization − −

To perform the selected function To make the system possible to extended by a user or a developer upon the user’s order.

Also, one of the basic technologies is a system for simulation and modeling intended for modeling the complex business processes with an objective of advanced assessment of their efficiency. Systems of scenarios form the basis of this system. Scenarios are based upon specialized ontology, realizing the rules of relations, behavior, and various actions. The system for simulation and modeling provides for the requirements specified by the Enterprise management system: − − − −

Adequacy of simulation and modeling for the required business processes Sensitivity to variables describing factors that essentially affect the business processes Required accuracy and reliability of the modeling results Required operational efficiency for calculations.

The system of simulation and modeling (Fig. 7) is the basis of the Enterprise’s situational center structure and provides modeling of different variants of situation development.

54

V. Popovich

Fig. 7 Variant for simulation and modeling system

Besides those, other task groups realized by the system are: − −

Tasks related to life cycle substantiation Tasks related to a quantitative substantiation for making managerial decisions about equipment or other assets’ maintenance.

To solve the above tasks, the methods of multi-criteria optimization, simulation, and decision substantiation under uncertainties can be used. If the task initial data are determined and only one criterion for making decisions exists, the method of a single criterion static deterministic task for decision making could be used. In some cases, different types of analytical models can be applied. Thus, using the above basic solutions for automation of the Enterprise’s applied management processes, it can be possible to increase the feasibility of their development as well as of the business efficiency as a whole. 2.3 CIS Architecture CIS architecture represents series of interconnected subsystems and components, whose implementation will allow for the CIS development as a whole system. This architecture was developed with due account for the approaches to systems’ design and development based on the object-based

Concept for Corporate Information Systems Development Based GIS Technologies

55

approach and service-oriented architectures. The architecture being presented has been evaluated through several research and development projects. Let us briefly review the main components. 2.3.1 Methodological Support

Methodological support is a set of documents describing technology of CIS construction, the user-friendly techniques for selection and use of the proposed technological methods in receiving concrete results. Methodological support assumes a definition of the work goals, its subjects, limits, selection of tools, and methods for its execution, selection of means (resources), and stages of its implementation. The main objective of methodological support is to manage the CIS components development based on reasonable interconnected activity for CIS makers and managers of the Enterprise. Introduction of a correct methodology for project management allows for arriving at a guaranteed positive result, whereby it is required to manage the entire project development process clearly and professionally. Requirements for methodological support. The methodological support should regulate the following aspects: • Regulations describing each business process (Fig. 8) • Description of roles of developers taking part in production and managerial activity of the business processes

Fig. 8 Classification chart of business processes

56

V. Popovich

• CIS components’ operation instructions that should contain the data about: in what processes, who (what business person) and what uses for the component as well as the detailed manuals. 2.3.2 Mathematical Support

The quantitative support for making a justified decision by the Enterprise’s executives at all management levels is the main function of CIS mathematical support. In addition, mathematical support solves the tasks related to processing and display of incoming and outgoing CIS information. Mathematical support incorporates the list of mathematical models, algorithms, and methods that should be realized in information and analytical, information and calculation, and calculation constituents of special CIS software, as well as the specifications of the above models, algorithms, and methods. 2.3.3 Information Support

Information support (Fig. 9) enables the development of dynamic information models for the Enterprise’s life cycle management systems, containing at each instant of time data corresponding to actual parameters of the object and medium where they function. The dynamic information models of subordinate managed objects should become the components of these models.

Fig. 9 Information support

Concept for Corporate Information Systems Development Based GIS Technologies

57

System of rules for Dynamic Information Model Keys List Keys +count : int +list : Key +add() : Key +append(in key : Key) +clear() +delete(in key : Key) : int +item(in name : string) : Key +free(in key : Key)

Entities List Entities +count : int +list : Key +add() : Key +append(in entity : Entity) +clear() +delete(in entiny : Entity) : int +item(in id : string) : Entity +free(in entity : Entity)

Union of Entities Union +name : string +id : string +entities : Entities +assign()

1 Single Key Key +datatype : string +id : string +keys : Keys +name : string +value : object +assign(in key : Key)

1

Dynamic Information Model

Single Entity

*

Entity

*

+classtype : string +id : string +keys : Keys +name : string +relations : Relations +assign(in entity : Entity)

Relationship List Relations +count : int +list : Relation +add() : Key +append(in relation : Relation) +clear() +delete(in relation : Relation) : int +role(in relation : Relation) : string 1 Single Relationship Relation +entity : Entity +role : string

Interchange node Union 1 Union 2 Union 3 entity 1 keys relations entity 2 keys relations

<xml>

*

Generalized Data Presentation Model (GDPM) is universal informational and logic metamodelrepresenting to program components structure of essence describing their object field. GDPM sets system of rules for DIM

Generalized Data Interaction Model (GDIM) is a universal informational and logic metamodelrepresenting to program components structure of essence contained in the message/ GDIM provides data interaction between components based on GDPM

Decomposition Structuring Formalization Entities separation

Relations coding

Space building

Common Data Reduction Method (CDRM) to GDPM is a method offering general sequence of activity on data conversion from any component metamodelto GDPM

Fig. 10 Dynamic information model

The dynamic information model (Fig. 10) for each component is based on a certain system of rules representing information objects’ states and their interactions. 2.3.4 Software

A number of requirements for the software have been formed, that it met: Functional requirements 1. To develop a list of services to be rendered by each functional CIS system. 2. To describe the characteristics of the system and its environment. To specify the list of constraints imposed on actions and functions performed by the system, including time constraints, constraints on the system development process, standards. 3. To take into account the parameters typical of the subject area where the system will be used. Nonfunctional requirements 1. Requirements for the software that should describe the software product operational properties, like the system’s performance, required memory capacity, reliability, system’s transferability.

58

V. Popovich

2. Organizational requirements reflecting the policy and organizational procedures of the Company and software developers (development standards, programming languages, and design methods accompanying documentation). 3. External requirements accounting for the factors that are external to the system being developed and to the process of its development (interaction of the system with other software products, legal requirements). Subject area requirements 1. Requirements for the software that should describe the software product operational properties, the system’s performance, required memory capacity, reliability, system’s transferability. 2. Organizational requirements reflecting the policy and organizational procedures of the Company and software developers (development standards, programming languages, and design methods accompanying documentation). 3. External requirements accounting for the factors that are external to the system being developed and to the process of its development (interaction of the system with other software products, legal requirements). 2.3.5 Engineering Support

Engineering support is understood as an aggregate of all CIS underlying technical tools; a realization variant is given in Fig. 11. Without a detailed analysis of possible technical solutions, consider some of the most important requirements for the engineering support. 1. Requirements for CIS components’ reliability that should include: 1.1. A typical operational model: the quantitative reliability requirements are based on 1.2. Failure criteria in the modes of designated purpose usage, the nofailure operation requirements are based on 1.3. The required time for continuous no-failure operation 1.4. Criteria for the limiting conditions: the requirements for normal operating period are based upon 1.5. Criteria for the CIS components’ protective properties, the safety requirements are based on. 2. Requirements for operation, storage, and maintenance that should include:

Concept for Corporate Information Systems Development Based GIS Technologies

59

2.1. Requirements for working and limiting operational conditions, determining the range where CIS components keep their parameters within the set standard limits 2.2. Requirements for operational modes 2.3. Requirements for continuous work period 2.4. Requirements for operation in emergency situations 2.5. Requirements for preventing unauthorized use 2.6. Requirements for the tools of operational control system 2.7. Requirements for the maintenance personnel number and professional skills 2.8. Requirements for the operational/maintenance information and reference system.

Fig. 11 A variant of engineering support realization 2.3.6 Security System and Information Protection

Due to the special nature of CIS functioning caused by dealing with classified and commercially confidential information, the security and information protection system is an essential part of the system and should be developed along with the system’s development. The security levels in the system of classified and confidential information should be evaluated in accordance with the respective legal regulations (declared valid at the state and/or branch levels). It is necessary to develop requirements for the CIS components’ information safety including:

60

V. Popovich

• Revealing the external factors affecting information safety • Forming safety requirements with due account for the currently valid standards. It is necessary to develop the requirements for information safety in CIS including: • Performing a thorough investigation of the Company’s objects • Classification of CIS according to Guiding Document by the State Customs Committee “Automated Systems. Protection against Unauthorised Access to Information. Classification of Automated Systems Information Safety Requirements” • Development of requirements for Companies’ information safety system based on the CIS Classification Statement. 2.3.7 External Relations System

The Enterprise’s corporate information system is not closed, and its functioning assumes an interaction with other information systems. This is why within the design range it is necessary to take into account the requirements for coordination with a number of interacting information systems. 2.3.8 Life Cycle Structure

Life cycle structure (Table 1) is typically practical. In addition, it is of great importance in the process of system development and in achieving mutual understanding between the customer and the developer. Almost the top priority issue in the considered subsystem is arranging for a warranty and post-warranty servicing as well as the operational personnel training at the companies implementing CIS. Table 1. Life cycle stages of CIS components No. 1 2 3 4 5 6

Stage Formation of the assignment Development Realization Operation Support Removal

Description Analysis of demands, selection of a concept, and project solution Design of the system System manufacturing Commissioning and use Provision of the system functioning Use termination, dismounting, system archiving

Concept for Corporate Information Systems Development Based GIS Technologies

61

3 Conclusion The concept of CIS development proposed in this paper represents the first version for creating the SPIIRAS internal standard for design of complex, heterogeneous, and distributed information systems. The need for such a development was stipulated by the absence of acceptable concepts and paradigms. Today, the proposals on implementing off-the-shelf systems, rather than the concepts of and approaches to their development, can be found. The thesis cannot but admit that cutting-edge technologies start outdoing the progress in basic research, thus being fraught with a risk of picking up the unjustified solutions and eventually resulting in material as well as in entire business losses. SPIIRAS has only started investigations in this field; it is further planned to accomplish a thorough research and to arrive at a deeper theoretic substantiation of the proposed approaches, and at the independent solutions forming, documenting, supporting, and servicing as well as developing a set of practicalities to shape into a set of architectural decisions for various levels and purposes of CIS.

References 1. Llinas J, Bowman C, Rogova G, Steinberg A, Waltz E, and White F (2004) Revisiting the JDL data fusion model II. In: Proceedings of the 7th International Conference Information Fusion 2004 (Fusion 2004), Stockholm, Sweden, pp 1218–1230 2. Popovich V, and Voronin M (2005) Data harmonization, integration and fusion: three sources and three major components of geoinformation technologies. In: Proceedings International Workshop Information Fusion and Geographic Information System, St. Petersburg, Russia, pp 41–47 3. Popovich VV, Potapychev SN, Shaida SS, and Feizov RZ (2007) Mobile information system supporting decision-making at local government level. In: Schrenk M (ed) Proceedings of CORP2007, Vienna, Austria 4. Asch K, Brodaric B, Laxton J, and Robida F (2004) An international initiative for data harmonization in geology. In: 10th EC-GI&GIS Workshop, Warsaw, Poland, p 9 5. Erokhin V (2007) Tools for enterprise architecture management. Open Syst. 3:38–45 6. Valet L, Mauris G, and Bolon P (2000) A statistical overview of recent literature in information fusion. In: Proceedings of the Third International Conference on Information Fusion (Fusion 2000), Paris, France, pp 22–29

Data Harmonization in CIS

Andrey Pankin and Viktor Kuzenny St. Petersburg Institute for Informatics and Automation of the RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. The existing principles of business automation and corporate information systems (CIS) development insufficiently enable the integration of CIS informational subsystems, thus hampering the cooperation of specialists from different departments as well as the acquisition of reliable and complete information. This problem so far lies beyond the range of standard technological solutions. So, to effectively use the available information and to provide for making the justified managerial decisions, it is necessary to develop a scientifically sound methodology that would allow for information interaction between the system’s heterogeneous components using, therefore, general theoretical approaches to information processing. This paper proposes a solution based on the advanced and best elaborated methodology of data harmonization, integration, and fusion. Keywords: Corporative information systems; Data harmonization; Data integration; Data fusion; Business process; Common data representation model (CDRM); Dynamic information model (DIM); Common information interactions model (CIIM); Object-oriented approach; Ontology

1 Introduction Advanced large-scale enterprises and institutions possess a significant amount of heterogeneous information stored in different media or forming a part of their employees’ professional knowledge. A part of this information is stored in different information systems used at the enterprise. At V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_4, © Springer-Verlag Berlin Heidelberg 2009

63

64

A. Pankin, V. Kuzenny

present these systems are not sufficiently integrated and that is why the information is often duplicated; at the same time such information can be insufficiently complete in any system. Currently, the integration of applications plays a more and more important role in providing for the effective operation of an information environment at the enterprise. The integration speeds up the information processing, decreases the number of errors, and makes information more accessible. Specific integration demanding areas can be identified: − − −

Information exchange between different departments of the enterprise, e.g., office, remote warehouse, store Information exchange between contracting parties, e.g., price lists, sales documents Information exchange between different software products used at the enterprise.

On the one hand a nonavailability of a unified data format prevents interactions between different software products used at the enterprise; on the other hand a nonavailability of the unified subject area description hampers cooperation of the specialists from different departments and contracting parties of the company, as well as the acquisition of reliable and complete information about the business processes’ characteristics. The issue of integration is particularly acute in the case of Corporate information systems (CIS) use at the enterprise as far as the concept of resource management systems implies the existence of a common information space for all the business processes of the enterprise. Consider the solutions available in existing CIS market. SAP R/3 produced by SAP is the most often introduced system, especially in Russia. SAP R/3 includes a set of application modules supporting different business processes of the company and integrated in real time mode. Thus, SAP R/3 advantages incorporate the systems’ modularity, high functional flexibility and availability of integrated manufacturing and project systems; the disadvantages include the complicated documentation, exactly specified requirements for hardware, and high maintenance costs. Consequently, in order to integrate SAP R/3 with other external applications, the expensive services of SAP-consultants or additional training of the programmers would be required. Oracle E-Business Suit is also intended for CIS development and is the main SAP R/3 competitor. A large number of Oracle solutions have been introduced at domestic iron and steel works. Oracle and SAP are the global leaders in a segment of enterprise management systems. Products of both suppliers are referred to as the class of largescale integrated systems and possess broad functionality meeting the

Data Harmonization in CIS

65

business demands practically in any industry. However, high costs of licenses, consulting services, and supporting the Oracle- and SAP-based decision-making, especially in the integration with other systems, are quite often the key problems while using these ERP systems. Dynamics NAV developed by Microsoft is also a rather famous representative of CIS. Microsoft Dynamics NAV is an integrated system of ERP intended for different problem solving in financial management, business analysis, industrial management, distribution, clients’ relations and servicing, as well as in e-commerce for small, medium, and large companies. The core advantage of the system is that Microsoft Dynamics NAV is closely integrated with other Microsoft software products and technologies that in turn are the most commonly used office software. The disadvantage of Dynamics NAV is insufficient degree of integration with the systems introduced by other software developers. The common disadvantage of the above considered solutions is that their usage implies a rejection of practices and technologies used by the enterprise before, and this involves significant expenditure along with additional training of the personnel. The analysis of modern CIS has revealed three main problems: 1. Historically, the automation in a majority of existing CIS has been independently performed by different organizational and structural units. In this regard CIS elements allow solving some specific tasks for the enterprise organizational and structural departments: however, most of business processes, as a rule, engage several structural units, thus requiring effective interaction with each other. Moreover, the same information is often duplicated in different CIS subsystems to a certain degree, thus possessing no sufficient completeness in any of the subsystems. 2. During the CIS evolutionary development, the automation was implemented on different technological bases that resulted in complicating the information interaction between different systems and sometimes in their complete impracticability. At present, a large number of different information systems included in CIS often have no compatible formats of the data being processed, and that does not allow for a fully effective management of business processes. 3. Existing principles of the enterprises’ automation and CIS development do not provide for a sufficient integration of the CIS incorporated information subsystems. This is stipulated by a necessity of the resources’ geometric increase of what is needed for the subsystems’ integration. So, the automation tools of the majority of departments are heterogeneous and use different formats for data representation. This leads to a necessity of the resources’ geometric increase of

66

A. Pankin, V. Kuzenny

what is needed for the subsystems integration at such departments since the departments perform data exchange using “everyone with everyone” principle. This principle is illustrated in Fig. 1a. The number of relational types between functional subsystems in this case can be calculated by the following formula:

N=

n(n − 1 ) , 2

where n is a number of organization departments participating in one business process. The development of a Common Information Model of the integrated CIS will allow the avoiding of this fundamental problem. In this case, for the joint functioning of the organizational departments within one business process such departments should have the same relational type within the common model (Fig. 1b). CIS element 1

CIS element 2

CIS element 3

CIS element 4 CIS system (a)

CIS element 1

CIS element 2

General Information Model

CIS element 3

CIS element 4 CIS system (b)

Fig. 1 Relations between CIS elements at existing and prospective approaches

Data Harmonization in CIS

67

Further CIS development is impossible without coping with the above three problems. The fact that their solving is rather a research than a technological problem is of fundamental importance, especially in the light of the absence of standard technological solutions. The use of data harmonization, integration, and fusion methods makes the solving of the above specified problems quite feasible.

2 Theoretical Basics of CIS The theoretical basics of CIS are the scientifically substantiated interrelated models, algorithms, and methods. The main task the theoretical basics are aimed at is the processing of large bodies of heterogeneous information. The need for the CIS theoretical basics appeared because the existing approaches do not allow for solving the problems related to CIS development. The advanced CIS current status analysis showed that the methodology underlying the information systems development is oriented first and foremost to the automation of certain business processes. CIS consists of the autonomous projects designed to automate one or other business function of the enterprise. Even if a separate project assumes the information interaction with other projects, it would be implemented only for a specified project, thus providing for no common principles of their organization. A typical approach to the business processes automation could be as follows. There arises a need for the automation that could be arranged as a system of requirements, based upon the list of the expected final results of such automation. Assume that there arises a need for a certain form document then the need will regulate the document content, information sources for such a document, its forming and work with it. The task of the document development is automated and is further successfully used. More and more similar tasks on document forming emerge. Each such task is successfully used. After a while, when the number of such documents grows, the need arises for automating the documents, exchange and registration. The main requirement for this system will consist of providing the specified documents’ list exchange between the users. This project’s realization faces the problem that different documents are developed by different tools. In this way there emerges a need to develop special components aimed at arranging for work with each separate type of documents. It is quite clear that should all documents be developed using similar basic principles the system would be implemented much easier.

68

A. Pankin, V. Kuzenny

This example illustrates a necessity for united principles and approaches to automation of CIS operations. To effectively use the available information and provide for making the substantiated managerial decisions it is necessary to use scientifically based methodology that would allow for informational interaction between the system’s heterogeneous components using, therefore, theoretical approaches to information processing. Currently, the methodology of data harmonization, integration, and fusion is the most up-to-date, so its use will be the most efficient in solving the above problems. To realize the methodology of data harmonization, integration, and fusion at the CIS development, it is necessary: 1. To realize the common data representation model (CDRM). GDPM is a model describing properties and states of the system components and also interrelations with other components. CDRM can be realized through definition of basic notions and their interrelations (ontologies) over respective subject areas and/or areas of responsibility. CDRM will allow to: − − − −

Facilitate the mechanism of heterogeneous data processing Increase the reliability of the used information Minimize time of the required data acquisition Manage an enterprise in on-line (real time) mode.

2. To develop a method of new systems transformation. The method of new systems transformation is a process of harmonization allowing for transforming the information models of new systems into DGPM. In as much as a need for certain business processes automation arises at the enterprise, the development of this method will permit the introduction of new subsystems into CIS using the same algorithm and avoiding the development of a new approach to decision making for each separate case. This will also facilitate operations on new systems introduction in the future. 3. To develop a method of the existing system components transformation. The method of the existing components transformation is a process of the system’s components’ information models harmonization to the common DGPM. This method envisages the identification (matching) of the enterprise ontologies. Development of this method will allow for embedding (introducing) the existing customized subsystems into new CIS and avoiding the extra costs for personnel training and retraining.

Data Harmonization in CIS

69

3 Unified Information Space as a System of Ontologies Large-scale enterprises and institutions possess significant amount of heterogeneous information being stored on different machine-readable media or being part of the personnel’s professional knowledge. It leads to the following negative consequences: 1. Information duplicating in the different enterprise’s CIS. 2. Nonavailability of the unified data format, complicating the interaction between different informational systems and subsystems of the enterprise during the common task solving. 3. Nonavailability of a unified subject area description, complicating the interaction between different specialists of the enterprise units, and acquisition of reliable and complete information about characteristics of the enterprise business processes. One of the approaches to overcoming these disadvantages consists in the use of the unified information space (UIS) for the whole enterprise or institution. While developing UIS it is required to eliminate information redundancy by applying CDRM to all system components. The authors of this paper suggest using the ontology model as CDRM and realizing UIS as the system of interrelated ontologies. Ontology is understood as a detailed formalized structure specification of a certain subject area. Ontology is based on the following categories: 1. Classes describing the isolated object groups of the subject area with a list of properties characterizing them; 2. Objects are class instances that, as a rule, are matched with real world objects used by the application task; 3. Therefore, both the first and the second can be in certain relationships (understood as a link between objects or classes) and possess properties. Ontologies are characterized by the uniformity, completeness, and consistency of the used notions. The ontology development, in addition to the uniformity of heterogeneous information representation, allows for forming an integral view of the subject area, revealing the missing knowledge components, and increasing the efficiency of its repeated use. Use of the ontologies’ system allows for solving the problem of information redundancy. Construction of the ontologies’ system allows for forming the universal description for the subject area. Ontology by its nature is characterized by orientation towards a definite subject area. At the same time within frameworks of a certain enterprise

70

A. Pankin, V. Kuzenny

and different business processes it is necessary to solve a large number of heterogeneous tasks of different origin. The result is as follows: 1. Absence of one class forming basis and, consequently, the impossibility of building the unified hierarchical structure. 2. Existence of a great number of objects within UIS frameworks. 3. Large number of different properties of the objects and relationships between them; thus, it is required to consider different sets of properties and relationships for different tasks. 4. Need for an easy UIS modification in order to register different changes to the requirements of business processes implementation. Due to these difficulties it is rather hard to implement and support a single ontology common for all business processes. To resolve this contradiction it is required to develop a system of interrelated ontologies rather than a separate ontology. It should be taken into account that the system of ontologies, being the core of UIS, is intended for providing an access to all system components’ information, so the main requirement to the ontology would be providing for the unified standard of the subject area description that would serve as the basis of CIS development. Therefore, it is necessary to consider peculiarities of the enterprise’s business processes and the possibility of its further restructuring and/or changing the executed functions. The above approach is not unique; the global practice gives many examples of successful introduction and testing of the proposed approach. Examples of the projects based on the system of ontologies include: 1. The CYC (as in en-cyc-lopedia) is a project of Microelectronics and Computer Technology Corporation (MCC), Texas. This project is the basis for systems executing the reasoning process by the ontologies for wide application range depending on the specific subject area. CYC includes large multi-context knowledge bases, effective output mechanisms, set of output means, and a row of special application modules. 2. KACTUS is the European project within ESPIRIT project, targeted at building the methodology of multiple use of knowledge about engineering systems during their life cycle. This methodology is required to use the same knowledge bases for design, evaluation, functioning, support, redesign, and training. KACTUS supports the integrated approach including production and engineering methods, and knowledge engineering methods, based on ontological and computational basis for multiple use of the acquired knowledge concurrently with different applications in technical areas.

Data Harmonization in CIS

71

3. Target of TOVE (Toronto Virtual Enterprise) project is to create data model that should: −

− −

Provide for a common terminology in the subject area, whose applications can be used together and understood by each participant of relationships Give an accurate and possibly consistent definition of each term based on the first-order logic Define a semantic task by the axioms’ set that would allow for the automatic answering of the range of questions about the subject area.

TOVE-ontologies represent the integrated model of the subject area, consisting of the following ontologies: operations, states and time, management of resources, products, service, production, price, and quantity. The enterprise reaches its goals through implementing certain business processes. A business process can be defined as a set of logically interdependent actions performed to arrive at a certain result of business activities. The business processes are divided by levels into strategic, operative, and tactical. Each ontology should provide a possibility of its adaption to specific business processes of the enterprise. The following properties should be defined for ontologies of the business processes description: 1. Type of business process (strategic, operative, tactical). 2. Business process identifiers and each identifier determinants. 3. Subjects of the business process management and their identifiers. 4. Data structure for storing the formal descriptions of interrelations between the subjects of the enterprise’s business process management and objects of management and interaction, as well as factors of the above specified interrelations. Therefore, each ontology, except for the business-processes ontology, serves as the basis for respective subsystem development. As a rule, ontologies are described using a certain language. Resource definition framework (RDF) and Web ontology language (OWL) can be distinguished as the languages of ontology description. RDF language has been developed by W3C Consortium (international association for developing the World Wide Web standard). RDF is a convenient tool for data structure formalization. By virtue of its universalism RDF allows for ontology description; however, at the same time it is insufficiently expressive. W3C Consortium has also created OWL ontology language. Ontology in OWL can include the description of classes, their properties and objects.

72

A. Pankin, V. Kuzenny

OWL has been developed with an objective of information processing, and not only for its presentation in a specified form. At present OWL is completely specified and recommended by W3C to be used as the language for ontology description. When creating the latest developments in the area of search systems, inference systems and formal grammar description were used. On the other hand, since OWL is based on XML, the ontologies implemented using the OWL tools are transferred easily between different types of computers having different operating systems and program languages. Essentially, OWL provides a standard for ontology exchange. Thus, it is preferable to use OWL as the language for ontology description. It is necessary to note that the system of ontologies included in CIS should support the following system capacities: −

−

−

Real world object incorporating a multitude of properties. However, each ontology stores a certain set of information about the object from the point of view of a certain subsystem. Thus, in order to receive information required in progress of a certain business process, it is necessary to use the multiple inheritance mechanism within which framework one object inherits a multitude of properties from different system ontologies. One of the functions supported by CIS is a possibility of the system state recovering at a certain instant of time. This facilitates the recovery of separate components in case of failures and increases the efficiency of the enterprise business processes analysis. For this purpose it is necessary to save a history of the object’s properties’ states. In its turn, to effectively realize the state-saving mechanism and to optimize the information processing, it is necessary to partition the constant and variable information about the object. Evidently, different participants of business processes when decision making need different information about CIS objects. Therefore, time participants can be split into groups based on the information essential for them. Hence, one of CIS functions is the filtration of information for different groups of users.

4 Development of CIS Analysis of subject areas of the enterprise’s activities shows that advanced CIS should have a distributed and mobile structure, and work in a system of real or close to real time. The task of such system development is

Data Harmonization in CIS

73

complicated in many respects due to the necessity to store the developed and currently used heterogeneous and uncoordinated decisions regarding the information support. To meet the requirements of the mobility and structure distribution, the information support should allow for constructing the dynamic information model (DIM) of the enterprise management system, that at any instant of time contains data corresponding to the actual parameters of the object and the environment where the system functions. Components of this model should be DIMs of subordinated managed objects. Therefore, time DIM of each component should be arranged as a representation of information objects and their interactions with each other in compliance with a certain system of rules, and the model logic should allow for developing DIM for any system component. Disregarding the specificity of different management system components, each DIM should include CDRM as its basis, and objects of the model should allow for describing all possible aggregates of objects and elements currently used in CIS and to be used in the future system development. Descriptions of classes of information objects along with the list of their specific properties should be formed dynamically in the process of program components functioning without changing the model structure. Since the CIS development envisages the possibility of managerial impacts at any of three levels, the model should meet the demand for all information resources to make substantiated managerial decisions at all management levels (strategic, operative, tactical), at all management stages, and during the entire life cycle of the management object. Based on the above, the following requirements can be set for the common information interactions model (CIIM): 1. Objects of the model should be capable of the realizing of any information interaction between the system components that is necessary for performing the automated business functions. 2. In order to level down the requirements for software and hardware the model should be sufficiently simple, i.e., it should contain a small number of elements. The model should realize a mechanism of data transformation from CDRM into a common data exchange model. The following mechanisms should be used to unite the existing decisions with minimal losses and resources consumption, and to create the system of ontologies providing management support in all business processes at all levels of UIS management and implementation and also to support data harmonization and fusion processes:

74

A. Pankin, V. Kuzenny − − − − − −

Universal description of the subject area Multiple inheritance of objects Partitioning of constant and variable data about the object Universal mechanisms of relations Saving the history of the state of the objects’ properties Information filtration for different groups of users.

Universal description of the subject area will permit describtion of the objects in CDRM based on common principles. Universal description of the subject area at information model construction assumes the presence of the objects’ classes system indicating their typical properties and values, a list of possible states defined based on the requirements of the business process and expressed through the values of the object intrinsic properties, and a list of interrelations binding the objects at business function realization. Activities of the enterprise assume a large number of different tasks with participation of the same objects of the information model. It leads to a large number of class-forming bases as in the process of such task solving the objects can be classified by different classification features. Multiple inheritance mechanism provides for the objects description in the information model. Different behavior of the same objects in different tasks leads to another problem: in simultaneous modeling of different business processes the properties of the same object can take different values. The mechanism of partitioning constant and variable data about the object helps to avoid the conflict of the simultaneous change in properties. Universal mechanisms of relationships allows a description of complex relationships between different objects of the information model occurring in the progress of business processes realization. For analysis of the information model dynamics and pattern of its state changes up to individual properties of the objects, and also when needed to recover a state at the given instant of time, it is necessary to use a saving mechanism of state history for object properties. Many users at different levels and assigned different access rights will have access to CIS information resources. To solve their tasks, different groups of users will need different information about the same processes and objects participating in them. Information filtration mechanisms for different groups of users will allow fast access to the required information. Adapted and earlier created systems included in CIS and intended for data exchange should be encapsulated into a respective component realizing CDRM. Transformation of information models of the adapted system into

Data Harmonization in CIS

75

CDRM should be implemented by general methods of data transformation into CDRM complying with the following requirements: − − −

The method should offer a common specific sequence of data transformation for all adapted systems included in CIS The method should implement mechanisms proposed by methodology of data harmonization, integration, and fusion The transformation method should be simple enough to level down requirements for software.

Considering the reviewed peculiarities of the subject area and results of analysis of the existing solutions on information bases arrangement, the use of the object-oriented approach seems the most reasonable in CIS development. Object technology expands the conventional method of applications development by new data modeling and programming methods. To reuse codes and to improve the information integrity saving, in the object programming the data and code for their processing are arranged into objects. In using the object-oriented approach in development of information bases, the application programs cycle and function with objects stored in the base that uses the standard object-oriented semantics of the language and operations. Owing to existing standards for the interaction between components, the information resources of the distributed system are combined with each other independent of hardware, software, program languages, operating systems, networks, compilers, and different means of forming queries and reports, and are changed dynamically by object manipulation without loss of the working capacity. However, the concept of object information bases is rather complicated. In addition, at the enterprise there exists a number of decisions based on relational databases. In particular, this will strongly affect the amalgamation of information resources into UIS at operative and tactical levels of management. There appears a need to develop a common methodology on data harmonization, integration, and fusion to include it in a common information space of CIS for the earlier uncovered or outdated information systems. In this case, the combined approach seems reasonable as it will allow for using the advantages of an object-oriented approach, thus not rejecting the standard solutions based on a relational approach. These combined approaches can be based on the following solutions: − −

Object-relational adapters consolidating object-oriented applications and relational information bases Object-relational gates. While applying this method a user interacts with an information base through the language of an object-oriented

76

A. Pankin, V. Kuzenny

−

information base, and the gate replaces all object-oriented elements of such language by relational components Hybrid object-relational information bases, that can store both conventional table data and objects.

Information support meeting the above listed requirements would allow for describing all business processes within a common information model as well as for storing and timely providing the customer with the information needed for making the substantiated managerial decisions at all management levels (strategic, operative, tactical), as well as at all management stages within the management object life cycle.

5 Conclusion Analysis of advanced information systems of enterprises allows for specifying problems for existing automation principles and CIS development. The main direction for further CIS development should include the process of separate subsystems, including adapted subsystems, integration that is intended for solving complex problems of the enterprise management. The proposed decisions are aimed at reducing the design cost, developing and introducing the separate CIS subsystems, and reducing costs of their modifying to be performed with due account of the changing requirements.

References 1. Pankin AV and Potapychev SN (2003) The object-oriented approach to creation of geoinformational systems. Industry 3(33):108–109 2. Pankin AV and Potapychev SN (2003) Informational system as principal support for decision taking. Innovations 8(65):61–64 3. Pankin AV, Saitov SV, and Ivakin YA (2004) Directions and methods of development of the functional system of the navy electronic workflow. Sea Collect 8:31–33 4. Pankin AV (2004) Integration of the functional system of electronic workflow into geoinformational systems. In: IX St. Petersburg International Conference “Regional Informatics – 2004,” St. Petersburg, Russia 5. Pankin A, Popovich V, Potapichev S and Sorokin R (2005) Intelligent GIS for monitoring systems development. In: CORP2005, Vienna, Austria 6. Pankin A (2005) Integration of heterogeneous information flows circulating in the control loop. In: IF&GIS 2005, St. Petersburg, Russia 7. Pankin A, Popovich V, and Ivakin Y (2006) Data for GIS. In: CORP2006, Vienna, Austria

iRank: Integral Ranking of Geographical Information by Semantic, Geographic, and Topological Matching

Felix Mata and Serguei Levachkine PIIG Lab–Centre for Computing Research, National Polytechnic Institute, Av. Juan de Dios Bátiz s/n, 07738, México, D.F., Mexico, [email protected]

Abstract. Previous geographic information retrieval (GIR) works have used different criteria of a geographical nature to rank the documents retrieved from heterogeneous repositories. The most common approaches consider the characteristics and relationships that describe the geographical objects. However, these criteria process the documents in a separate way (only using their geometric or topologic aspects). In addition, they do not take into account the nature of geographic data (spatial semantics) in the weighting and ranking process which limits the assessment of document relevance. Nevertheless, the ranking can be improved by using approaches integrating the essence and nature of geographical space, i.e., (1) geographical attributes, (2) topological relationships, and (3) spatial semantics that are focused on conceptually describing a geographic object. This paper outlines iRank, a method that integrates these three aspects to rank a document. iRank evaluates documents using three sources of information: GeoOntologies, dictionaries, and topology files. The approach consists of three stages which define the geographical relevance between a query and a document. In the first stage, the relevance is computed by using concepts (GeoOntologies), the second stage uses geographic attributes (dictionaries), and in the last stage, the relevance is processed by considering spatial relationships (vector files). Thus, the major iRank advantage is integral

V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_5, © Springer-Verlag Berlin Heidelberg 2009

77

78

F. Mata, S. Levachkine

ranking. The results received by the authors show a better ranking with these criteria than ones that use them separately. Keywords: Integral ranking; Geographic information retrieval; GeoOntology; Spatial semantics; Topological and conceptual matching; Gazetteers

1 Introduction The existing mechanisms for calculating relevance are based on comparing the similarity of a document against a query. For example, the information retrieval (IR) vector model [7] measures the document relevance based on word frequency. Web document relevance is measured using links frequency, while ranking classifies the weighted documents in order of importance. In GIR, the weighting and ranking mechanisms are based on characteristics of geographic objects. Herein, the topology, geographical attributes, and spatial semantics are used because they broadly characterize the geographical nature of an object. However, processing these elements faces two problems: the first one concerns the diversity of information sources (different encoding, formats, and representations) and the second one concerns – spatial semantics (its processing and storage). The first problem can be solved using IR approaches, geographic information systems (GIS), and XML as an interoperability format. The second problem is more complicated because the geographic meaning is expressed in different ways and at different levels of detail. For example, the semantics of relation “near” can be captured based on the user’s perception, and taking references from other objects or using metrics assessing the closeness based on parameters of time, distance, or perspective. Moreover, spatial objects are stored based on one of their features using different sources of information. For example, dictionaries store geographical attributes of an object, while the vector files store spatial relationships of geographical objects (e.g., adjacency), and GeoOntologies (geographical ontologies) store semantic relations according to their geographic hierarchy (continent– country–state) and to possible human perception of its geographic scope (near, next). Thus, the integration of these three aspects allows the assessing of a document according to geographical environment and to its human perception, resulting in an enriched ranking. This is the main motivation of the present work.

iRank: Integral Ranking Geographical Information Semantic, Geographic

79

2 Previous Work The problem of calculating the geographic importance of a document has been treated by processing the similarity between two geographical locations, one associated with the query and another with the document [1] and [2]. However, the criteria used have turned out to be insufficient to define the geographical relevance of the document. Basically, this occurs because of the spatial representations heterogeneity and the spatial semantics diversity in interpretations. For example, in [3] the authors used operators with topological and proximity relationships in spatial databases. In [4], Larson proposes a series of geographic operators for queries. A similar approach is adopted in the project SPIRIT [5] having a set of operators for spatial queries using different weighting schemes and determining what method should be applied. For example, the concept “near” is measured using the Euclidean distance, while angular difference is used for “north.” Ontologies have also been applied to measure the relevance of documents of geographic place names, using a query expansion approach [9, 11]. The places conceptualization model (ontology) that measures the similarity between the place name and locations is proposed in [14]. For example, Zaragoza can be referred to Mexico or Spain. Other works combine measures of distances and include semantic relationships [10]. However, weight metrics that are applied separately or in combination with IR classical approaches do not allow to evaluate the document adequately, according to geographic domain. Geographical dictionaries have been used in tasks of recovery and weighting because they contain information that allows the use of spatial queries. For example, in [13], three key components of a dictionary are identified: geographic names, location, and properties. Dictionaries have also been used to disambiguate the queries, transforming place names into geographical coordinates. In [15], the topological distance is processed by relationships of distance and direction to assess the similarity of spatial scenes. On the other hand, in [12], objects are evaluated with respect to their topological similarity. Summing up, the works are not included within the state-of-the-art that integrate GeoOntologies, dictionaries, and vector data as a whole for ranking tasks. This integration, however, would be very useful because these three sources of information are storing objects with different geographical representations, different encoding, and enriched semantics. Then, processing these elements allows for establishing the appropriate criteria for ranking geographic information and strongly motivates the presented research.

80

F. Mata, S. Levachkine

The rest of paper is organized as follows; in Sect. 3, the framework and its modules are described. Section 4 contains the results obtained using the proposed approach. Finally, in Sect. 5, the conclusions and future work are outlined.

3 iRank: Integral Ranking by Semantics, Geographical, and Topological Matching iRank is an integral approach that ranks geographical documents arriving from three information sources: GeoOntologies, topological files, and geographic dictionaries. iRank uses three elements that describe geographical objects, namely, topology, semantics, and geographic properties. iRank consists of three stages, at them the geographical relevance between the geographic query and the document is defined. In the first stage, the relevance is computed by using concepts (GeoOntologies), the second stage uses geographic attributes (dictionaries), and in the last stage, the relevance is processed by considering the spatial relationships (vector data). The goal is to obtain an integral relevance. The following notations to represent a < query > (QG ) , “document” ( DG ), {concept} (CG ) , and [instance] ( I G ) are used. The query format used is a triplet <what, rel, where>, where geographical object corresponds to <what >, while <where> is a geographical reference. < rel> is a spatial relationship between < what > and < where >. For example, for query ; <what > element corresponds to , while < rel> is the spatial relationship < near > , and is <where>. The process begins by comparing a query against a retrieved document. This comparison is performed using concepts representing the geographical objects. For that, GeoOntology is explored in order to find the concept associated with each element of the query and the document. For example, query < Lakes near Guadalajara > and retrieved document “Chapala Lake next Ocotlan” are associated with GeoOntology concepts {Water body}, {City}, and {Municipality}. To establish relevance, these concepts are compared by using confusion metrics [8] evaluating a pair of geographical concepts in GeoOntology. Section 3.1 explains this process in detail. The result is the conceptual relevance of the document to the query. Figure 1 shows modules that compose the framework of iRank.

iRank: Integral Ranking Geographical Information Semantic, Geographic

81

Fig. 1 iRank framework

As shown in Fig. 1 when the conceptual relevance is obtained, the next steps are aimed at computing the topological relevance (TopologyRel) and the geographical relevance (GeoRel). These three relevancies are fused to obtain an integral ranking (iRel) of the geographic documents. iRel is calculated by (1): iRel ( QG , DG ) =

ConRel ( Cq , Cd ) + GeoRel ( Gq , Gd ) 3 Topology Rel (Tq ,Td ) + , 3

(1)

where ConRel is the value of conceptual relevance between Cq and Cd. Cq is the concept associated with the query and Cd is the concept associated with the document. For example, “Chapala Lake” vs. “Water body”. GeoRel is the geographical relevance between Gq and Gd. Gq is the concept associated with the query and Gd is a geographic attribute of the ument, for example, “Geographic Area” vs. “Guadalajara.” TopologyRel is the topological relevance. Tq is the concept associated with the query and Td is a tuple of topology file, for example, “Chapala Lake” vs. “Lerma River–basin.” iRel is measured in the range of [0, 1], where unity represents the complete relevance and zero corresponds to the zero relevance. In this way, using the value of integral relevance, the results are weighted to be deployed in a list format in ascending or descending order. The rest of section is organized as follows. In Sect. 3.1 the conceptual ranking, using GeoOntologies

82

F. Mata, S. Levachkine

is explained. Section 3.2 describes the geographic relevance measuring. In Sect. 3.3, the topological relevance is defined. In each section, context vector is used as a mechanism of the rankings integration. Section 4 demonstrates the received results. Finally, in Sect. 5, the conclusions and work proposed for the future are discussed. 3.1 Conceptual Ranking Conceptual ranking is the first stage of iRank. This module measures the document relevance using concepts stored into GeoOntologies, where GeoOntologies are composed of concepts (rivers, lakes), semantic relations (hyperonimy, meronimy), topological relations (connect, adjacency), geographical attributes and instances (an instance is a geographical document). For example, a document about “Lerma River” is an instance of [River] concept. Additionally, with each instance an initial weight (Wi) has been associated. This weight was obtained, using the approach similar to the vector model [7]. In particular, each query was submitted to Google and Yahoo! Answers, and from the obtained results (documents), those whose place name matched up to the label’s name of a concept from GeoOntology have been selected. This process has been made semiautomatical, using a program developed in Ruby language.1 For example, when Google was asked for the majority of results have been related to the “Lerma-Chapala basin.” Then, the documents referred to “Lerma-Chapala basin” were considered most relevant (their initial weight is greater) for the queries that include . Equation (2) shows the calculation of the initial weight. Wi =

Ft Nd

(2)

where Wi is the weight of the concept, Ft is the occurrence frequency of term associated with the concept, within a document and Nd is the number of considered documents. The formula normalizes Wi into interval [0, 1] so that unity represents the maximum value of relevance, while zero is associated with the minimum relevance. Now, the calculation of conceptual relevance will be explained. For that, the following scenario will be considered: a GIS specialist needs to analyze possible flooding in the cities near Chapala Lake. Thus, the geographic data

1

Ruby: Language programming. www.ruby-lang.org/es/.

iRank: Integral Ranking Geographical Information Semantic, Geographic

83

are searched for using the following query: QG1 = . Then, the query is processed as follows: (1) Analyze query to identify each element of the triplet. (2) Identify the concepts associated with the document and query. (3) Extract the context for the document and query. (4) Process weights (Wi ) and calculate the conceptual confusion. The first step identifies the elements <what>, , and <where> of the query. The second step uses the algorithm OntoExplore [6] to find in the ontology the concepts matching up to each element of the triplet. For example, for QG1 = OntoExplore finds that is associated with {Urban_Area}, relationship is associated with the concept of {next} and with concept {Lake}. The third step consists of extracting the context of the query and document (their neighbor concepts). In this case, for the retrieved document DG1 = “Ocotlan next Chapala Lake,” “Ocotlan” is associated with the concept {Municipality}, while “Chapala Lake” is linked to concept {Lake}, and the relationship “next” is associated with {near}. Subsequently, context is extracted and stored in a Context Vector (Vc ) . For example, {Water Body} has the following neighbor concepts: {Lake} and {River}, stored into Vc . Figure 2 shows GeoOntology, the query, geographic document, and context vector obtained by OntoExplore.

Fig. 2 Context vector obtained by OntoExplore

84

F. Mata, S. Levachkine

Also, Fig. 2 displays the concepts, their initial relevance (inbox), and their weights. The fourth and final step is aimed at determining the conceptual relevance between document “Ocotlan next Chapala Lake” and query , for that, the following (3) is applied. The value obtained is the conceptual relevance (ConRel). ConRel (ci , c j ) =

Wi1 + Wi 2 , D

(3)

where “ConRel” is the conceptual relevance between ci and cj (e.g., “City” vs. “State”), ci is the concept (from query), and cj is the concept (from document). For example, ci = “City” for “Chapala” and cj = “state” for “Guadalajara.” Wi1 and Wi 2 are the initial weights of the involved concepts. For example, Chapala Lake has an initial weight of 0.78 according to (2). D is the confusion between the concepts ci and cj . For example, if ci = Guadalajara and cj = Chapala, then the node that represents “Chapala” is located, and number of nodes explored to reach the node “Guadalajara” is determined. So, the conceptual relevance (ConRel) between document DG1 = “Ocotlan next Chapala Lake” and query is obtained. The first ranking stage ends here. The next step consists of processing the context vector to weight the documents retrieved from two other information sources. This process is explained in Sects. 3.2 (Geographical Ranking) and 3.3 (Topological Ranking). 3.2 Geographical Ranking Geographical Ranking (GeoRank) is the second stage of iRank. GeoRank measures geographic relevance using geographic properties. Weighting is performed by comparing a query and a document from geographic dictionaries. This process is called geographical relevance (GeoRel). First, ConRel is calculated by processing the context vector from Sect. 3.1 and the geographical properties of the objects included in a query. Then, a two-step process is applied. (1) Form pairs of geographical objects: the first object corresponds to the query and the second one corresponds to the document. (2) Processing weights of geographic objects from Vc .

iRank: Integral Ranking Geographical Information Semantic, Geographic

85

To explain this process, the query QG1 = Cities near Chapala Lake and a pair of retrieved documents from dictionaries are considered. The documents are: DG2 = “Urban Area shares Railroad” and DG3 = “Urban Area shares Water Body.” Applying the first step for document DG1, the following pair of objects is formed: “Urban Area” vs. , the relationship pair “share” vs. , and finally “Railroad” vs. . Thus, applying the second step to vs. “City” shows that has a Wi = 0,87 (see Sect. 3.1), while “City” has a Wi = 0.76. An average between these values is calculated, giving the relevance of . Relationship “shares” has Wi = 0.7 with respect to the relationship , while “Water Body” has Wi = 0.67 and has Wi = 0.87. An average between them is calculated, giving the relevance of “Water Body.” The geographical relevance (GeoRel) is obtained by 4. Con Re l (QG , DG ) =

Wc1 + Wc2 + Wc3 , 3

(4)

where GeoRel is the geographical confusion between query QG and the document (DG ) and Wi is the initial weight of each element of the triplet <what, rel, where>. Therefore, applying (4) to DG2 , gives (0.87 + 0.7 + 0)/3 = 0.52, while for DG3 , (0.87 + 0.7 + 0.67)/3 = 0.74 obtained. Figure 3 shows the described process for query QG1 and documents DG2 y DG3 .

Fig. 3 GeoRanking. Documents retrieved from dictionaries, and Context Vector (Vc)

86

F. Mata, S. Levachkine

Figure 3 shows the context vector and its values of relevance as well as the pair of documents retrieved from dictionaries. Then, geographical relevance is calculated by (4); for example, vs. “Water Body,” vs. “railroad,” and vs. “Urban Area.” In this case, r13 and r17 are labels of relationship number of . This is the mechanism of GeoRank. Now, the second stage of ranking ends. The next stage is aimed at ranking the retrieved documents from the last information source (TopologyFiles). This process is explained in Sect. 3.3 (Topological Ranking). 3.3 Topological Ranking The third stage of iRank establishing the topological relevance between the document and the query is named Topological Ranking (TopologyRank). To achieve this, TopologyFiles [8] (a file format that stores topological relationships between two geographic objects) is used. Then, to assess relevance, spatial relationships are classified in three groups according to what is defined in [1] and [16]. The first group deals with spatial relationships of Inclusion (if an object A is in an object B), the second one is Proximity (how close is the object A to the object B), and the third one is Siblings (two concepts are siblings if they have the same father). In the following, the rules for assessing these aspects are defined and then ranked with a value of relevance. 3.3.1 Inclusion

Check if Sd falls within Sq, where Sd is the geographic scope of the document, while Sq is the geographic area of the query. For example, Sq of the query QG1 is “Guadalajara” and Sd of the document DG1 is “Chapala Lake”. Equation (5) is applied to determine that inclusion between “Guadalajara” and “Chapala Lake” is 2/5. ⎧ NumDescendants ( Sd ) + 1 if Sd ⊂ Sq ⎪ Inclusion ( Sq , Sd ) = ⎨ NumDescendants ( Sq ) + 1 ⎪ 0 otherwise. ⎩

(5)

Equation (5) returns values in the interval [0, 1]. The maximum value is when both elements have the same number of descendants (Sd falls within Sq) and the minimum one when Sd has no descendants. NumDescendants (S) + 1 is the number of scopes within S, plus scope itself (that is to say, relations “sub-of-region” in the GeoOntology).

iRank: Integral Ranking Geographical Information Semantic, Geographic

87

3.3.2 Siblings

A binary function checks if Sq and Sd are siblings in the GeoOntology, defined by (6). For example, “River” and “Lake” have the same father and therefore are siblings. The maximum value (unity) of the function is when the elements are siblings and the minimum (zero) when they are not siblings. ⎧⎪1, if ∃Sx : parent ( Sq ) = Sx ∧ parent ( Sd ) = Sx , Siblings ( Sq , Sd ) = ⎨ ⎪⎩0, otherwise.

(6)

3.3.3 Proximity

Proximity is the inverse of Euclidean distance between two objects, where the first object belongs to the query, and the second one to the document. It is defined by (7): Proximity ( Sq , Sd ) =

1 , Distance ( Sq , Sd ) 1+ Diagonal ( Sq )

(7)

where Sq is the geographic scope of the geographical reference of the query and Sd is the geographic scope of the object described by the document. For example, query scope of QG1 is Guadalajara city because Chapala Lake lies within Guadalajara city. The allocation of this scope (a numeric value) is obtained semi-automatically and presented in a table, using Java tools and shapefiles in conjunction with the criteria established by a GIS specialist. In addition, the Euclidean distance is normalized by the diagonal of the MBR (minimum bounding rectangle) defined for the geographic area of the query (MBR is a rectangle of minimal size that completely encloses the irregular shape of a region). Now, the explanation proceeds on how to calculate the topologic relevance with the following example which Consider query QG1 = and a pair of retrieved documents, DG4 = “Grijalva River crosses Villahermosa” and DG5 = “Ocotlan next Chapala Lake.” Note, that it is a priori known that the document DG4 is irrelevant and that the document DG5 is relevant to query QG1. Topologic relevance is calculated using the following four steps (1) check if objects belong to the same class; (2) extract the geographic scope of the document and query to assess the proximity, inclusion, and siblings; (3) apply an overlay operation between geographic scopes of the document and the query; and (4) topological

88

F. Mata, S. Levachkine

relevance is calculated by the average of overlay, inclusion, siblings, and proximity. Then, arrive at a match between concepts associated with DG4 and QG1. because both of them are linked with the {City} concept. Figure 4 shows this process.

Fig. 4 Identifying concepts associated with the documents and query

The second step is to extract the geographic scope of the query and documents. For QG1 , the geographic area of is extracted, while for document DG4 the length of Grijalva River is defined. Then, the inclusion, proximity, and siblings for both objects are verified. There is no inclusion (Grijalva River is not within the Chapala Lake) so closeness is zero, siblings function is equal to unity, because River and Lake are water bodies, and Proximity is zero. Then, taking the results of these operations, the relevance value is 1/3. At the third step it is verified whether overlapping between two objects exists. If they do not overlap, the topological relevance is zero. In the case of overlapping, the size of the overlapped geographical area is defined, and this value is considered as its relevance. This operation is displayed in a table where the MBR records of each object are stored. Finally, at the fourth and final step, the results are organized according to the overlapping area in ascending or descending order. The process is the same for the rest of the relationships associated with proximity, according to the involved relationship; previously defined functions are applied to obtain the topological relevance.

iRank: Integral Ranking Geographical Information Semantic, Geographic

89

4 Experiments and Results iRank has been tested using documents retrieved by iGIR [6], the system that retrieves documents based on integral matching using three sources of information (the same as in this paper). Nine hundred documents have been used, including 300 of topologyfiles [6], 300 of geographic dictionaries elements, and the elements of GeoOntology. Queries possessing spatial relationships: “near,” “in,” and “within” were considered. The relevance belongs to the interval [0, 1] and five classes for describing the document relevance are established. The first one named “null relevance” for documents with value = 0, the second one is “small relevance” (values from 0.1 to 0.3), the third one range marks “medium relevance” (values from 0.4 to 0.6), and the fourth one is defined as “somewhat relevant” (values from 0.7 to 0.9). Finally, the fifth one is “complete relevance” corresponding to the documents weighted with value of unity. An example of “complete relevance” is shown using query QG1 = with document DG7 = “Guadalajara near Chapala Lake,” because Guadalajara is a city near Chapala Lake. To explain these results, consider Fig. 5 which shows Chapala Lake and municipalities and highways surrounding it.

Fig. 5 Counties and highways surrounding Chapala Lake

Table 1 shows the results obtained by iGIR for query QG1 = “Cities near Chapala Lake” and their ranking values according to GeoRank, TopologyRank, and Concept Rank (iRank). Table 1. Results for the query: Q = {“Cities near Chapala Lake”} G1

Document

GEO RANK

Rank position

TOPOLOGY RANK

Rank position

CONCEPT RANK

Rank position

iRank value

Rank position

Poncitlan Chapala Tizapan C. Régules Tuxcueca Jocotepec V.Carranza Ocotlan Jamay Briseñas

0.964 0.895 0.836 0.796 0.758 0.708 0.698 0.687 0.671 0.652

1 2 3 4 5 6 7 8 9 10

0.891 0.904 0.837 0.810 0.673 0.842 0.679 0.718 0.710 0.639

2 1 4 5 8 3 9 6 7 10

0.42 0.87 0.266 0.256 0.29 0.29 0.27 0.299 0.263 0.29

6 1 2 5 8 4 7 3 10 9

0.758 0.889 0.646 0.620 0.573 0.613 0.549 0.568 0.527 0.548

2 1 3 4 6 5 8 7 10 9

90

F. Mata, S. Levachkine

Table 1 shows rankings corresponding to ten retrieved documents. The last column contains the values generated by iRank. For example, the document “Chapala,” GeoRank places in position 2, while TopologyRank and ConceptRank place it in the first position. The reason for this difference is that GeoRank considers the geographic area of Chapala, located lower than Poncitlan municipality. TopologyRank considers the roads that connect Poncitlan municipality, and Chapala municipality with Chapala Lake. In its turn, ConceptRank considers the name of the municipality that in this case coincides with the name of the lake. By integrating these three criteria, iRank places it in the first position. Another example for discussion is the document of “Jocotepec,” where each of three weighting measures places it in different positions. GeoRank places it in the sixth position because its geographic area is the second largest of ten municipalities. TopologyRank, places it third because it has a road connecting with Chapala Lake. ConceptRank places it in the fourth position according to its semantic relations. By integrating these criteria finally iRank places it in the fifth position.

5 Conclusions and Future Work iRank is a method of integral ranking that weights the retrieved documents obtained from three sources of heterogeneous data: topological files, geographic dictionaries, and conceptualization (the meaning of geographical space for a group of people) of objects contained in the documents and queries. iRank uses confusion metrics by taking advantage of the hierarchical nature of the geographical space, through which one can determine if two objects are similar according to their topology, spatial semantics, and geographic properties. The results show that integrating these aspects can improve the ranking process. However, more experiments, using other topological relationships, for example, those from model of 9 – intersection, would be very useful in future work. The plan is to enrich GeoOntologies with conceptualizations built by GIS communities and Web users. Also, the modules will be designed to process the elements of queries according to other aspects related to the places’ names. Finally, the system’s performance test on larger data collection is needed.

iRank: Integral Ranking Geographical Information Semantic, Geographic

91

Acknowledgments The authors of this paper thank the Center for Computing Research (CIC), SIP–IPN, National Polytechnic Institute (IPN), and the Mexican National Council for Science and Technology (CONACYT) for their support.

References 1. Egenhofer MJ, Mark D (2001) Naive geography. In Frank AU, Kuhn W, (eds) Spatial Information Theory: A Theoretical Basis for GIS, vol 988 of Lecture Notes in Computer Science, pp 1–16. Springer, Berlin 2. Jones CB, Alani H, Tudhope D (2001) Geographical information retrieval with ontologies of place. In Proceedings of COSIT-2001, Spatial Information Theory Foundations of Geographic Information Science 3. Nedas K, Egenhofer M (1995) Spatial similarity queries with logical operators. In STD’03 Eighth International Symposium on Spatial and Temporal Databases 4. Larson R (1995) Geographic information retrieval and spatial browsing. Geographic Information Systems and Libraries: Patrons, Maps, and Spatial Information, pp 81–123 5. Vaid S, Jones CB, Joho H, Sanderson M (2005) Spatio-textual indexing for geographical search on the web. In Proceedings of the 9th Int. Symp. on Spatial and Temporal Databases (SSTD), LNCS, vol. 3633, pp 218–235 6. Mata F (2007) Geographic information retrieval by topological, geographical, and conceptual matching, Second International Conference, GeoS 2007, Proceedings. LCNS 4853 Springer 2007, ISBN 978-3-540-76875-3, Mexico City, Mexico 7. Baeza-Yates R, Ribeiro-Neto B (1999) Modern Information Retrieval. ACM Press Series/Addison Wesley, New York 8. Levachkine S, Guzman-Arenas A (2007) Hierarchy as a new data type for qualitative variables: J Expert Systems with Applications 32(3):899–910 9. Jones C, Abdelmoty AI, Fu G (2003) Maintaining ontologies for geographical information retrieval on the web. In Proceedings of on The Move to Meaningful Internet Systems: coopIS, doa, and odbase Ontologies, Databases and Applications of Semantics, odbase’03, LNCS, vol. 2888 10. Clementini E, di Felice P, van Oosterom P (1993) A small set of formal topological relations suitable for end-user interaction. In LNCS 692: Proc. 3rd Int. Symposium on Advances in Spatial Databases, pp 277–295 11. Fu G, Jones CB, Abdelmoty AI (2005) Ontology-based spatial query expansion in information retrieval. In Proceedings of In On the Move to Meaningful Internet Systems 2005: ODBASE 2005, LNCS, vol 3761, pp 1466–1482 12. Belussi A, Catania B, Modesta P (2005)Towards Topological Consistency and Similarity of Multiresolution Geographical Maps GIS’05, Bremen, Germany

92

F. Mata, S. Levachkine

13. Hill L (2000) Core elements of digital gazetteers: Placenames, categories and footprints. Borbinha J, Baker T (eds) Research and Advanced Technology for Digital Libraries, proceedings 14. Jones CB, Harith A, Tudhope D (2001) Geographic information retrieval with ontologies of place. Montello DR (ed) Spatial Information Theory. Foundations of Geographic Information Science. International Conference, COSIT 2001, Springer 15. Burns H, Egenhofer M (1996) Similarity of spatial scenes. In Processing 7th International Symposium on Spatial Data Handling, pp 31–42 16. Andrade L, Silva M (2006) Relevance ranking for geographic IR, Workshop on Geographic Information Retrieval, USA. SIGIR

A Multi-scale and Multi-modal Transportation GIS for the City of Guangzhou

Shaopei Chen, Christophe Claramunt, Cyril Ray, and Jianjun Tan Guangzhou Institute of Geochemistry, Chinese Academy of Sciences, Guangzhou 510640, People’s Republic of China, [email protected]

Abstract. The search for better urban living has significantly increased the demand for efficient and sustainable multi-modal transportation systems in large urban areas. This should favor emergence of balanced transportation systems that use each mode for what it does best. However, the development of urban transportation policies partly relies on the availability of appropriate data and then information. The research introduced in this paper proposes a multi-modal and multi-scale data model oriented to the representation of the urban transportation system of the city of Guangzhou in China. The model introduced takes into account different transportation modes and integrates them within a federated data model designed using an object-oriented approach. Such a model allows the development of specialized services designed after a survey and study of users’ and planners’ requirements. The approach is experimented in a district of the city of Guangzhou and validated by a prototype development. This experimental system enables transportation planners and decision-makers to take better decisions effectively, and provides highquality geospatial information-based services to final end-users. Keywords: Transportation GIS; Multi-modal transportation network; Object-oriented data modeling

V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_6, © Springer-Verlag Berlin Heidelberg 2009

95

96

S. Chen et al.

1 Introduction Nowadays, the concept of sustainable development becomes a key factor in the planning of modern cities. This trend is closely related to the improvement of the quality of life in a city, including ecological, cultural, political, institutional, social, and economic components without leaving a burden on the future generations [16]. Sustainability influences public policies, and favors the development of better urban environments and improving quality of life. This is crucial as the continuous growth of the world population leads to the emergence of modern megalopoles where urban decision-makers face extremely complex challenges. By 2007, more than 50% of the world’s population lived in urban areas, and most of these dwellers are relying heavily on public transportation modes to meet their mobility needs [18]. Urban transportation is a fundamental means to allow access to jobs, markets, education, health care, and other primary services and leisure; it is a vital asset for the development of modern cities. Urban transportation has been long oriented to individual commuters, as cities were viewed as locations of utmost human interactions with intricate traffic patterns linked to commuting, commercial transactions, and leisure/ cultural activities [17]. Sustainable transportation looks forwards to the efficient transportation of passenger and goods, and to sustainable freight and delivery systems. Transportation planners and decision-makers are increasingly considering multi-modal urban transportation strategies to support sustainable transportation associated with urban development [10]. A multi-modal or inter-modal urban transportation system can be defined as the use of two or more modes involved in the movement of people or goods from origin to destination [5]. It appears that quality of multi-modal urban transportation networks is determined not only by availability of main transportation modes, but also by accessibility to and between these modes and services. Nowadays, the main objective of urban transportation organizations is not only to design, build, manage, and extend transit networks but also to maintain high-quality accessibility to these transportation systems taking into account the value and quality of the services provided to dwellers. This implies reconsidering the methods and approaches that support the development and planning of urban transportation systems. In particular, this brings forward the role of federated information systems, as a resource to provide decision-makers, planners, and end-users with the appropriate information at the right time.

A Multi-scale and Multi-modal Transportation GIS for the City

97

Nowadays, the evaluation of the efficiency of transportation systems also relies on the availability and close management of performance indicators that should reflect a wide range of social, economic, and environmental objectives [9, 12], among which quality of accessibility to transportation modes, modal interconnections, and diversity of transportation modes are key factors. Quality of public transportation services is influenced by many aspects such as coverage (e.g., portion of households and jobs within 5-min walking distance of a 15-min transit service), service frequency, punctuality, comfort (e.g., portion of trips in which a passenger can sit and portion of transit stops with shelters), affordability (e.g., fares as a portion of minimum wage income), information availability, safety (e.g., injuries per billion passenger-miles), and travel times. Although nonexhaustive, these indicators provide many significant inputs for identifying sustainable transportation development strategies. The need for reliable data and thus information have motivated and favored the application of geographical information systems (GIS) to transportation systems [19]. GIS can be defined as an information system oriented to the integration, modeling, analysis, and visualization of geo-referenced information [1]. GIS-T denotes a specific expression that encompasses all the activities that involve the use of geographic information systems for some aspect of transportation planning and management [4]. Miller and Shaw [14] defined GIS-T as the principles and applications of applying geographic information technologies to transportation problems. GIS-T should help transportation planners and decision-makers to take better decisions, and should provide high-quality spatial information-based services to the end-users. One of the specific peculiarities when designing a GIS-T is that available networks should be represented at different scales and granularities in order to reflect multiple abstraction levels used for either planning or managing tasks, or performing a displacement at the end-user level [13]. Transportation modes are varied as they include street, bus, rail (metro), walking, or cycling service routes and their interconnections. Therefore, a crucial issue when delivering transportation services to endusers is to take into account the possibility of combining these transportation modes. This implies, at the conceptual modeling level, considering semantic and topological connexions between these transportation modes. This represents the static component of a multi-modal and multi-scale GIS-T, to be completed by the dynamic properties of such a system [8]. This implies representing the behavior of discrete mobile objects, e.g., vehicle, people, buses, or metro, within the transportation system, such as a dis placement over a given period of time between an origin area and a destination area [7], and integrating the static and dynamic components of a given network system at different levels of abstractions [6]. At a

98

S. Chen et al.

higher level of abstraction, GIS-T models can be combined with origindestination surveys and behavioral frameworks in order to study and understand the transportation patterns and trends that emerge from a given urban system [11]. The objective of the research presented in this paper is to introduce a methodological approach to design and implement a GIS-T applied to the modeling of an urban transportation system. The project is experimented in the context of the urban transportation system of the city of Guangzhou in China. The experiment is realized in close collaboration with the GIS centre of the Guangzhou Institute of Geochemistry, Chinese Academy of Sciences (GIGCAS), and Guangzhou CASample Information Technology Co., Ltd. These two institutions provide information-based data and services for the development and co-management of this project. The research introduces a multi-modal and multi-scale transportation data model, designed at the conceptual and logical levels, and whose objective is to favor a global management and planning approach of the transportation system of the city of Guangzhou. The modeling approach is supported by an objectoriented modeling method. A prototype system is experimented and illustrated. It supports the implementation and delivery of added-value interfaces and services oriented to the promotion of multicriteria selection of transportation modes. The rest of the paper is organised as follows. Section 2 introduces the modeling components of the transportation system while Sect. 3 develops the principles of the multi-modal transportation services developed so far. Finally, Sect. 4 concludes the paper and outlines further work.

2 Towards a Multi-modal Transportation GIS This section introduces the principles retained for the design and development of the multi-modal and multi-scale GIS-T data model. The modeling approach is supported by an extensive study of the transportation patterns and requirements of the city of Guangzhou [3]. This modeling approach is applied to the urban system of the city of Guangzhou using an objectoriented modeling method. The object model is designed by adapting a UML-based case tool initially introduced by Booch et al. [2]. The main transportation modeling components are the bus, metro, and street transit networks. We also consider walking opportunities related to the street network.

A Multi-scale and Multi-modal Transportation GIS for the City

99

2.1 Bus Transit Network The bus network infrastructure is composed of the bus lines of the city. A bus line spreads on streets with two paths restricted by semantic connectivity, i.e., traffic rules. The main modeling concepts of the bus transit network are as follows (Fig. 1):

Fig. 1 UML-based conceptual view of the bus transit network

• A bus route is a directed path of a bus line. A bus line has two bus routes (i.e., one for each direction). • A bus route is a directed path composed of a sequence of bus route stops and segments. A bus route segment is connected to two bus stops. A bus stop is connected to a side of the street. Bus stops located in a same location of the street whatever the side of the street are commonly aggregated towards the notion of a bus platform.

100

S. Chen et al.

2.2 Metro Transit Network The metro transit network of the city of Guangzhou is an underground rapid rail network system made of fixed routes, station halls, platforms, and tunnels. A station hall provides ticket services to passengers. A platform is a boarding site alongside railroad tracks. Tunnels can lead passengers from an underground station to several different locations, i.e., entrances/exits on the ground. Figure 2 illustrates a conceptual view of the spatial entities of the metro transit network using UML-based notations whose main principles are as follows. A metro line is a directed path made of a sequence of metro way stops and metro way segments. A metro way stop is associated with a metro way station. Several metro way stops are aggregated towards the notion of a metro way platform. Last, a metro platform is related to several metro passage ways and entrances. 1

passes by

1..*

{in a metro station where is a junction of metro lines } Metro station

connects to 1..*

1

linked up with 1..*

1 1..*

connects to 1

1..* Metro passageway Metro platform 1

Metro line 1

Entrance/exit 1..*

linked up with connects to {in a same metro station}

2

1 connects to

1

form

1..*

1

to

1..*

1..*

Metro way

Metro way stop

1

Metro way segment 1..*

is composed of a sequence of interconnected

Legend Entity

Metro platform

Metro line

Metro way stop

Metro way

Entrance/exit

Metro passageway

Fig. 2 Conceptual view of the metro transit network

A Multi-scale and Multi-modal Transportation GIS for the City 101

2.3 Streets Network The public transit network is represented at different levels of abstraction, and supports different logical views of the transport infrastructure. Streets are represented as logical network objects. The main modeling components of a street network are as follows (Fig. 3): generates from

Turning information

associated with

1 1

connects 2 {in a same intersection}

Turning link

from

1

1..*

Road segement centerline intersection point

to

{real traffic conditions}

from

to

from

to

is abstracted as sideways

Carriageway centerline

Road segment centerline

Carriageway centerline intersection point

located on

Pedestrian facilities

1..* from

to

from

is linked up with

1..* to

is abstracted as

Walking link

located on

1

1

2

11

0..* Anchor point of walking network

Transfer point

from

to

is abstracted as Bus stop

0..*

is abstracted as

is referenced to a end of

by a shortest walking link

Metro entrance/exit Shortest walking link

Metro passageway is referenced to a end of

Road segment centerline

Turning link

Carriageway centerline

Walking link

Intersection point

Transfer point

Intersection point

Anchor point of walking network

Metro entrance/exit

Fig. 3 UML-based conceptual view of the transit network

102

S. Chen et al.

• A street is defined by a set of interconnected street segments denoted as “road segment center line” (RSCL) connected to street intersections denoted as “RSCL intersection point” (RSCLIntPnt). Turning directions at street intersections are modeled at the logical level using look-up tables tables that store bidirectional node-link opportunities. • A street segment is divided into several parallel strips by median or other other dividing strips (e.g., barriers). Each parallel strip is represented as a carriageway denoted as a “carriage way center line” (CWCL). Each carriage way has a starting and ending node denoted as “CWCL intersection point” (CWCLIntPnt). • A directional carriage way includes one to several traffic lanes.

2.4 Walking Links Walking links are essential means to support connections between a commuter and a transportation mode, and between different transportation modes. Each public transit route has a sequence of stops for passengers boarding or alighting. Route stops and opportunities are located at the same site, or nearby, thus walking links are essential. For instance, metro and bus routes should be appropriately linked up with walking paths thus defining a notion of service area. Most of the streets of the city of Guangzhou provide sideways for pedestrians. These sideways can be referred to as pedestrian service routes. We introduce the term “walking link” to represent these routes. In order to reduce data redundancy and to avoid an increase of the complexity of the data model, a walking link is modeled at the logical level as a CWCL. These walking links are designated to support bidirectional walking links. Nevertheless, turning restrictions between CWCLs should be different from those between walking links, taking into consideration turning and connection opportunities managed by traffic controls. For example, vehicles may be restricted in making a right turn at a given street intersection, but this control may not be valid for pedestrians. These turning opportunities are represented using look-up tables that stores bidirectional node-link possibilities. Although pedestrians can usually make turns freely at an intersection, some intersections deploy barriers to separate motor vehicle lanes from pedestrian lanes for traffic safety. These pedestrian facilities are usually implemented to provide a passage for pedestrians crossing a street or intersection safely. Such a passage is also modeled by a walking link. Also, metro passageways are designed as walking links, as are shortest walking

A Multi-scale and Multi-modal Transportation GIS for the City 103

links between entrances/exits of a CWCL or a CWCLIntPnt. The modeling concept of a walking link covers a wide range of transportation facilities, including pavements, pedestrian turning opportunities, and passageways towards and inside metro stations, and thus are facilitators for multi-modal transportation.

3 Multi-modal Transportation Services A GIS-T prototype has been developed using ESRI ARCGIS and Map Objects. The conceptual and logical data model has been implemented on top of ESRI Arc SDE, that is, an application server that facilitates storage and management of spatial and nonspatial data. Microsoft SQL Server 2000 has been selected as the Arc SDE-based relational database management system to integrate spatial and nonspatial data. Software and service developments have been performed using ESRI Map Objects and MicrosoftVisual Basic 6.0. Figures that appear from the experiments made in the city of Guangzhou (studies and implementation applied to Tianhe District) clearly show that a combination of several transportation modes dramatically extends the urban coverage of transportation facilities. The multi-modal modeling approach provides a methodological support for the development of multiroute planning. Figure 4 illustrates a typical multi-modal route that involves a bus route, a metro way, and several walking links. Such a multi-modal route involves several constraints that include connection possibilities at the physical level (i.e., possibility of performing a multi-modal connection using walking links and logical connections between L3w Metro station M

Metro station N Bus stop A

Lb

L2w

Lm

Bus stop B

L1w

Origin O

Bus route

Metro way

Walking link

Fig. 4 Example of multi-modal route

Destination D

104

S. Chen et al.

different transportation modalities) and temporal constraints (i.e., derived from public transportation timetables). The evaluation of the “cost” of multi-modal transfers is an important constraint when searching for a relevant route. Transfer costs involve different impedance parameters that should be matched to the logical representation of the multi-modal transportation network. One should also take into account the fact that criteria are spatial (e.g., walking distances between different transportation modes) and time-dependent (e.g., transportation timetables), and that different people may have different expectations. This stresses the fact that in all cases such a system should be considered as a decision-aided system, not a definitive solution provider to a multicriteria decision process. For a given transportation mode, the notion of service area is of crucial importance as it defines the coverage with respect to a population area (Fig. 5, example of a service area defined using a radius of 300 m, and

Legend Bus stop inside service area

Block

Metro entrances/exit

Green belt Service area

Fig. 5 Service area of a metro station

A Multi-scale and Multi-modal Transportation GIS for the City 105

where metro and bus stops are highlighted as possible transfer nodes). This is particularly relevant when the origin and destination of a given route are given as search criteria. The accessibility of public transportation can be evaluated by identifying areas served and not served. The experiments made in the city of Guangzhou clearly show that a combination of several transportation modes dramatically extends the urban coverage of transportation facilities. Figure 6 shows the resulting service coverage areas derived from a combination of metro service and bus service coverage areas. Time is a key measurement and variable for travel planning, and a key variable for measuring transportation service efficiency. Time consumption is usually determined by a function of distance and speed. Although metro timetables are generally respected, buses share roads with other motor vehicles and are affected by traffic conditions and traffic controls, especially in overcrowded urban areas. Therefore, average and expected speeds are given to buses in peak and nonpeak hours; this is at the bus route segment level and fixed according to a study made in the center of Tianhe District, following a study of Wang et al. [20]. Time costs of walking links are given according to an average speed of 5 km per hour in open areas. When searching for a route a commuter can define the maximum walking distance he is ready to perform for a given transfer. The time cost of waiting for a bus is determined by practical experience. As it usually appears that the number of transfers should be limited to a reasonable number in order to not discourage commuters, this value is denoted as the route fare in the city of Guangzhou, i.e., 1, 2, or 3 Yuan.

Metro entrance service coverage

Bus stop service coverage

Metro entrance

Bus stop

Fig. 6 Metro station and bus service coverage areas

106

S. Chen et al.

As observed in previous studies [15], a given commuter might also prefer to take transportation opportunities with reliable travel times (e.g., metro), rather than potentially faster solutions but dependent on traffic conditions (e.g., bus). Therefore, and to a certain degree, it appears that a multiple coverage of service opportunities is a key factor regarding the quality of transportation services provided to commuters. Figure 7 illustrates the main urban areas covered by multiple examples of multicriteria and multi-modal public transport between an origin and a destination.

Intersection of metro entrances ’and bus stops’service coverage Metro entrance

Bus stop

Fig. 7 Conjunction of metro and bus service coverage areas

Figure 8 illustrates an example of multicriteria and multi-modal public transportation transfer defined between an origin and a destination. The multicriteria route planning (Fig. 8a) includes several criteria such as the possibility of prioritizing a bus route only, a metro route only, and support of transfers or not between transportation modes. The system interface developed for the evaluation of the multi-modal route also gives several options such as the shortest path, shortest walking path, least fare, least time, or least number of stops. This provides a flexible interface where the commuter can define her/his proper constraints. Route proposals are returned using different forms: either using text-based and table instruction forms (Fig. 8b) or using a map presentation that outlines the resulting route (Fig. 8c).

A Multi-scale and Multi-modal Transportation GIS for the City 107

Figure 9 illustrates an example of multi-modal route planning that combines walking paths, bus routes and metro lines also presented to the commuter using map and text-based instructions. This is one of the solutions that present how to get to the destination from the origin as soon as possible, i.e., “least time,” by riding metro, then alighting the metro way and walking to board a bus route, finally walking to the destination. The assignment procedure of bus passenger demand generates demands for additional input information on bus route traffic flows. Forecasted route bus flows should be compared with existing patterns on the transportation network. The GIS-T data model facilitates the analysis of existing bus route flows on each road segment with opposite directions, as individual bus routes are referenced to directed carriage way center lines of road segment. Bus route flows on each directed carriage way indicate the current situation of public transportation services. Regarding a user’s request, a system-generated bus route volume should be compared to bus service conditions, particularly with respect to the spatial distribution of the transportation patterns and their intensity. This information also acts as a background to evaluate travel demands. Moreover, by comparing common suggested routes with existing bus route flows, refinements can be made with

Fig. 8a Multicriteria representation

Fig. 8b Results and text-based instruction

108

S. Chen et al.

Legend Origin

Bus route

Bus stop

Destination

Bus route

Walking path

Fig. 8c Map-based instruction of a multi-modal route Fig. 8 Example of multi-modal route

Text-based instruction

Map-based instruction Legend Origin

Metro way stop

Metro way

Destination

Metro entrance

Bus route

Bus stop

Fig. 9 Example of multicriteria and multi-modal routing

A Multi-scale and Multi-modal Transportation GIS for the City 109

Fig. 10 Bus traffic flows along road segments

respect to route scenarios and suggestions regarding the reengineering of the structure of the current transit network. For instance, Fig. 10 illustrates a heavy concentration of bus routes in a street corridor (i.e., Tianhe Road) in the center of Tianhe District. This indicates that the current bus route volume of Tianhe Road is under heavy pressure, and thus not a perfect candidate solution to be prioritized for multi-modal route planning, and that it also needs to be optimized in future transportation planning studies.

4 Conclusion A crucial issue for sustainable development is still to promote efficient urban transportation systems while reducing their negative impacts. This entails the need for effective transportation policies and services that should also be supported by efficient GIS-T models and services, and evaluated using appropriate methods. The main objective of the research presented in this paper was to develop and present a multi-scale and multi-modal GIS-T applied to the city of Guangzhou. The project developed so far provides several data management and integration facilities such as multi-modal transportation data representation and multi-modal route planning. The approach is supported by an object-oriented spatio-temporal modeling

110

S. Chen et al.

approach, based on an integration of several transportation modes, either public or private. The transportation services delivered provide several multi-modal transportation choices that prioritized multicriteria assessment of commuter options. The model has been applied to the city of Guangzhou, and validated by a prototype currently experimented in the transportation units of the city. The implemented approach and system provides several levels of services: a decision-aided system for urban planners and decision-makers, and a flexible interface for multiroute planning at the end-user level. Several avenues of research are still under progress or considered for further work, amongst them integration of realtime transportation data within a multiroute search process, and application of the methodological approach to planning scenarios oriented to the development of the transit network system.

References 1. Aronoff S (1989) Geographic Information Systems: A Management Perspective. Ottawa, Canada, WDL Publications 2. Booch G, Rumbaugh J, and Jacobson I (1999) The Unified Modeling Language Users Guide. Reading, Massachusetts, USA, Addison-Wesley 3. Chen S (2008) Multi-scale and Multi-modal GIS-T data model: A case study of the city of Guangzhou, China. Unpublished Ph.D. Report, Naval Academy Research Institute, Brest, France 4. Curtin K, Noronham V, Goodchild MF, and Grise S (2003). Arc GIS Transportation GIS Model, Redlands, California, USA, ESRI publications 5. Dewitt W and Clinger J (2000) Intermodal Freight Transportation, available at http://www.nationalacademies.org/trb/publications/millennium/00061.pdf 6. Etches A, Claramunt C, Bargiela A, and Kosonen I (1999) An interoperable TGIS model for traffic systems. In: Gittings B (ed), Innovations in GIS 6, Integrating Information Infrastructures with GI Technology, London, Taylor & Francis, pp 217–228 7. Fletcher D (1987) Modelling GIS transportation networks. In: Proceedings of the 25th Annual Meeting of the Urban and Regional Information Systems Association, pp 84–92 8. Goodchild MF (1999) GIS and transportation: status and challenges. Keynote address, International Workshop on GIS-T and ITS, Chinese University of Hong Kong, Hong Kong, China 9. Gudmundsson H (2001) Indicators and Performance Measures for Transportation, Environment and Sustainability in North America. National Environmental Research Institute, Roskilde, Denmark, available at www.dmu.dk/ 1_viden/2_Publikationer/3_arbrapporter/default.asp 10. Krygsman S (2004) Activity and travel choice(s) in multi-modal public transport systems. Unpublished Ph.D. Report, Utrecht University, The Netherlands

A Multi-scale and Multi-modal Transportation GIS for the City 111

11. Lee–Gosselin M and Doherty ST (2005) Integrated Land-Use and Transportation Models, Oxford, UK, Elsevier 12. Litman T (2003) Mobility Management. Sustainable Transport Sourcebook. The Sustainable Urban Transport Project in Asia and GTZ; available at www.vtpi.org/gtz_module.pdf 13. Mac Cormack E and Nyerges T (1997) What transportation modeling needs from a GIS: A conceptual framework. Transport Plan Technol 21:5–23 14. Miller HJ and Shaw SL (2001) Geographic Information Systems for Transportation: Principles and Applications. New York, Oxford University Press 15. Peytchev E and Claramunt C (2001) Experiences in building decision support systems for traffic and transportation GIS. In: Proceedings of the 9th International ACM GIS Conference, Aref WG (ed), ACM Press, Atlanta, pp 154–159 16. Rees WE and Roseland M (1991) Sustainable Communities: Planning for the 21st Century. Plan Canada 17. Rodrigue JP (2006) The Geography of Transport Systems. In: Comtois C and Slack B (eds), New York, Routledge 18. Stella F, Viganò V, and Bogni D (2006) An integrated forecasting and regularization framework for light rail transit systems. Intell Transport Syst 10(2): 59–73 19. Thill JC (2000) Geographic Information Systems in Transportation Research, Oxford, UK, Elsevier 20. Wang B, Li JW, and Deng XD (2006) The new idea of advancing LOS of PT in Urban Central area – A case study of Circle Light Bus in Tianhe Area. Chongqing Jiaotong University 25(4):113–115

GIS for Profile-Based Context Formation in Situation Management

Alexander Smirnov, Nikolay Shilov, Tatiana Levashova, and Alexey Kashevnik St. Petersburg Institute for Informatics and Automation of the RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. Geographical and related information stored in the profiles of coalition operation members is of highest importance. The above information can be processed in order to build actual context for the current situation and create more efficient action plans. The profiles are assumed to contain such information as transportation means available, their current coordinates, availability, etc. Through inquiries of a geographical information system (GIS), the following information can be obtained: available roads (traffic management systems can also provide traffic situation information), current weather conditions (wind, temperature, precipitation), time of sunrise and sunset. Keywords: Geographical information system; Profiles; Context

1 Introduction Critical aspects of situation management incorporate managing and controlling sources of information, processing real-time or near real-time streams of events, representing and integrating low-level events and higher level concepts, multisource information fusion, information representation that maximizes human comprehension, and reasoning on what is happening and what is important [1, 2]. In this paper, the situation management is considered to govern the following type, of operations: medical care, evacuation, fire fighting, and accident investigation. These operations can be implemented either by V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_7, © Springer-Verlag Berlin Heidelberg 2009

113

114

A. Smirnov et al.

public organization or by different private organizations. Units that perform these operations are referred to as operation members. The paper proposes an approach based on technologies like context management, GIS, and profiling aimed at situation management. Two types of contexts are considered: abstract (defining structure of the problem/ situation) and operational (defining parameters). The operational context is based on the abstract context and information obtained from sensors and other sources. In real life situations it is often necessary to take into account a continuously changing traffic situation (e.g., to take into account traffic jams, closed roads, etc.) that makes the problem more complex and requires its solving in real-time. In this regard the operational context is constantly updated to provide up-to-date information for situation management. Operation member profiles contain such information as transportation available, current geographical coordinates, competencies, and operation member preferences. Competencies are described by such information as operation member capabilities, capacities, price-list in case of implementation by private organization, and implementation speed. Preferences determine constraints preferable for operation members. The paper is structured as follows. In the second section a service-oriented approach to context formation is discussed. Then the operation member profile model is presented. The case study is described in the fourth section. The most important results are summarized in the conclusion.

2 A Service-Oriented Approach to Context Formation The approach is built around central heavy application ontology (AO) for the domain of interests. The problems formalized in AO are proposed to be interpreted as a constraint satisfaction problem (CSP). CSPs are applied to modeling and solving a wide range of applications such as planning, scheduling, resource sharing, etc. To ensure compatibility of ontology-based knowledge representation and CSP, AO is specified by the formalism of object-oriented constraint networks (OOCN) [3]. CSP model consists of a set of variables; a set of possible values for each variable (its domain); and a set of constraints restricting the values that the variables can simultaneously take. According to the OOCN-formalism, knowledge is represented by sets of classes, class attributes, attribute domains, and constraints. The AO is made up of two constituents: domain knowledge and task knowledge. The domain knowledge represents conceptual knowledge. The task knowledge formalizes logistics problems. In AO the tasks are

GIS for Profile-Based Context Formation in Situation Management 115

represented by classes, input, and output arguments of tasks are represented by class attributes. Tasks are configured in accordance with tasksubtask decomposition structure, where tasks and their subtasks are linked by “part-of ” relationships. AO does not hold instances; instead it refers to Web-services responsible for supplying the DSS to data values. Web-service descriptions and the task knowledge are harmonized. Input and output arguments of functions that a Web-service implements correspond to class attributes of the task knowledge. Thus, the same attribute can be instantiated by several Webservices. The domain and task knowledge are interrelated by functional constraints showing what attribute of the domain knowledge takes its value as a function of the task output argument. The harmonization of AO and Web-service descriptions allows the Web-services to exchange information about their needs and possibilities in terms of the ontology vocabulary. Web-services describe their needs through a set of input arguments of the functions that these Web-services implement. Correspondingly, the possibilities are described through a set of output arguments of the functions. Relationships between the arguments and attributes of the classes representing the domain knowledge enable the Web-services to communicate about their arguments in terms of the domain knowledge. An ontology-based context [4, 5] is composed of knowledge relevant to the situation. Knowledge relevant to the situation is extracted from AO and integrated into an abstract context that is an ontology-based problem model or OOCN without values for model variables. The knowledge is extracted along with references to Web-services. The detailed description of the abstract context composing is presented in [6]. Data values are used to instantiate the abstract context. The instantiated abstract context is an operational context that is the problem model and values for the model variables. At the same time, this context is an OOCN to be interpreted as CSP. Different types of information sources are used for this instantiation (GIS, databases, sensors, web-sites, users). Thus, GIS is used as an information source for accessing the vector map of the situation region, available roads of the region, etc. A real-time picture of the situation, that is the operational context in a human readable form, is produced using different information sources, including GIS. The picture displays the physical map of the region where the roads and locations of the logistics members are indicated. This picture is presented to a decision maker and human members when their actions are requested. In the system approach (Fig. 1), two types of Web-services are distinguished: core Web-services and operational Web-services.

116

A. Smirnov et al. MemberProfileService Operation Member profile

MemberInteractionsService

ManagementService

AbstractContextService

Service registry

Abstract Context

AOAccessService Application ontology

Interactions of core Web–services Organisation of service network A set of solutions

InformationSource Проблемно– Проблемно– Service (GIS) ориентированный ориентированный веб–сервис веб–сервис Operational Web–services

ProblemSolving Проблемно– Проблемно– Service ориентированный ориентированный веб–сервис веб–сервис

Operational Context

Fig. 1 A Service-oriented approach to context formation

The core Web-services are intended for user support and creating a situation general model, i.e., the abstract context. The set of core Web-services comprises: • MemberProfileService – responsible for creation, modification, and update of member profiles; access to the profiles; collecting information about the user; revealing user preferences • ManagementService manages Web-services to create the abstract context. This service operates with a service registry. In the registry the services MemberInteractionsService, AOAccessService, and AbstractContextService are registered • MemberInteractionsService – responsible for communicating with members. It arranges interactions between the system and members providing the members with messages, context-sensitive help, pictures of the current situations, results of CSP solving, and delivering information from the member to the system • AOAccessService – responsible for an access to the AO • AbstractContextService – responsible for creation, storage, and reuse of abstract contexts. The operational Web-services are intended for producing a real-time model of the current situation, i.e., operational context, and for problem solving.

GIS for Profile-Based Context Formation in Situation Management 117

The set of operational Web-services services comprises: • InformationSourceService is a set of Web-services responsible for interactions with information sources of different types and processing information provided by these sources. The following types of information sources are distinguished: sensors, databases, Web-sites, GIS, and users • ProblemSolvingService is a set of Web-services responsible for problem solving.

3 Operation Member Profile Profile of an operation member is given in Fig. 2. Competencies and preferences of the operation member are important for determining which member is capable of carrying out a specified task and, hence, can be chosen as a team member. Member competence is determined by capabilities, capacities, price-list, and speed. The operation member profile comprises: General Information, Operation Member Information, Request History, Operation Member Preferences. General Information Organization ID Organization Name Foundation Date Homepage

Operation Member Information Member Name Location Time List of Languages Phone Number E–mail

Operation Member Preferences

Operation Member Competence Capabilities Capacities Price Velocity

Request History Request Context Operation Member Preferences Operation Member Information

Explicit Preferences Arrival Time Volume of Work Capability Restrictions Tacit Preferences Preferable Type of Accidents Preferable Properties

Fig. 2 Company competence profile

118

A. Smirnov et al.

The General Information part describes general information about an operation member organization. It contains the name of the organization, an organization identifier in the system, date of the organization foundation, and URL to the organization web page. Operation Member Information is a set of tuples describing information about the operation member. Each tuple contains the following properties: − Member Name: a name of an operation member − Location: current geographical location of a member; it can be taken into account for estimating rapidity and quality of request processing in a particular situation; this property is used by the GIS system for generating the map of the region with operation member, situation, and hospitals − Time: time zone of an operation member − List of Languages: represent languages for contacting an operation member − Rights: determine knowledge area which a member can access − Group: a member can be part of a group, based on its capabilities − Phone Number, E-mail: contact information − Operation Member Competencies includes the following properties: • Capabilities: determine types of operations that operation member can implement • Capacities: determine capacity of operation member (in case of evacuation how many people this operation member can evacuate) • Prices: determine evacuation member cost for implementation operation in case of implementation by private organization • Velocity: determine velocity of implementation operation by this operation member. Request History is also a set of tuples. Each tuple possesses the following properties: − Request: a request to a member − Context: is used to analyze performance of a member (other members can see solutions generated in particular situations) and to identify detectable member preferences − Operation member preferences: stores member preferences at the moment of request initiation. They contain a snapshot of all the properties of the category “Operation Member Preferences” − Operation member information: stores specific information about a member at the moment of request initiation. It contains a snapshot of all the properties of the category “operation member information”.

GIS for Profile-Based Context Formation in Situation Management 119

The Operation member preferences part consists of explicit preferences and tacit preferences. Explicit preferences describes member preferences that are manually introduced by a member. These preferences are used for choosing a member for a particular situation, and contain the member preferences for arrival time, volume of work, and capability constraints. The latter stores several capabilities and logical restrictions from a list of all the capabilities for the domain. Tacit preferences describe automatically detectable member preferences.

4 Case Study: GIS-Based Emergency Response System for Traffic Accident A group of people is traveling by vehicle. Suddenly this vehicle is involved in a traffic accident. The vehicle is supplied with a GPS (Global Positioning System), a smart sensor, and a transmitter. As soon as the sensor records the accident, it estimates how many people in the vehicle are injured and how much damage may have been caused to the vehicle. In addition, possible types of injury are assessed. The sensor determined that there had been a blow producing an ignition in the petrol tank. Likely, the four people need an emergency hospitalization. The location where the accident happened is positioned by the GPS. The information from the sensor and GPS is sent to an emergency response system by the transmitter. The emergency response system generates a real-time picture of the accident scene. The picture represents a map of the region with the region infrastructure, the accident location, and available resources to help traffic accident casualties. This picture is being submitted to a coordinator (a person in charge of the action on responding the traffic accident) along with a set of feasible action plans generated by the system for the available resources. The action plan for the traffic accident comprises a set of operation members selected by the system and a set of routes for different kinds of professionals to arrive at the accident location for their purposes. It should be noticed that professionals are considered to be resources as well. For the given scenario the system selects the following operation members: (1) emergency teams for emergency medical care and for transportation of the injured people to hospital(s), (2) fire fighters for ignition extinguishing, and (3) traffic police for the traffic accident investigation. For the selected operation members, the system generates a set of routes to be used for the above purposes. The routes are generated based on

120

A. Smirnov et al.

information about the types of vehicles available, the current weather conditions, the closed/open routes and the traffic jams. The coordinator chooses an action plan from the set proposed by the system, and corresponding actions are delivered to the members. If an operation member for some reason declines the plan, the system updates the current situation, regenerates the set of plans (taking into account that the above resource cannot participate), and submits the renewed set to the coordinator again. The plan updates are delivered to the resources. Figure 3 shows a scenario demonstrating interactions between different types of operation members. The emergency dispatcher enters a request about a traffic accident, through entering the points for accident location on the map, potential number of victims, and additional descriptions of the event. Based on this request an abstract context is built. Disaster

Dispatcher

Register request to the decision maker Decision Maker Submit task Solutions

or Operation Member declines the decision Operation Member accepts the decision

Core

Operation Member 1 Operation Member 2 …

and

Operation Member n

Member Profile Member Profile Member Profile

Decision Fig. 3 Operation members’ types and their interactions

The traffic accident scene (operational context) and the set of action plans are submitted to the decision maker. The decision maker chooses one solution (Fig. 4) from the generated set to be the decision. The solution presented in the figure is generated for four traffic accident victims, and eight emergency teams, eight firefighter brigades, and three police teams found in the region. Dotted lines in Fig. 4 depict routes to be used for transportation of the selected teams and brigades.

GIS for Profile-Based Context Formation in Situation Management 121

Fig. 4 Plan of actions for emergency teams and fire fighters

Fig. 5 Route for operation member on mobile phone screen

The interface of the system is Web-based, so regular Web browsers can be used for working with the system. The decision maker can see an interactive map and choose different parameters and criteria for problem solving. The vehicle drivers receive their assignments via Internet as well. They can see their routes using PDA or mobile phones (Fig. 5).

122

A. Smirnov et al.

The decision is delivered to the leaders of the emergency teams, fire fighters, and police teams, and to hospital administrations. They have access to the operational context through any Internet browser (a browser supported by a notebook, PDA, mobile phone, etc.).

5 Conclusion The developed service-oriented approach to context formation includes technologies of context management, ontology management, profiling, and Web-services. Context management technology enables the resources to be aware of real-world objects required in the current situation and typical problems being solved in situations of given types. Web-services provide the heterogeneous resources with a formal interface. Profiles allow for automating interaction between system and operation members. Profiles’ usage furnishes the operation members with the required information and the possibility to use competencies and preferences for the situation processing. Acknowledgments The research described in this paper is supported by grants from the following projects: grant No. 08–07–00264 of the Russian Foundation for Basic Research; grants No. 14.2.35 (research program “Mathematical Modelling and Intelligent Systems”) & No. 1.9 (research program “Fundamental Basics of Information Technologies and Computer Systems”) of the of the Russian Academy of Sciences (RAS).

References 1. 2. 3.

Jakobson G, Kokar MM, Lewis L, Buford J, and Matheus CJ (2005) Overview of situation management at SIMA 2005. In: Proceedings of the Workshop on Situation Management, Atlantic City, USA, pp 17–20 Scott P and Rogova G (2004) Crisis management in a data fusion synthetic task environment. In: Proceedings of the 7th Conference on Multisource Information Fusion Smirnov A, Pashkin M, Chilov C, and Levashova T (2003) Agent-based support of mass customization for corporate knowledge management. Eng Appl Artif Intell 16(4):349–364

GIS for Profile-Based Context Formation in Situation Management 123

4.

5. 6.

Griffiths J, Millard DE, Davis H, Michaelides DT, and Weal MJ (2002) Reconciling versioning and context in hypermedia structure servers. In: Proceedings of Metainformatics International Symposium, Esbjerg, pp 118–131; Denmark, http://eprints.ecs.soton.ac.uk/6829/01/mis02.pdf Robinson R (2000) Context management in mobile environments. Ph.D. Honours Thesis, School of Information Technology, University of Queensland, Australia; http://www.rickyrobinson.id.au/university/honours/thesis.doc Smirnov A, Kashevnik A, Levashova T, and Shilov N (2007) Context-driven information fusion for operational decision making in Humanitarian logistics. In: Popovich V, Korolenko K, and Schrenk M (eds): Proceedings of the third International Workshop – Information Fusion and Geographic Information System. Lecture Notes in Geoinformation and Cartography, Springer, St. Petersburg, Russia, pp 69–83

Immunocomputing for Geoinformation Fusion and Forecast

Alexander Tarakanov St. Petersburg Institute for Informatics and Automation of the RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. Based on immunocomputing (IC), this paper proposes a new way for geoinformation fusion, spatio-temporal modeling, and forecast. The approach includes mathematically, rigorous mapping of high-dimensional spatio-temporal data into a scalar index, discrete tree transform (DTT) of the index values into states of cellular automata (CA), and identification of CA by IC. Numerical examples use official data of International Association for the Development of Freediving (AIDA), World Health Organization (WHO), as well as time series of Solar Influences Data Analysis Center (SIDC) and National Aeronautics and Space Administration (NASA). Anomaly index is also proposed using special the case of DTT. Recent results suggest that the IC approach outperforms (by training time and accuracy) state-of-the-art approaches of computational intelligence. Keywords: Immunocomputing; Geoinformation fusion; Spatiotemporal modeling; Forecast

1 Introduction Information fusion in a form of aggregated index proved to be rather important for situation assessment and decision making in geoinformation and cartography. The map of complex environmental conditions [1] can be treated as an example of such a geoinformation index. This main map of the ecological atlas had been developed for the administration of the big

V.V. Popovich (eds.), Information Fusion and Geographic Information Systems. Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_8, © Springer-Verlag Berlin Heidelberg 2009

125

126

A. Tarakanov

city using 11 maps of partial ecological indicators such as the pollution of air and water, soil conditions, etc. Another example provides such an extreme sport as freediving which includes eight disciplines and rigorous protocols to calculate the aggregated score (rating), according to the International Association for the Development of Freediving (AIDA) [2]. A simple geoinformation index is shown in Fig. 1. This index is based on the world and national records in the AIDA discipline “constant weight with fins” (CWT). In Fig. 2, this CWT index is compared with “gross national income per capita” registered by the World Health Organization (WHO) [3]. Although both indexes are rather artificial, the comparison reveals clear inverse correlation (0.89) between the free diving records and the common weal. This surprising result at least confirms once again the importance of information fusion in a geoinformation index. Based on immunocomputing (IC) [4], this paper proposes a new way for geoinformation fusion, spatio-temporal modeling, and forecast. The approach includes (1) mapping (fusion) of high-dimensional spatio-temporal (geoinformation) data into scalar index, (2) discrete tree transform (DTT) of the index values (time series) into states of cellular automata (CA), and (3) identification of CA by IC. Numerical examples use time series of Solar Influences Data Analysis Center (SIDC) and National Aeronautics and Space Administration (NASA). Most Beautiful Countries of Freedivers _WORLD RUS CZE FRA CRN JPN ITA SWE UK USA NZ GRE CRO CRO FIN NOR BEL AUS BRA DEN GER NED SUI

Female

Male

Total

CWD record (m) 0

50

100

150

200

250

Fig. 1 Example of simple geoinformation index (total) as the sum of the AIDA registered records (female and male) in CWT discipline (constant weight with fins)

Immunocomputing for Geoinformation Fusion and Forecast 127

m 250

FREEDIVING VS MONEY

record

income $ 50000

Gross national income per capita

USA 45000

CWT record (femal + male) 200

40000

RUS CZE

FRA FRA

CAN CAN

150

JPN JPN

SWE

UK 35000

ITA ITA

SWE

UK

USA 30000 25000

CZE

100

20000 15000

50

RUS

10000 5000

0

country RUS

CZE

FRA

CAN

JPN

ITA

SWE

UK

USA

0

Fig. 2 Example of strong inverse correlation (0.89) between AIDA records (solid line) and WHO common weal (dashed line)

2 Immunocomputing The above mentioned ecological map [1] (which can also be treated as the map of a geoinformation index) has been computed using the IC approach. This approach is based essentially on mathematical models extracted as an abstract of general principles of information processing by proteins and immune networks [4]. It is worth highlighting that the approach appears to be useful in brain research, especially for discovering deep (biomolecular) similarities in the functional organization of brain and immune system [5]–[9]. These similarities confirm, by the way, that the IC is actually “intelligent” [10]. The key model of the IC approach is the formal immune network (FIN). Let us give a general (informal) idea of FIN regarding information fusion. Let situation be represented by vector X with real-valued components (features): x1 ,..., x n . Note that the number n of components can be rather big. The vector X is treated by the IC as an “antigen.” Let three “antibodies” Y1 , Y2 , Y3 have been computed by the IC approach. These vectors are also n-dimensional. Consider three values of “binding energy” FIN 1 , FIN 2 , FIN 3 between the antibodies Y1 , Y2 , Y3 and

128

A. Tarakanov

any antigen X: FIN 1 ( X ) = Energy ( X , Y1 ) , FIN 2 ( X ) = Energy ( X , Y2 ) , FIN 3 ( X ) = Energy ( X , Y3 ) . Thus, any high-dimensional situation can be represented as a point of three-dimensional (3D) space of FIN . Consider m known (training or “immunizing”) situations X 1 ,..., X m . Let any training situation have known type c (integer class or real-valued “index”): c1 = c( X 1 ) ,…, c m = c( X m ) . For example, such an index can be assigned by expert(s) and/or computed by the IC approach. Then any unknown situation X is mapped to the space of FIN and recognized by the class of the nearest training point (“cell”) of the FIN . More formal IC algorithm of pattern recognition is as follows. Training { 1st stage training // form FIN { Get training patterns; DTT of the training patterns; //”antigen processing" Form training matrix; SVD of the training matrix; Store [q] singular values; // "binding energies" Store [q] right singular vectors; // "antibodies" Store [m] left singular vectors; // "cells" of FIN } 2nd stage training // compress data by "maturation" of FIN { Apoptosis; // kill unnecessary cells Immunization; // add cells to correct mistakes of Apoptosis } } Recognition { Get pattern; // antigen DTT of the pattern; // antigen processing Map the pattern to FIN; // using [q] antibodies Find nearest cell of FIN; Assign class of the nearest cell to the pattern; }

This approach has been successfully applied to the reconstruction, simulation and spatio–temporal forecast of hydrophysical fields [11]–[13]. In the geoinformation index, the IC algorithm can be modified as follows.

Immunocomputing for Geoinformation Fusion and Forecast 129

Index Training { 1st stage training { Get [n] training signals; // "indicators" DTT of [n] training signals; Form training matrix [m x n] { While (i <= m) // for any time step t[i] { Get values of [n] signals; Form row [i] of the matrix; // antigen Mark row [i] with index c[i]; } } SVD of the training matrix; Store singular values and vectors; } 2nd stage training; }

In the case of spatio-temporal forecast, situation X is just previous values of any signal(s) (time series), while index c is the value to be predicted. In this case, the IC algorithm can be modified in the following way. Forecast Training { 1st stage training // form CA { Get training signal; // index DTT of the training signal; Form training matrix [m x n] { While (i <= m) { Get [n] previous values of the signal; Form row [i] of the matrix; Assign next value of the signal to c[i]; } } SVD of the training matrix; Store singular values and vectors; } Identify CA by IC; If (no conflicts) 2nd stage training; }

The next two sections provide numerical experiments to demonstrate the proposed IC approach to the forecast and geoinformation fusion, correspondingly.

130

A. Tarakanov

3 Forecast The feature of the proposing approach is the combination of IC with cellular automata (CA) [14]. Since all necessary mathematical models have been provided in our previous publications [10]–[14], let us consider again just a general idea. The idea is to represent the forecasting process (signal, time series, etc.) as a CA. This can be obtained by the following two steps: (1) DTT of the signal [15] and (2) identification of CA by IC [14]. Such a combined CA–IC model can further improve quality of the pure IC forecast in [13]. Consider a numerical example of monthly index of sun spots number (SSN). Let the task be the forecast of this index for any month in the future using 445 values of the index (Jan 1970 to Jan 2007) obtained from [16]. Consider 433 values (Jan 1970 to Jan 2006) as the training set and all 445 values as the test set. An example of such a CAIC model is shown in Figs. 3 and 4, whereas its main parameters are given in Table 1.

Fig. 3 Monthly index of solar activity (gray thin vertical lines) and CA-IC model for its forecast (black bar lines) FIN2

FIN1 FIN3

Fig. 4 FIN for the prediction of SSN index

Immunocomputing for Geoinformation Fusion and Forecast 131

Table 1. Parameters of FIN and forecast errors Previous months Conflicting rules of CA Cells in FIN forecast 3 105 N/A 4 36 N/A 6 5 N/A 8 2 N/A 9 0 349 12 0 365 24 0 304 36 0 273 54 0 245 69 0 224

Errors N/A N/A N/A N/A 9 11 11 6 5 0

Quality of the forecast can be estimated by Table 1 where the last column shows the number of months with incorrect forecast whereas the first column shows the number of previous months necessary for the forecast. The mathematically rigorous feature is that the IC approach does not make errors in any training set [13]. Namely this feature discovers all conflicting rules of CA (Second column of Table 1). If at least one of the rules exists then the CA is nondeterministic [14] and, thus, no FIN can identify such CA (N/A in last two columns of Table 1). Among six examples of deterministic CA (last six rows of Table 1) the best one provides an error-free forecast of the SSN index (last row of Table 1). Note that 69 previous months are necessary for such a forecast and this value is approximately equal to a half of the 11-year solar cycle (Fig. 3). The corresponding FIN is shown in Fig. 4. Three clear cycles of cells of this FIN obviously represent three solar cycles in Fig. 3.

4 Fusion Consider SSN together with sea surface temperature (SST) obtained from [17] for three points of the Barents, Black, and Caspian Seas (Fig. 5). The middle row of Fig. 5 shows 54 monthly values (Jan 2002 to Dec 2006) of SSN (left column) or SST at the corresponding point of the sea (marked by ‘+’ in upper row). The last row of Fig. 5 shows the special case of DTT of SSN and SST that clearly indicates any anomalies in their usual behavior. Note that the anomalies of SSN and SST demonstrate rather strong similarities (correlations), especially the anomalies of SSN and SST at the middle point of the Caspian Sea (Table 2).

132

A. Tarakanov

Fig. 5 Special case of DTT (last row) of SSN and SST (middle row) Table 2. Correlations between SSN and SST anomalies SSN SST Barents SST Black

SST Barents 0.73

SST Black SST Caspian 0.88 0.93 0.71 0.76 0.91

Let aSSN , aBarents , aBlack , aCaspian be corresponding anomalies. Let aSSN be anomaly index of SST: aSSN = aBarents + aBlack + aCaspian . Strong correlation (0.84) between aSSN and aSSN is also demonstrated by Fig. 6. Note that the extreme values of both indexes in Fig. 6 are strictly synchronous and located around January 2004. At the same time, the anomaly index of SST has a much more clear appearance (like that of the Barents Sea in Fig. 5). Apparently, this index reflects strong sensibility of SST to SSN. Thus, SST anomalies can be predicted using the SSN forecast.

Immunocomputing for Geoinformation Fusion and Forecast 133

SST Anomaly index 2.0

1.5

1.0 SSN 0.5

0.0 Jul-02

month-year Jan-03

Jul-03 Jan-04 Jul-04 Jan-05 Jul-05 Jan-06 Jul-06

Fig. 6. Strong correlation (0.84) between the anomaly index of SST and SSN

5 Conclusion Further development of the IC approach as well as its applications to geoinformation fusion and forecast in this paper look rather promising. First, the approach is based essentially on the rigorous mathematical models of information processing by proteins and immune networks [4]. Second, this approach belongs to the field of computational intelligence [10]. Third, it is worth noting that the IC approach has also been compared with stateof-the-art approaches to pattern recognition. These comparisons show that artificial neural networks (ANN) [11], nearest neighbor methods (NNM) [18], and support vector machines (SVM) [19] are obviously inappropriate for real-world applications (e.g., intrusion detection [10]) due to their insufficient accuracy (NNM, SVM), huge training time (ANN) and several preprocessing tricks with raw data by other (than ANN, NNM, SVM) methods [20]. The results obtained suggest that the IC approach outperforms (by training time and accuracy) state-of-the-art approaches of computational intelligence. In addition, the IC approach includes both low-level processing of raw data (feature extraction) and high-level (“intelligent”) pattern recognition. These advances of the IC approach together with its biological nature [5]–[9] probably indicate a further step toward intelligent information fusion and forecast in geoinformation and cartography.

134

A. Tarakanov

References 1. Kuznetsov VI, Gubanov AF, Kuznetsov VV, Tarakanov AO, and Tchertov OG (1999) Map of complex appraisal of environmental conditions in Kaliningrad (in Russian and English). In: Kaliningrad. Ecological atlas 2. AIDA: International Association for the Development of Freediving (Apnoe), http://www.aida-international.org/ 3. WHO: World Health Organization, http://www.who.int/en/ 4. Tarakanov AO, Skormin VA, and Sokolova SP (2003) Immunocomputing: Principles and Applications. New York, Springer 5. Goncharova LB and Tarakanov AO (2007) Molecular networks of brain and immunity. Brain Res Rev 55/1:155–166 6. Goncharova LB and Tarakanov AO (2008) Nanotubes at neural and immune synapses. Curr Med Chem 15/3:210–218 7. Goncharova LB and Tarakanov AO (2008) Why chemokines are cytokines while their receptors are not cytokine ones? Curr Med Chem 15(13):1297– 1304 8. Agnati LF, Fuxe KG, Goncharova LB, and Tarakanov AO (2008) Receptor mosaics of neural and immune communication: possible implications for basal ganglia functions. Brain Res Rev 58(2):400–414 9. Fuxe KG, Tarakanov AO, Goncharova LB, and Agnati LF (2008) A new road to neuroinflammation in Parkinson's disease? Brain Res Rev 58/2:453–458 10. Tarakanov AO (2008) Immunocomputing for intelligent intrusion detection. IEEE Comput Intell Mag 3/2 (special issue Cyber Security):22–30 11. Tarakanov A, Prokaev A, and Varnavskikh E (2007) Immunocomputing of hydroacoustic fields. Int J Unconventional Comput 3/2:123–133 12. Tarakanov AO, Sokolova LA, and Kvachev SV (2007) Intelligent simulation of hydrophysical fields by immunocomputing. Lecture Notes in Geoinformation and Cartography, vol. XIV, Berlin, Springer, pp 252–262 13. Tarakanov AO (in press) Immunocomputing for spatio-temporal forecast. In: Mo H (ed) Handbook of Research on Artificial Immune Systems and Natural Computing: Applying Complex Adaptive Technologies. IGI Global, Hershey PA 14. Tarakanov A and Prokaev A (2007) Identification of cellular automata by immunocomputing. J Cell Automata 2(1):39–45 15. Atreas ND, Karanikas CG, and Tarakanov AO (2003) Signal processing by an immune type tree transform. LNCS, vol. 2787, Berlin, Springer, pp 111–119 16. SIDC: Solar Influences Data Analysis Center, http://sidc.oma.be 17. NASA: Ocean Color Time-Series Project, http://reason.gsfc.nasa.gov 18. Cover TM and Hart PE (1967) Nearest neighbor pattern classification. IEEE Trans Inform Theory 13(1):21–27 19. Ivanciuc Q (2007) Applications of support vector machines in chemistry. Rev Comput Chem 23:291–400 20. Yao JT, Zhao SL, and Fan Level (2006) An enhanced support vector machine model for intrusion detection. LNAI, vol 4062, Berlin, Springer, pp 538–543

A Model-driven Approach for Designing Adaptive Web GIS Interfaces

M. Angelaccio, A. Krek, and A. D’Ambrogio University of Rome Tor Vergata, V. Del Politecnico 1, Rome, Italy, [email protected]

Abstract. Adaptive WEB GIS systems are emerging as a promising technology for managing highly dynamic situations such as in emergencies. Such situations require quick response and combination of static and dynamic data. Context information is crucial for understanding the possible roles within the rescue teams and the possibility for their collaboration. Emergency conditions require adjustments of performance and behavior according to the information and activation of the components and according to the needs of the users. In this paper, we propose a context-aware meta model for a WEB GIS interface. This model is based on the unified modeling language (UML) and the model driven architecture (MDA) paradigm. The proposed framework is described in terms of an emerging web engineering paradigm by specializing a meta model transformation that adapts WEB GIS interfaces to the context information. A study case is taken from a flood emergency scenario. A discussion of the corresponding technological framework, together with a description of a test case, is given in order to show the feasibility of the proposed concept.

1 Introduction Data management and information retrieval in mobile scenarios require a careful design of the software interfaces providing geoinformation to the user. Organizations involved in emergency management and rescue activities use spatial data for management, analysis of the situation, communication purposes, and for the improvement of the decision-making processes V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_9, © Springer-Verlag Berlin Heidelberg 2009

137

138

M. Angelaccio et al.

in general. These data sources are usually distributed, owned by different organisations, stored at different locations, and in a variety of different formats. They can be accessed through different end devices, such as a PDA, or a laptop. The end devices can be either static or mobile. In this paper we focus on an adaptive WEB Geographical Information System (WEB GIS) and its modeling. By adaptive WEB GIS we mean an application user interface that is able to automatically adapt to the capabilities of the end device used for the spatial information and data manipulation and retrieval. Further requirements include adapting to the network connectivity, and to the user’s activities, location, and context of use. We focus on the World Wide Web (WWW), which is a useful tool for gathering and manipulation of information. Spatial information can be well presented through tools and applications that enable web-based manipulation, analysis, and storage of geographic data. A WEB GIS has the potential to make distributed geographic information (DGI) available to a very large audience, and to users who are not trained as GIS experts. In such cases, the Internet users can access GIS applications from their local browsers without purchasing a proprietary GIS software technology. A WEB GIS application requires, on one hand, the capability to cooperate with other WEB GIS applications and, on the other hand, provide the users with the geographic information needed in a decision-making situation. In the context of an emergency scenario, these functions must be accomplished in an efficient and flexible way in order to best support the users in a highly dynamic environment. An example of such architecture comes from the European FP6 project WORKPAD [1, 3] in which different WEB GIS applications access a shared geo-database that is updated in a distributed way by operators and with real-time data coming from a sensor network (Fig. 1). Investigating how to exploit and leverage georeferenced information plays an important role both (1) in the dynamic building of the back-end integration system and (2) in the adaptive process management of the front-end teams. The back-end system consists of the static servers and computers that store the spatial data from institutions involved in emergency situations such as fire brigades, police, first aid, etc. Front-end teams carry mobile end devices, which are able to access the data and applications stored at the back-end and serve the user with the information needed in the emergency situation. The users are mobile operators who help with rescue activities. Additional research in adaptive user interfaces is urgently needed. Adaptive user interfaces can satisfy the needs of different users, adapt to their level of knowledge of geographical information systems, and deliver the information in the form that is understandable and immediately usable by the user.

A Model-driven Approach for Designing Adaptive Web GIS Interfaces

139

In this paper we propose a context-aware meta model of the WEB GIS interface based on the unified modeling language (UML) and model driven architecture (MDA) paradigm. Adaptive WEB GIS systems are emerging as a promising technology for managing emergency scenarios where it is necessary to react quickly in a situation which can be dangerous for the people involved. In an optimal case, the end devices would automatically register the context information from the environment combined with the information gained from the back-end servers and adapt behavior based on this information. They would activate the required user interface with specific functionalities adapted to the specific requirements of use and the user. Unfortunately, adaptive WEB GIS systems are still difficult to build due to the complexity of engineering WEB GIS applications. Some of the problems are different formats and forms of the spatial data stored in the system. They make the exchange difficult between the data sources involved and the delivery of the required information to the final user. Current user interfaces are not adaptive and their static, rather complex structure makes the use of such a system a complex task which requires very specific expert knowledge. In this paper we present a novel approach in modeling context-aware geoinformation services. Current practice in web programming is often based on the basic skills of individual programmers and does not always apply the principles of software engineering. The need of integration and flexibility has been claimed to be one of the reasons that motivate the use of a MDA approach for web application software development [4, 5]. For adaptive WEB GIS this fact becomes more important, especially in emergency management scenarios, due to the need for real-time integration of data coming from distributed data sources. This motivates a model-based development approach for WEB GIS applications such as the ones supporting geocollaboration for crisis management in wireless scenarios. Our proposed framework is an attempt to provide a framework for an adaptive interface generator using a software engineering paradigm for WEB GIS interfaces. The concept is applied to a selected case of emergency management. The contributing components are taken from web engineering literature and specialized for the application domain.

2 Study Case: Emergency Management Scenario The scenario building method allows users to create a context for their requirements related to the planned system or application. In addition to this it enables requirement engineers to start working on a task analysis.

140

M. Angelaccio et al.

We take an example of a flood situation such as, for example, the case of the flood in Austria in 2002. In that year, widespread persistent rain led to catastrophic floods in many parts of Central Europe. There were extreme rainfall events in Austria on numerous rivers north of the Central Alps starting from the west. The northern Federal Provinces of Upper and Lower Austria as well as the Federal Province of Salzburg were particularly affected. This event brought rainfall of extraordinary extent and flood recurrence intervals from several years to more than 100 years [11]. Figure 1 shows the damage caused by the flood in upper Austria in 2002.

Fig. 1 Flood in Austria in 2002

A total of nine human lives were lost during the August 2002 flood events, including those who died while trying to control the floods and those who died due to accompanying circumstances. The loss of even more human lives was avoided only by the enormous efforts of local residents, the armed forces, fire fighters, the Red Cross, and volunteers. The material damage was caused in connection with the physical processes and was mainly brought on by the widespread flooding of settlement areas, infrastructure, and industrial facilities [12]. Losses of human life and livestock, damages to the infrastructure, buildings, and public and private properties raised public awareness and the demand for improvement of future flood mitigation measures, innovative alert systems, and new technological solutions needed for the analysis of the damage caused by the floods. Figure 2 shows an analysis of the floods done by the geoinformation provided by the satellite system. The rescue teams in the areas of flood could potentially be more efficient in their decision-making if they had flexible and adaptive end devices which would be able to reflect the current situation and accommodate the information and

A Model-driven Approach for Designing Adaptive Web GIS Interfaces

141

Fig. 2 Satellite data showing the flood

instructions according to the user, its location, and the circumstances of the emergency situation.

3 WEB GIS Interfaces and Model-driven Architectures Spatial data are stored at different locations in a variety of different formats. Distributed, or sometimes also called heterogeneous GIS, refers to a computing environment in which a variety of GIS software and hardware coexist and interact. In such an environment, the users are not restricted to specific vendor systems or formats, nor are they necessarily aware of the diversity of the system from an end-use perspective. Figure 3 shows a system in which data come from a sensor network and are stored on one or several servers. This data are then combined with the spatial data coming from a mobile device and another web client. It represents a classic example of a distributed geoinformation system. The WEB GIS architecture shown in Fig. 1 requires an adaptive implementation for a WEB GIS interface because data incoming from emergency and other scenarios must be synchronized with databases connected with existing WEB GIS interfaces that are less powerful (or more specialized) in terms of the user interaction with geo-data. A more concrete example involves specific GIS software used in such situations. For example, the WEB GIS system GeoWorlds [2] integrates Environmental Systems Research Institute (ESRI) software ArcView as one of the GIS components. In this case, ArcView provides a basic support for communicating with external applications, which makes it difficult to adapt WEB GIS for different scenarios. The software itself has limited possibilities for increased interoperability and data are stored in a particular

142

M. Angelaccio et al.

Sensor Network

Geo-Data Server

Geo-Data Client

(Aggregate data) Web-Client + GIS client

(Web GIS) “Control” center

Main DB

Web Clients Browser

(Download) (Web GIS) “Local” center

Local DB

Fig. 3 Context-aware WEB GIS architecture scenario

format named Shape, which makes it difficult to combine them with data generated and stored in other possible data formats. Thus, such designed GIS systems are still very inflexible in their possibilities to deliver spatial information to different clients with various configurations, but extracting it from the same database. The main goal of our research is to investigate possible adaptive techniques which would enable the recognition of the characteristics of the end device and, at the same time, be able to accommodate the context-dependant view of the spatial representation. In our research we deal with a conceptual context-aware meta model of a WEB GIS interface based on the UML [8] using a MDA paradigm. 3.1 Model-driven Architecture The MDA paradigm is a recent Object Management Group (OMG) development model that improves the separation of application logic from the structural characteristics of the model. MDA specifies the following three default models of a system corresponding to the three MDA viewpoints: computation independent viewpoint, platform independent viewpoint, and platform specific viewpoint. MDA also specifies the following four default models of a system corresponding to the defined viewpoints: • The Computation Independent Model (CIM): A computation independent model is a view of a system from the computation independent viewpoint and is sometimes called a domain model. It includes a vocabulary that

A Model-driven Approach for Designing Adaptive Web GIS Interfaces

143

is familiar to the practitioners of the domain [9]. The CIM specifies the function (or external behavior) of a system without showing constructional details. It plays an important role in bridging the gap between domain experts and the technical data or technicians responsible for the design of the application. • Platform Independent Model (PIM): A platform independent model is a view of a system from the platform independent viewpoint. A PIM exhibits a specified degree of platform independence so as to be suitable for use with a number of different platforms of similar type [9]. It describes the construction of a system at an ontological level [10]. • Platform Specific Model (PSM): A platform specific model is a view of a system from the platform specific viewpoint. A PSM combines the specifications in the PIM with the details that specify how that system uses a particular type of platform [9]. The PSM is a more detailed version of a PIM where platform specific elements are added. When defining a PSM, a target Platform Model has to be available. • Platform Model: A platform model provides a set of technical concepts, representing the different kinds of parts that make up a platform and the services provided by that platform. It also provides, for use in a platform specific model, concepts representing the different kinds of elements to be used in specifying the use of the platform by an application [9]. 3.2 WEB GIS Adaptive Interfaces The challenge of WEB GIS lies in creating software systems that are not only platform independent and running a Web browser, but also context aware. This is especially true in the case of emergency scenarios where spatial data has to be updated frequently and in a distributed way. We focus on the user requirements and functionalities for a WEB GIS implemented in such situations. We face the problem of re-engineering existing WEB GIS interfaces and automatically adapting the core functions to different web platforms and also to different applicative scenarios. Figure 4 shows two possible solutions for a flexible WEB GIS architecture. The first one (on the left) outlines a Meta WEB GIS approach in which a web application layer has been introduced. This web application layer serves as an interface among multiple clients. The second one (on the right) is a possible MDA paradigm in which we consider modeling and interface generation, yielding a more flexible solution for context-aware applicative scenarios.

144

M. Angelaccio et al. Context Aware Synchronization

Context Aware Synchronization Mobile Client

Mobile Client

Geo Data

Local Data

WebGIS API + GIS component

WebGIS API

Meta-Web GIS interface

Geo Data

Local Data

Multi-level form

Simple form

Layer-Form Interface selection

UML-based GIS interface generator Web-UML models

Web Browser

Web Browser

Fig. 4 Adaptive Web GIS interfaces and MDA approach

3.3 WEB GIS Adaptive Interfaces A WEB GIS adaptive interface concept is supported by the architecture which separates three different layers and is presented in Fig. 5. It separates the constructing platform independent model (PIM) from platform specific models (PSM). This enables the use of mapping and transformation techniques to transform and refine the model, which improves interoperability and reuse of software applications. As shown in Fig. 5, a meta modeling layer defines the structure of general information about the data such as data elements, for example, rivers, buildings, roads, etc. It also defines the particular context information at the model level. The mapping and transformation rules have to be specified as well, and they are the heart of the MDA approach. Meta modeling Layer OVT Transfermation

Model implementation layer

Tool Layer Source WEB GIS Applcater

OVT Transfermation Engine

Target WEB GIS Applcater

Fig. 5 Meta-Modeling and MD transformation

A Model-driven Approach for Designing Adaptive Web GIS Interfaces

145

The implementation layer includes the implementation model supported by the model ontology. The tool layer includes all the needed tools and software packages. A particular feature of this approach is that context awareness can be extended to add the newest use characteristics or behaviors by different mappings among different target data and related to the current location of the user. The context-aware interface adapts the delivery of information and the spatial representation according to the user’s position, objects of interest, and the characteristics of the user end devices. Another advantage of this approach is that MDA can facilitate the semi-automatic generation of the context-aware interface with significant reductions in time and costs invested during the prototyping phases. MDA is used for modeling, design, and development of web information systems (WIS) and, as shown in WORKPAD project [1, 3], many benefits are gained in terms of improved quality, rapid delivery, and lower development costs.

4 WEB GIS Adaptive Interfaces Generation In this section we give a description of the MD architecture for the adaptive interface generator module shown in Fig. 4, following the approach outlined in Fig. 5. Our model consists of a meta-model level description of WEB GIS application and the corresponding instances obtained by using geographic data and web GUI elements for the user interface. We omit details about this description, which follows a similar web engineering approach. Our model uses the meta model cited in [4] called web requirements (WebRE). We used it for the meta-model description of the WEB GIS interface which is generated by the UML geo-data model and user requirements typical for a web application. In the schema shown in Fig. 6 (at meta-modeling level) the system takes as an input the WEB GIS model description [4] and applies a set of rules for transforming UML-classes of geographic data and GUI interface to the adapted interface model. Such rules are defined according to the context data coming from an emergency scenario that is used when model classes are instanced at the data level. For example, in the case of a river flooding scenario, we can imagine that mobile users/clients moving through this emergency can use a simple interface with one single layer-based vector representation of the river and flooding parameters without using other irrelevant details. This interface could be dynamically adapted by emphasizing (zoom-in) objects that are close to flooding points without using a meta WEB GIS approach.

146

M. Angelaccio et al.

Source Data Target Data Geo Data WEB GUI

context data

Geo Data

WEB GUI Context-based GIS interface

Target Model

Source Model

WEB GIS adapted

WEB GIS

context-based transformation

Fig. 6 MD-based generation of adaptive interfaces

This innovation has potential benefits and considerations, among which are the following: • A complete meta WEB GIS interface could be too expensive for mobile devices and difficult to use. • An explicit use of a meta WEB GIS interface by operator (like zoomin) can cause loss of time during emergency workflow that are, in most cases, unacceptable. • Emergency scenarios need to include new geographical data that are often incompatible with or different from the original data. These factors support the idea that a flexible interface design could take advantage of data modeling and data interface generation (MDA paradigm) when different WEB GIS systems must collaborate, especially following a context-aware-based adaptive workflow in which mobile clients have to synchronize their geo-data [7].

5 Conclusions Today, user interfaces are one-size-fits-all. The same data representation used for WEB GIS has been simply transformed to different end devices which have appeared recently (PDAs, cellular phones, etc). Their smallsize screens have been used for map displays and combined with classical GIS functions. Users with little programming experiences and limited time

A Model-driven Approach for Designing Adaptive Web GIS Interfaces

147

in which these applications have been used have limited opportunities to customize the interface. In emergency situations they find themselves under serious time constraints in which they have to react fast and in a flexible way due to the constantly changing situation. Current applications simply integrate a classical, monolithically GIS concept and architecture into new hardware devices. This approach leads to unsuccessful commercial applications and lack of killer applications that would enable growth of location-based and other mobile geoinformation services. This paper investigates possibilities for adaptive WEB GIS interfaces that would self-adapt and self-organise the content and information delivery based on the location, end device, and context of use. In our approach we use a combination of the UML and MDA paradigm. We take an example of an emergency management in which time restrictions and use restrictions play important roles. The adaptive meta model transformation is used in the process of spatial data representation and its transformation from one characteristic device to the other. Our emphasis is on “information-goal seeking” behavior of the user, which is at the center of our design and modeling. Here requirements were specified in a generalized way and will be specified in more detail in our further work. In our further research and investigations we aim at focusing on organization and descriptions of geographic knowledge at the back-end, and application of flexible mechanisms needed for the interoperable exchange of the data and information. In our future work, a more detailed specification in terms of existing web modeling framework, such as ARGOUWE, will be studied. We also aim at designing a generalized architecture which can potentially be used in different cases of emergency management. A special focus will be devoted to the usability of the application and we will investigate new, alternative representations of spatial data, which are not based solely on a simple display of a map. Context-aware techniques and mechanisms related to the cognitive spatial representation of the situation aim to improve the communication among team members and among different teams. They can potentially lead to the improvement of the decisionmaking processes and can help to raise the efficiency of the rescue teams and organizations involved in emergency management situations. Acknowledgments Thank you to Stephen Poplin, M.A. for the language improvements of this text.

148

M. Angelaccio et al.

References 1. Mecella M, Catarci T, Angelaccio M, Buttarazzi B, Krek A, Dustdar S, and Vetere G (2006) WORKPAD: An adaptive peer-to-peer software infrastructure for supporting collaborative work of human operators in emergency/disaster scenarios. In: Proceedings of the 2006 IEEE International Symposium on Collaborative Technologies and Systems (CTS 2006) 2. Neches R, Yao Ke-Thia, Ko In-Young, Bugacov A, Kumar V, and Eleish Ragy (2001) GeoWorlds: Integrating GIS and digital libraries for situation understanding and management. The New Review of Hypermedia and Multimedia (NRHM), vol 7, pp 127–152 3. Catarci T, De Rosa F, de Leoni M, Mecella M, Angelaccio M, Dustdar S, Gonzalvez B, Iritano G, Krek A, Vetere G, and Zalis Z (2006) WORKPAD: 2-Layered peer-to-peer for emergency management through adaptive processes. In: Proceedings of the 2nd IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2006) 4. Escalona MJ and Koch N (2006) Metamodelling the Requirements of Web Systems. In: Proceedings of 2nd International Conference on Web Information Systems and Technologies (INSTICC), Setubal, Portugal, pp 310–317 5. Di Ruscio D, Muccini H, and Pierantonio A (to appear) Metamodelling a transformational approach to model driven engineering of data-intensive web applications. Int J Web Eng and Technol 6. de Freitas Sodré V, Lisboa JF, Moysés Vilela V, and Vinícius Alvim Andrade M (2005) Improving productivity and quality of GIS databases design using an analysis pattern catalog. In: Second Asia-Pacific Conference on Conceptual Modelling (APCCM2005) 7. Shekhar S, Coyle M, Goyal B, Liu D, and Sarkar S (1997) Data models in geographic information systems. Commun ACM 40(4) 8. Bittner K and Spence I (2003) Use Case Modelling. Pearson Education 9. OMG (2003), MDA Guide Version 1.0.1. retrieved from Object Management Group: : http://www.omg.org/mda. 10. Dietz JL, and Hoogervorst JA (2007) Enterprise ontology and enterprise architecture—How to let them evolve into effective complementary notions. GEAO J Enterprise Architect 2(1) 11. Formayer H, Habersack H, Holzmann H, Moser A, and Seibert P (2003) Geophysical Research Abstracts 12. Umweltbundesamt (2004) In: Seventh State of the Environment Report of the Federal Minister of Environment to the National Assembly of the Austrian Parliament (Umweltbundesamt ed,) Ministry for Environment, Vienna, pp 1–408

Semantic Similarity Applied to Geomorphometric Analysis of Digital Elevation Models

Marco Moreno-Ibarra, Serguei Levachkine, Miguel Torres, Rolando Quintero, and Giovanni Guzman Intelligent Processing of Geospatial Information Laboratory, Centre for Computing Research, National Polytechnic Institute, Mexico City, Mexico, marcomoreno.ipn.mx

Abstract. This paper presents an approach to measure the semantic similarity between digital elevation model (DEMs). We compute a semantic “distance” between concepts in hierarchical structure of geomorphologic application ontology. The method is composed of two stages: analysis and measurement. Analysis stage is focused on performing a geomorphometric analysis: a qualitative value (descriptor) representing a concept in ontology is assigned to each DEM’s cell. Measurement stage is based on a comparison between the descriptors of two DEMs. In other words, we measure the semantic “distance” (called herein confusion) between two ontology concepts. The similarity is defined at two levels of measurement: local and global. The first one is defined at cell-level value and the second one considers the entire cells in a DEM. Thus, the similarity between two DEMs at the conceptual level is established. For instance, our methodology can detect that two DEMs share the same or similar geomorphologic features: plateau, downhill, etc. Keywords: Semantic similarity; Digital elevation models; Ontology; Geomorphometric analysis

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_10, © Springer-Verlag Berlin Heidelberg 2009

149

150

M. Moreno-Ibarra et al.

1 Introduction and Related Works Nowadays, digital elevation models (DEMs) are playing an increasingly important role in many technical fields of geographical information systems (GIS) development, including earth and environmental sciences [1], hazard reduction, landscape planning [2], and commercial display [3]. Users have a wide variety of DEMs with different characteristics to choose from. In a sense it reflects the diversity of producers of geographic data, different levels of detail, temporal properties, etc. A method to identify the semantic similarity between digital elevation models will be useful to help GIS designers and users to select the most adequate data for a certain application. The method presented here is based on geomorphometric analysis. Geomorphometric analysis is the measurement of geometry of the landforms in raster images [4] and has traditionally been applied to watersheds, drainages, hill slopes, and other groups of terrain objects [5]. Traditional methods for DEM processing are based on numerical measurements [2–5]. These methods are difficult to interpret and adapt to different contexts. We use a conceptual representation of geomorphometric domain (ontology) whose concepts (classes) are defined by numerical intervals, which in turn are the results of quantitative measurements of the elevations. Thus, the present work is focused on using well-studied quantitative measurements, but passing them at the conceptual operating level to facilitate the characterization and interpretation, which are commonly presented in this context. The method presented here is based on measures to evaluate the difference between concepts in a hierarchical structure. This approach is very similar to the way that human users handle qualitative variables. Semantic similarity plays an important role in GIS as it supports the identification of objects that are conceptually close, but not identical [6]. Nowadays, semantic similarity approaches are extended to different domains and applications [7, 8]. In the context of this paper, the semantic similarity will be defined by a semantic distance in a hierarchy called confusion. The notion of hierarchy provides an adequate tool for qualitative data analysis, processing, and classification, because the hierarchies encapsulate the (sometimes ordered) relationships between partitions of the dataset and therefore easily maintain the problem context [9]. Our approach to modeling similarity between concepts is based on a measure called confusion [9]. Other approaches to measuring the semantic similarity are presented in the literature; however, we did not find one for DEMs.

Semantic Similarity Applied to Geomorphometric Analysis of Models 151

The rest of the paper is organized as follows: Sect. 2 describes the background. Section 3 presents the methodology. Section 4 exposes some results for the case of study. Section 5 sketches out our conclusions and future work.

2 Background 2.1 Terrain Ruggedness Index The terrain ruggedness index (TRI) is a measurement developed by Riley to represent the amount of elevation difference between adjacent cells of a digital elevation grid [10]. The process computes the difference in elevation values from a center cell and the eight cells immediately surrounding it. Then it squares each of the eight elevation difference values to make them all positive and averages the squares. The TRI is then derived by taking the square root of this average, and corresponds to average elevation change between any point on a grid and its surrounding area. The authors of the TRI propose the classification for the values obtained for the index (see Table 1). Table 1. Terrain ruggedness index classification TRI 1 2 3 4 5 6 7

Interval (m) 0–80 81–116 117–161 162–239 240–497 498–958 959–4367

Represent Level terrain surface (LTS) Nearly level surface (NLS) Slightly rugged surface (SRS) Intermediately rugged surface (IRS) Moderately rugged surface (MRS) Highly rugged surface (HRS) Extremely rugged surface (ERS)

2.2 Confusion and Hierarchies In this section we introduce the concepts related with confusion and hierarchies [12]. Symbolic value. A symbolic value v represents a set E, written v ∝ E , if v can be considered a name or a depiction of E. Hierarchy. For an element set E, a hierarchy H of E is another element set where each element ei is a symbolic value that represents either a single element of E or a partition, and ∪ i {ri ei ∝ ri } = E ; the union of all sets represented by the ei is E. B

B

152

M. Moreno-Ibarra et al.

Hierarchical variable. A hierarchical variable is a qualitative variable whose values belong to a hierarchy; the data type of a hierarchical variable is hierarchy. In the case of this paper we describe two types of hierarchies: Simple hierarchy. A simple (normal) hierarchy is a tree with root E, and if a node has children, these form a partition of the father. A simple hierarchy describes a hierarchy where E is a set (thus its elements are not repeated, no ordered). Ordered hierarchy. In an ordered hierarchy, the nodes of some partitions obey an ordering relationship. We are also going to use the following common notations: father_of (v). In a tree representing a hierarchy, the father_of a node is the node from which it hangs; sons_of (v) are the values hanging from v, siblings. The nodes with the same father are: grand_father_of, brothers_of, aunt, ascendants, descendants which are defined when they exist; root is the node that has no father. Intuitively, one key to the similarity of two concepts is the extent to which they share information, indicated in a hierarchy (is–a relationship) by a superior concept (its father) that subsumes them both [13]. The term confusion is introduced to differentiate it from other approaches that used different kind of distances (i.e., symmetric, context-independent measures) for this purpose. The sense of confusion is to identify the difference in using a qualitative value instead of the intended or correct value. It is defined as follows: Confusion in using r instead of s for simple hierarchies. If r, s ∈ H, then the confusion in using r instead of s, written conf(r, s), is: – conf (r, r) = conf (r, s) = 0, where s is any ascendant of r; – conf (r, s) = 1 + conf (r, father_of(s)). Confusion in using r instead of s, for ordered hierarchies. For hierarchies formed by sets that are lists (ordered sets), the confusion in using r instead of s, conf ’ (r, s), is defined as: – conf’ (r, r) = conf (r, any ascendant of r) = 0; – If r and s are distinct brothers, conf ’ (r, s) = 1 if the father is not an ordered set; else, conf ’ (r, s) = the relative distance from r to s = the number of steps needed to jump from r to s in the ordering, divided by the cardinality –1 of the father; – conf ’ (r, s) = 1 + conf ’(r, father_of (s)). This is like conf for simple hierarchies, except that there the error between two brothers is 1, and here it is a number ≤ 1.

Semantic Similarity Applied to Geomorphometric Analysis of Models 153

3 Methodology The method presented here is composed of two stages: analysis and measurement. Analysis stage is focused on performing a geomorphometric analysis. In the case of this research, we have used the TRI. The analysis stage is focused on performing a geomorphometric analysis: a qualitative value (descriptor) representing a concept in ontology is assigned to each DEM’s cell. On the other hand, measurement stage is based on a comparison between the descriptors of two DEMs. In other words, we measure the confusion between two ontology concepts. Ontology is a type of knowledge base that describes concepts through definitions that are sufficiently detailed to capture the semantics of a domain [14]. Ontology represents a certain view of the world, supports intentional queries regarding the content of database, and reflects the relevance of data by providing a declarative description of semantic information independent of the data representation [18]. This kind of representation allows measuring the distance between qualitative values instead of quantitative ones, that is to say, the distance between two ontology classes. In contrast to numerical approaches the semantic distance facilitates the interpretation of the measurements and produces better results to the user’s satisfaction, because the concepts and their similarity can be easily understood and interpreted [15]. In this case, the used concepts belong to ontology fragment (ordered hierarchy). Each concept, however, can have more descendents at other ontological levels. 3.1 Analysis Stage

Analysis stage is oriented to extracting the properties of geospatial data implicitly represented by means of geomorphometric analysis. It is based on measurements of geospatial data. A measurement is a computing procedure for evaluating characteristics of geographical objects [16], which generate a numerical value of the magnitude or amount of a characteristic. Thus, this stage represents an automatic procedure of terrain characterization. In particular, we are focusing on DEM processing. In this case, we use the ruggedness TRI model to characterize the elevations. The author’s geomorphometric analysis can be applied in a consistent way such as landform classification [11]. We select TRI because it characterizes the terrain elevation; it is the most important aspect in a DEM. The measurement is performed for all cells in a DEM, resulting in a quantitative value. Once finished, the quantitative values are replaced by qualitative values denominated descriptors. It is computed according to the ranges presented in Table 1.

154

M. Moreno-Ibarra et al.

Each descriptor represents a concept that describes a specific situation in the real world. In this case we assign the following descriptors: LTS, NLS, SRS, IRS, MRS, HRS, and ERS (see Table 1). This is a conceptual representation that explicitly describes the properties of the DEM. The method was implemented in a GIS [11]. 3.2 Measurement Stage

Measurement stage is based on a comparison between the descriptors of two DEMs for detecting the semantic similarity. The comparison is performed at a conceptual level. In this case we use an approach based on measurement between qualitative values. The semantic similarity is typically determined as a function of the path distance between terms in the hierarchical structure underlying the single ontology [17]. In addition, we define a set of concepts, which represent the similarity between two different DEMs as follows: • DEMs must have the same coordinate system, projection and datum, and units. • DEMs must have the same resolution and bounding coordinates (maximum and minimum longitude and latitude). If one does not satisfy the above condition, i.e., there is an overlapping between them, we should generate a regular mesh of points. The mesh of points must correspond to the centroids of the cells of the DEM of lower resolution. The mesh of points will be used to extract the TRI values, and should be transformed in a DEM. In order to find the semantic similarity, the hierarchical structure of ontology classes is used. The method to evaluate the consistency is based on confusion (see Sect. 2.2). The concept of confusion allows defining the closeness to which an object fulfills a predicate as well as deriving other operations and properties among hierarchical values [12]. Thus, we obtain a semantic distance between concepts. terrain ruggedness

level terrain surface

nearly level surface

slightly rugged surface

intermediately rugged surface

moderately rugged surface

Fig. 1 Ontology fragment

highly rugged surface

extermely rugged surface

Semantic Similarity Applied to Geomorphometric Analysis of Models 155

This method is based on a geomorphologic ontology which describes the main properties and relations in that domain. It was constructed considering a domain conceptualization by an expert. In this case we use the ontology fragment depicted in Fig. 1 focused on terrain ruggedness. The fragment represents an ordered hierarchy obeying the ordering relationship ruggedness (see Sect. 2.2), the concepts are ordered according to its “level” of ruggedness. The similarity is defined at two levels of measurement: local and global. The first one is defined at cell-level and the second one considers the entire cells of a DEM. Thus, the similarity between two DEMs at the conceptual level is established. For measuring the similarity at local level we use the concept of confusion (see Sect. 2.2). The pseudo-code to compute the similarity at local level is: /* INPUTS TRI_S /* DEM storing the values of S TRI_R /* DEM storing the values of R /*OUTPUT CONF /* DEM storing the measures of confusion i,j = 0 /* indexes TRI[]=[LTS,NLS,SRS,IRS,MRS,HRS,ERS]; CARD=7 /* cardinality of TRI MAX–ROWS /*STORE THE NUMBER OFROWS MAX–COLUMNS; /* STORE THE NUMBER OF COLUMNS POS_VALUE_IN_TRI();/*computes the position of a value in TRI[] For i = 0 To MAX–COLUMNS For j = 0 To MAX–ROWS CONFUSION (DEM_R[i,j],DEM_S[i,j]) /* Computing Confusion { r :=POS_VALUE_IN_TRI(DEM_R[i,j]); s :=POS_VALUE_IN_TRI(DEM_S[i,j]); CONF[i,j]:= ABS(r – s)/(CARD – 1) }

It computes the semantic similarity between cells that belong to two DEMs. In the case of measurement of ruggedness concepts, the set of values for this function are presented in Table 2. Other geomorphometric measurements can be used such as landform classification [11]. In some cases, the concepts that represent the values of geomorphometric measurements could form hierarchical structures that are not ordered and we need to use another measure of similarity (see Sect. 2.2). We consider three different cases to evaluate the similarity at local level that depend on the confusion value and a threshold defined by the user: • Equivalent. If 0 < conf(r, s) ≤ w < 1, the concepts are considered as equivalent, or the cells are equal.

156

M. Moreno-Ibarra et al.

Table 2. Confusion between concepts of TRI conf (r,s)

r

Level terrain surface (LTS) Nearly level surface (NLS) Slightly rugged surface (SRS) Intermediately rugged surface, (IRS) Moderately rugged surface(MRS) Highly rugged surface (HRS) Extremely rugged surface (ERS)

LTS

NLS

SRS

s IRS

MRS

HRS

ERS

0

1/6

2/6

3/6

4/6

5/6

1

1/6

0

1/6

2/6

3/6

4/6

5/6

2/6

1/6

0

1/6

2/6

3/6

4/6

3/6

2/6

1/6

0

1/6

2/6

3/6

4/6

3/6

2/6

1/6

0

1/6

2/6

5/6

4/6

3/6

2/6

1/6

0

1/6

1

5/6

4/6

3/6

2/6

1/6

0

• Unlikeness. If 0 < w ≤ conf(r, s) < 1, the concepts are considered unlike, the cells are different. By using the measure at local level it is difficult to identify the similarity between DEMs, because it only concerns a very small fragment of the DEMs. To extend the similarity at a more general level, we propose the use of a global level measure of semantic similarity. It considers the entire cells in a DEM. The global measure is defined by: n

confG (TRI − R, TRI − S ) = ∑ conf (rn , s n ) , 1

where TRI–R, TRI–S are DEMs storing TRI, n is the number of cells of DEM 1 (TRI–R or TRI–S), and conf (rn , s n ) is the measure of similarity at local level. The range of values for this function is between 0 and 1. Values close to confG = 0 means equality, equivalence, etc., but values close to conf G = 1 mean inequality, dissimilarity, etc. In addition, the measure will allow us to introduce other new concepts such as identical, substitute, similar, etc. The concepts depend on a value of confG . These concepts are defined as follows: TF

1

FT

In the case of DEMs with different number of cells, n will be the number of intersecting cells. T

T

Semantic Similarity Applied to Geomorphometric Analysis of Models 157

• • • • •

TRI–R is identical to TRI–S if conf G = 0 : TRI–R is substitute for TRI–S if 0.001 < conf G < 0.04 : TRI–R is very similar to TRI–S if 0.04 < conf G < 0.12 : TRI–R is similar to TRI–S if 0.12 < confG < 0.25 : TRI–R is somewhat similar to TRI–S if 0.25 < conf G < 0.46 .

The values are proposed by an expert in the field of geomorphology. Thus a semantic distance allows us to define new concepts that represent the difference between the DEMs. The values have been defined according to a test applied to a set of experts, but they can be redefined to improve system performance.

4 Results Some results of this approach are presented in this section. The method has been applied to Tamaulipas State, Mexico, covered by a DEM at resolution 50 × 50 m generated in PIIG–LAB, 2 interpolating two different sets of elevation contour lines at the same level of detail. Figures 2 and 3 are showing the original DEM (50m resolution) composed of 263 rows and 399 columns. Figure 2 depicts the DEM called DEM–R and Fig. 3 shows the DEM denominated as DEM–S. Both DEMs cover the same area. In the case of DEM–R, the minimum value is 950m and maximum value is 2,160. In DEMS, the minimum value is 1,000m and maximum value is 2,160 (see Table 3). We can see that both models seem similar, but how similar are they? Next, we compute the terrain ruggedness index in both DEMs. TF

FT

Table 3. Characteristics of DEMS Property Resolution Number of rows Number of columns Minimum value (elevation) Maximum value (elevation) Mean value (elevation) Standard deviation

2 T

T

DEM–R 50m 263 399 950m 2,160m 1,416.231m 259.748m

Intelligent processing of Geospatial Information Laboratory

DEM–S 50m 363 399 1,000m 2,160m 1,416.362 259.157m

158

M. Moreno-Ibarra et al.

Fig. 2 Source Digital elevation models (DEM–R) (white represents lower elevation and black represents higher elevation)

Fig. 3 Source Digital elevation models (DEM–S) (white represents lower elevation and black represents higher elevation)

Figure 4 shows the terrain ruggedness and the TRI classification of this area. For TRI–R, the minimum value is 1 (level terrain surface), maximum value is 7 (extremely rugged surface), mean value is 3.919m, and the standard deviation is 1.693. This means that DEM–R has intermediately rugged surface in its territory. The extremely rugged areas are principally concentrated at the northern part of DEM. On the other hand, Fig. 5 shows the TRI–R, the minimum value is 1 (level terrain surface), maximum value is 7 (extremely rugged surface), mean value is 4.212m, and the standard deviation is 1.515. This means that DEM–S has intermediately rugged surface in its territory. The extremely rugged areas are principally concentrated at the northern part of DEM. We can see that both DEMs can be characterized as intermediately rugged surface. We could calculate any numerical difference between the average values but they would not be easy to interpret. Considering the histograms of TRI–R (Fig. 6) and TRI–S (Fig. 7) we can see that the most popular class in both cases is level terrain surface. However, the other classes do not follow the same degree of popularity. That is

Semantic Similarity Applied to Geomorphometric Analysis of Models 159

Fig. 4 Terrain Ruggedness (TRI–R) (white represents a level terrain surface and black represents an extremely rugged surface) 14

x104

Fig. 5 Terrain Ruggedness (TRI–S) (white represents a level terrain surface and black represents an extremely rugged surface) 14

12

12

10

10

8

8

6

6

4

4

2

2

0

ERS

HRS

MRS

IRS

SRS

NLS

LTS

Fig. 6 Histogram of TRI–R

0

x 104

ERS

HRS

MRS

IRS

SRS

NLS

LTS

Fig. 7 Histogram of TRI–S

to say, the second class in popularity in TRI–R is nearly level surface and the second class in popularity TRI–S is intermediately rugged surface. Figure 8 depicts a layer of semantic similarity measure between TRI–R and TRI–S. From Fig. 8 we can see that most of the area has a measure of confusion equal to zero and intuitively we can say that the DEMs are very

160

M. Moreno-Ibarra et al.

similar. That assertion can be confirmed by observing the histogram in Fig. 9, where the most popular class is with conf = 0. It means that cells are equivalent in both DEMs. The other classes contain fewer elements than the class conf = 0.

80000

70000

60000 0 1/6 50000

2/6 3/6

40000

4/6 5/6

30000

1

20000

10000

0

Fig. 8 Semantic similarity measure between TRI–R and TRI–S (white represents conf = 0 and black represents conf = 0)

Fig. 9 Histogram of confusion values values

Consider the cases of equivalency and unlikeness for semantic similarity at local level. We define threshold w = 1/6. In this case, the set of equivalent concepts (class) is more than the unlikeness concepts; it means that the DEMs are similar (see Fig. 10). In addition we present a histogram that describes the similarity at local level (see Fig. 11). By using the concepts unlikeness and equivalent we describe the semantic similarity at local level. To test the similarity at global level, we use the measure confG measurement. The measurement of confG for this case of study is 0.089, this means that the DEMs are very similar at global level, too. It corresponds to the interpretation of Fig. 9.

Semantic Similarity Applied to Geomorphometric Analysis of Models 161

5 Conclusion In this paper we have presented an approach to conceptually measure the semantic similarity of DEMs. The method is based on a conceptual representation of geomorphometric properties (ontology), generated by terrain ruggedness index. Ontologies are very useful since they add a semantic component (the relations between different concepts) that is usually not considered in traditional GIS approaches. The concepts represent the meaning of a cell. By using this approach, we attempt to catch the semantic content of the topographic dataset by means of geomorphometric analysis.

12

x 105

10 8 6 4 2 0

Fig. 10 Semantic similarity at local level (white represents equivalent cells and black unlikeness cells)

Unlikeness

Equivalent

Fig. 11 Histogram of semantic similarity at local level

To describe the similarity, we have proposed two levels of measurement: local and global. The first one is defined at cell level value and the second one describes the entire cells in a DEM, by means of the concepts of equivalence and unlikeness. Using the measurement at global level we define a set of concepts which describe the semantic similarity of two DEMs (identical, substitute, very similar, similar, somewhat similar). These sets of concepts allow us to answer the question, how similar are two DEMs? More geomorphometric layers can be included to compute the semantic similarity while different kinds of relationships between ontology concepts

162

M. Moreno-Ibarra et al.

can be considered. In addition, the method can be used to characterize spatio– temporal changes.

Acknowledgments The authors of this paper wish to thank the Centre for Computing Research (CIC), National Polytechnic Institute (IPN), and National Council for Science and Technology (CONACYT) for their support. This work was supported by the SIP–IPN grants 20082480, 20082580, 20082563, and 20080971. T

References 1. Rudner M, Biedermann R, Schroder B, and Kleyer B (2007) Integrated grid based ecological and economic (INGRID) landscape model. A tool to support landscape management decisions. Environ Model Software 22(2):177–187 2. Saadat H, Bonnell R, Sharifi F, Mehuys G, Namdar M, and Ale-Ebrahim S (in press) Landform classification from a digital elevation model and satellite imagery, Geomorphology 3. Wilson JP and Gallant JC (2000) Terrain Analysis–Principles and Applications. Willey, USA 4. Chaplot V, Darboux F, Bourennane H, Leguedois S, Silvera N, and Phachomphon K (2006) Accuracy of interpolation techniques for the derivation of digital elevation models in relation to landform types and data density. Geomorphology 77(1–2):126–141 5. Bonk R (2002) Scale-dependent geomorphometric analysis for Glacier Mapping at Nanga Parbat: GRASS GIS approach. In: Proceedings of the Open source GIS – GRASS User’s conference 2002, Italy 6. Rodríguez A and Egenhofer M (2004) Comparing geospatial entity classes: An asymmetric and context-dependent similarity measure. Int J Geogr Inform Sci 18 (3):229–256 7. Ahlqvist O (2005) Using semantic similarity metrics to uncover category and land cover change. Lect Notes Comput Sci 3799:107–119 8. Hirtle S (2007) Similarity matching for emergency evacuation. Workshop on Semantic Similarity Measurement at the Conference on Spatial Information Theory (COSIT 2007), Melbourne, Australia 9. Levachkine S and Guzman A (2004) Hierarchies measuring qualitative variables. Lect Notes Comput Sci 2945:262–274 10. Riley SJ, DeGloria SD, and Elliot R (1999) A terrain ruggedness index that quantifies topographic heterogeneity. Intermountain J Sci 5:23–27

Semantic Similarity Applied to Geomorphometric Analysis of Models 163

11. Moreno M, Levachkine S, Torres M, and Quintero R (2004) Landform classification in Raster geo–images. In: Progress in Pattern Recognition, Image Analysis and Applications. Lect Notes Comput Sci 3287:558–565 12. Levachkine S and Guzman-Arenas A (2007) Hierarchy as a new data type for qualitative variables. Exp Syst Appl 32(3):899–910 13. Resnik P (1995) Using information content to evaluate semantic similarity in a taxonomy. In: Proceedings of the 14th International Joint Conference on Artificial Intelligence, pp 448–453 14. Guarino N (1995) Formal ontology, conceptual analysis, and knowledge representation. Int J Human Comput Studies 43:625–640 15. Moreno-Ibarra M (2007) Semantic similarity applied to generalization of geospatial data. Lecture Notes in Computer Science 4853:247–255 16. Project Agent (1998) Selection of basic measures. http://agent.ign.fr/ 17. Resnik P (1999) Semantic similarity in a taxonomy: An information-based measure and its application to problems of ambiguity in natural language. Artif Intell Res 11:95–130 18. Goni A, Mena E, and Illarramendi A (1998) Querying heterogeneous and distributed data repositories using ontologies. In: Charrel PJ and JaakkolaH (eds), Information Modeling and Knowledge Base IX, IOS Press, pp 19–34

Dynamic Models of Geographic Environment using Ontological Relations

Miguel Martinez and Serguei Levachkine Intelligent Processing of Geospatial Information Laboratory, Centre for Computing Research, National Polytechnic Institute, Mexico City, Mexico, [email protected]

Abstract. The geographic environment contains different types of entities: for instance, cars, considered as geographical objects, as well as entities such as storms, considered as geographical phenomena. With these entities occurs something commonly called events. These represent the dynamics of a geographical environment. If these entities are modeled based on an object-oriented approach, only properties and relations between other entities are considered, but the dynamic aspects are not. However, if they are modeled based on an event-oriented approach, the semantic relations of the dynamic aspects are indispensably needed to model the environment, considering instantly changed geographic entities, properties and relations as well as the subsequent effects they may cause to the environment and to other entities. We use Ontology Relations to explicitly describe changes in the properties and relations of geographic entities modified by events. A proposed algorithm generates a semantic chain that represents a whole episode about events over different duration time intervals. Keywords: Dynamic environment; Ontology; Events; Semantics; Time interval

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_11, © Springer-Verlag Berlin Heidelberg 2009

165

166

M. Martinez, S. Levachkine

1 Introduction Nowadays, geographic information sciences are focused on capturing the dynamics of geographical environments, and describing the semantics of geographical objects, which change their properties and spatial relations through time. These exists in the world a huge number of geographic entities which are not static, i.e., the behavior of these entities is dynamic inside the geographic environment [8]. For these reasons, the effort of the community is focused on developing an approach based on events, where these are the main part of the model [15]. When an explicit description of a specific environment is made, this represents the properties and spatial relations that exist among objects that belong to the geographical environment. These properties and relations only describe the state of the environment when the description is made, but do not explicitly represent changes that occur through time. For this reason it is not possible automatically to infer about the things that occur through time between successive descriptions. The inference is made when people interpret successive descriptions. Now, it is not sufficient to analyze what occurs between successive descriptions, because in this way happenings that have different temporality are not considered, i.e., their temporal granularity for each happening is different. For instance, there are events that can last millions of years as geological ages, or events that can last hours such as rain, or may even be regarded as instant like taking a step while walking. What we have to find is a mechanism order to relate events according to the particular temporal granularity required. Events are abstractions of phenomena and interconnected activities about the world. These abstractions do not represent isolated behaviors [1]. The events depend on the fulfillment of conditions and these imply consequences in the modeling; for instance, the initiation of some events depends on the occurrence of other events. This dependence between events and the natural complexity of the geographic phenomena impose additional restrictions to do with the conceptualization of a model based on events. The inclusion of events in data modeling provides a foundation to distinguish particular semantics of movement based on events’ patterns, providing the basis to develop systems of events’ inference; for instance to develop systems notification of events for automatic.

Dynamic Models of Geographic Environment using Ontological Relations 167

Traditionally, changes of geographical phenomena have been derived from a temporary reference frame. Temporal aspects of GIS have been investigated from a cartography perspective [10, 12], data models [5, 11, 14], and spatial databases [13, 2]. Although, to date, no model has been adopted to include time in a GIS. A more specific approach about changes has considered the semantic associated with the change, as typically found as part of many spatiotemporal processes, including the appearance or disappearance of entities and production or transmission of entities [3, 4]. Views of geographic entities may be in different domains or these entities can be viewed from different perspectives, even depending on their particular temporal granularity [6, 9]. The spatio-temporal information consists of many different observations; therefore, the raw data can come from many events related with other events and geographic entities. For this approach, both objects and events are completely necessary to model a dynamic geographical environment. This paper is organized as follows: Sect. 2 sketches out the conceptualization in a general way of dynamic geographical environments and the relations with their entities. Section 3 describes briefly the classification of geographical entities. Section 4 shows the first steps of our own methodology proposed to describe a dynamic geographical environment, and Sect. 5 points out our conclusions and future works.

2 Conceptualization A description of a geographic environment that does not consider existence of events, only regards geographic objects, their properties, and spatial relations with other geographic objects. In Fig. 1, we show the conceptual schema and the elements that consider a conceptualization of geographic environment in a static way. However, to make the description of a geographical environment in this way, the dynamism that exists inside the environment is not considered; for this reason, all those dynamic aspects that each element performs in the environment are not considered at a given time. So it is not possible to explicitly express the additional semantic given by the existence of this dynamism, which is produced by the existence of other elements commonly called events, which modify the environment.

168

M. Martinez, S. Levachkine

Fig. 1 Conceptual schema of a static geographic environment

Fig. 2 Conceptual schema of a dynamic geographic environment

To describe a geographic environment, consider that its elements change by the existence of events, new elements appear, and hence new relations among these elements appear, too. The main element is events, which are grouped in Event classes. For instance, an event can be regarded as the change in the path of a car. The conceptual schema of the interaction of these elements is shown in Fig. 2.

Dynamic Models of Geographic Environment using Ontological Relations 169

In this figure can be seen in a general way the relations between classes of events and objects, as well as the relations between events that modify the properties and spatial relations that exist in the object classes. As the occurrence of events modifies properties and spatial relations of geographical entities, we believe that these modifications happen by the relations between the events and not by the event classes directly, since in this way, the changes can be expressed more explicitly.

3 Classification of Geographical Entities We classify the geographic entities in two types: geographic phenomena and geographic objects. A geographic phenomenon refers to all entities whose origin is natural and thus they have dynamic behavior. A hurricane, a storm, and rain are examples of geographical phenomena. On the other hand, geographical objects are all those entities that are not considered as geographical phenomena. A tree, a car, and a horse are examples of geographical objects. This classification is used to classify events in two types given its origin: natural and artificial. Later, we explain this classification of events in more detail.

4 Description of Dynamic Geographical Environment The idea of this work is to describe an environment based on individual histories of each entity that belong to a dynamic environment. The history of an entity describes its behavior, relations that it has with other entities, and properties that change throughout their lifetime. So if we join all individual histories of each entity, the result is the history of the whole environment, and thus the description of an event is given by the changes happening that are most representative of each entity. In Fig. 3, we show the general schema of the method to describe a dynamic environment based on the union of individual histories of each geographical entity. The description of geographic environment is given by the Description function which is shown in (1), which represents the union of all individual histories of each geographic entity. n

Description (Environment (T ) ) = ∪ hist (ent i ) , i =0

(1)

170

M. Martinez, S. Levachkine

Fig. 3 Union of individual histories

where Environment(T) represents the dynamic geographic environment that we want to describe through time. T represents the period of time of the whole history of geographic environment that we want to describe through time. In this equation, n represents the total of entities that belong to geographic environment; ent i is an element of a set of entities in the geographic environment. Let EG be the set of geographic entities which belong to geographic environment to be described. EG is a subset of geographical entities of the real world; then ent i is an element of EG, that is ent i ∋ EG . The hist() function gets the whole history of a specific geographical entity. In turn, this function is also given by the union of individual description of each entity. These descriptions represent something that we call the most significant moments in the history of each geographical entity. The equation to find the history of each entity is given as follows: m

hist (ent i ) = ∪ desc (ent i , t j) . j =0

(2)

In this equation, m represents the number of most significant moments in the history of an entity. We can see a significant moment as the instant when there was a significant change in the history of the entity, which caused change in their properties and relations.

Dynamic Models of Geographic Environment using Ontological Relations 171

Each of these significant moments is given by desc ( ent i , t j ) function, which takes two parameters; ent i is a geographic entity which we want to describe at time tj . This description is the union of three sets: the set of spatial relations that ent i has with other entities; the set of properties of ent i ; and the set of relations that it has with the events that caused changes in properties and spatial relations of ent i . The equation that specifies this function is as follows: desc (ent i , t j ) =

{{ent R ent } ∪ { p ∋ P } ∪ {( e i

s

j

ent i

k

}

∋ E ) Re ent i } .

(3)

From this equation, R s represents the set of spatial relations, which are classified in: Topological relations [9], Geometrical relations, and Location relations. The set of properties of each geographic entity is represented by ent i , and the set of relations between entities and events (denoted by E) is represented by Re . The description obtained from this function has the next form; for instance, think on we want to describe a traffic light that is on the corner of a street. Then, if we evaluate the next function desc ( s1 , t0 ) , where s1 is a traffic light and t 0 is the significant moment in which the description is obtained. The result is: {light = green, s1 belong to Central Avenue}. = Now, if we evaluate the next function desc ( s1 , t1 ) , the result will be: {light yellow, s1 belong to Central Avenue}. We can see that the property light of s1 change the value from green to yellow. 4.1 Events The happenings that occur in the real world can be seen and called events. Then we can say that an event is something that just happened to some geographic entity. For instance, if a car changes direction from south to north, this is an event over a geographic object. A hurricane is a geographical phenomena, but if a hurricane occurs this is an event because this is just happening. From these two examples, we classify the events in two categories given by their nature: these are natural events and artificial events. The first are those that are caused by geographical phenomena, such as a storm. On the other hand, artificial events are all those which are not caused by geographical phenomena, for instance, the traffic of cars or the construction of a building.

172

M. Martinez, S. Levachkine

In Fig. 4 is shown our own conceptualization about what is an event and the relation that can exist between them. We define the set Rs as the axiomatic relations to event --- event and even --- object --- event relations. The set Rs is formed by three axiomatic relations, which we believe are necessary to the relations between geographic entities and events. This set is composed as follows: Rs = {generate, terminate, modify} .

In Fig. 5 is shown the conceptualization that we have about axiomatic relations of events.

Fig. 4 Conceptualization of Event and their relations

Fig. 5 Conceptualization of axiomatic relation of events

Dynamic Models of Geographic Environment using Ontological Relations 173

The generate relation refers to occurrence of an event that causes the appearance of a new event, thus both events are related by this relation. Terminate refers to the occurrence of an event that causes another associated event to terminate. Modify refers to the occurrence of an event that causes an event or geographical entity to change their properties. 4.2 Changes As the occurrence of any event causes changes, then we can define a change as the modification of properties and spatial relations to a set of geographical entities that belong to a dynamic geographic environment. Also, we can define a change as the modification in environment configuration. In Fig. 6 is shown our own conceptualization of change concept about what can be modified by the occurrence of events. This conceptualization of the change concept is used to explicitly describe the changes occurred by appearance of events. A more conceptual granularity may be able to explain in more detail the changes occurring between two successive descriptions. Then, the Change can be used to indicate that any relation or property that defines a geographic entity has been modified by occurrence of events. To represent the succession of changes we make use of Ontology Relations (OR). This OR joins two adjacent description of a geographical entity in a time interval. The next equation describes the structure of OR.

Fig. 6 Conceptualization of Change

174

M. Martinez, S. Levachkine

m

OR ( ent i , t j , tk ) = ∪ ⎡⎣desc ( ent i , t j ) CHANGE l desc ( ent i , tk ) ⎤⎦ .

(4)

l =0

From this equation, we can see that an OR of a geographic entity is the union of all changes expressed by the CHANGE concept between pairs of descriptions of each geographic entity. For each geographic entity there exists one OR, starting from the moment when the first change occurs until no change is happening over some properties or relations. These OR are used to describe the history of a geographical entity based on the changes that occurred, but not on their descriptions. CHANGE is replaced by some instance of the conceptualization of Change. For instance, given the following OR: OR ( s1 , t0 , t1 ) = {Red_ligth_change _ property_green_ligth}.

We can see that CHANGE is replaced by change_property, indicating in this way that value of light property of traffic light s1 at t 0 was green, and after t1 it changed to yellow. In turn, these histories are formed by a set OR of each entity. These modifications to geographic environment can be expressed in terms of changes, which describe all those modification to the geographical entities of their properties and relations.

5 Conclusions and Future Work With this work, we try to explicitly express and describe the behavior of a dynamic geographical environment in terms of individual histories of geographic entities. These histories are expressed by the union of descriptions of the more significant moments of each entity. The union of these descriptions is made based on changes. These changes are conceptualized by the CHANGE concept, and an instance of CHANGE is used to join individual descriptions. We believe that by making descriptions through OR, we can develop operations among sets of OR, for instance union, intersection, overlap. These can give us additional information about what happened among different descriptions at different temporal granularity, as well as to identify patterns of OR and to make comparisons between these patterns to detect anomalies in order to develop alert systems. Summarizing, the main idea of this work is an approach to produce a methodology based on changes to explain the modification of properties

Dynamic Models of Geographic Environment using Ontological Relations 175

and relations caused by event occurrence. This methodology is still in development, and as a future work, the conceptualization of CHANGE can be enhanced by incrementing its conceptual granularity. Also, the algorithm to find the changes automatically is still being developed. It is important to point out that a domain conceptualization is useful for building temporal ontologies, which represent (globally) the context of a certain temporal domain, while the vocabulary of concepts and its relations describe the semantics (locally). This descriptor can be applied to improve the results and performance in the spatial and temporal analysis process; for instance, in automatic notification events.

Acknowledgement The authors of this paper thank the IPN, CIC, and SIP for their support.

References 1. Campos J and Hornsby K (2004) Temporal constraints between cyclic geographic events. In: Proceedings of GeoInfo 2004, Campos do Jordao, Brazil, November 22–24 2. Car A and Frank A (1995) Formalization of conceptual models for GIS using GOFER. Comput Environ Urban Syst 19:89–98 3. Claramunt C and Theriault M (1995) Managing time in GIS: an eventoriented approach. In: Clifford J and Tzunhilin A (eds) Recent Advances in Temporal Databases, Berlin, Springer, pp 23–42 4. Claramunt C and Theriault M (1996) Toward semantics for modeling spatiotemporal processes within GIS. In: Kraak M and Molenaar M (eds) Proceedings of 7th International Symposium on Spatial Data Handling, Delft, NL, Taylor & Francis, pp 47–63 5. Gruber TR (1993) Toward principles for the design of ontologies used for knowledge sharing. In: Guarino N and Poli R (eds), Formal Ontology in Conceptual Analysis and Knowledge Representation, International Workshop on Formal Ontology, Kluwer Padova, Italy, pp 101–124 6. Hornsby K (2001) Temporal zooming. Trans GIS, 5(3):255–272 7. Hornsby K and Egenhofer M Modeling moving objects over multiple granularities. Special issue on Spatial and Temporal Granularity, Annals of Mathematics and Artificial Intelligence. Kluwer Academic Press. 36:177–194 8. Langran G (1992) Time in geographical information systems. London, Taylor and Francis

176

M. Martinez, S. Levachkine

9. Martinez M, Moreno M, Torres M, and Levashkine S (2007) Adding topological semantic content to spatial databases, IF&GIS 2007, St. Petersburg, Springer 10. McCarthy JM and Hayes PJ (1969) Some philosophical problems from the standpoint of artificial intelligence. In: Reading in Artificial Intelligence, pp 431–453, Tioga Publishing Co., Palo Alto, CA 11. Peuquet DJ (2001) Making space for time: Issues in space-time data representation. GeoInformatica 5(1):11–32 12. Prior AN (1957) Time and Modality. Oxford, Clarendon Press 13. Raper J (2000) Multidimensional geographic information science. New York, Taylor and Francis 14. Raubal M (2001) Human way finding in unfamiliar buildings: a simulation with a cognizing agent. Cognitive Process 2–3:363–388 15. Worboys MF and Hornsby K (2004) From objects to events: GEM, the geospatial event model

Geospatial Information Integration Approach Based on Geographic Context Ontologies

Miguel Torres, Rolando Quintero, Serguei Levachkine, Marco Moreno, and Giovanni Guzman Intelligent Processing of Geospatial Information Lab, Centre for Computing Research, National Polytechnic Institute, Mexico City, Mexico, [email protected]

Abstract. Geospatial information integration is not a trivial task. An integrated view must be able to describe various heterogeneous data sources and its interrelation to obtain shared conceptualizations. In this work, an approach to geospatial information integration based on the conceptualization of the geographic domain is described. As a result of this conceptualization, we propose a semantic method for geospatial information integration. This consists of providing semantic descriptions, which explicitly describe the properties and relations of geographic objects represented by concepts, while the behavior depicts the objects, semantics. Also, this method allows us to compress and share geospatial information by means of alternative structures of knowledge representation. Thus, it avoids the ambiguity of the terms, using a geographic domain conceptualization. The general vision of the paper is to establish the basis to implement semantic processing oriented to geospatial data. Future work is focused on designing intelligent geographic information systems (iGIS).

1 Introduction Data integration provides the ability to manipulate data transparently across multiple data sources. It is relevant to a number of applications including enterprise information integration, medical information management, geographical information systems, and e-Commerce applications. We call V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_12, © Springer-Verlag Berlin Heidelberg 2009

177

178

M. Torres et al.

semantic geospatial information integration the process of using a conceptual representation of the data and of their relationships to eliminate possible heterogeneities. At the heart of semantic data integration is the concept of ontology, which is an explicit specification of a shared conceptualization [1]. Ontologies were developed by the Artificial Intelligence community to facilitate knowledge sharing and reuse [2]. Carrying semantics for particular domains, ontologies are largely used for representing domain knowledge. A common use of ontologies is data standardization and conceptualization via a formal machine-understandable ontology language. Nowadays, geographic information is increasingly used by several entities around the world. Thus, the need for sharing information from different sources is an obvious consequence from such a proliferation of systems. Unfortunately, integrating geographic information is not a trivial issue. We must deal with several heterogeneity problems, which increase the complexity of integration approaches. Currently, newer and better technologies and devices are being created in order to capture a large amount of information about the Earth. Up-to-date, Global Positioning System (GPS) technology is so common that it is spread all over such as in cell phones, cars, etc. All of this geographic information is analyzed and stored at different levels of detail in Geographic Information Systems (GIS), often distributed on the Web. Therefore, a fast search for geographic information on the Web will return several links representing different parts of our world. But, what happens when someone needs information that is divided between more than one system? For example, information about rivers in Mexico can be obtained by querying two or more different systems. Even while distribution of information is one of the problems, there are some others: these systems have been developed by different entities with different points of view and vocabularies, and this is when we have to face heterogeneity issues. They are encountered in every communication between interoperating systems, in which interoperability refers to interaction between information from different sources involving the task of data integration to combine data. Two systems sharing data representing rivers can be an example to clarify different types of heterogeneity problems as follows: heterogeneity in the conceptual model – one system represents a river as an object class and the other as a relationship; heterogeneity in the spatial model – rivers can be represented by polygons (or a segment of pixels) in one system, while they are represented by lines in the second system; structure or schema heterogeneity – both systems hold the name of a river but one keeps information about the border; and semantic heterogeneity – one system may consider a river as a natural stream of water larger than a creek with a border

Geospatial Information Integration Approach Based on Geographic 179

and the other defines a river as any natural stream of water reaching from the sea, a lake, etc. into the land. Therefore, geospatial information integration implies the solving these types of heterogeneity. Our proposal is oriented to formalizing an approach (GEONTO-MET) to conceptualize the geographic domain in order to provide common and shared ontological descriptions designed to establish geospatial specifications or terminology standards. Then, they can be used as a mechanism for integration and sharing geospatial information. Firstly, in this paper, we have focused on developing conceptual issues concerning what would be required to establish an exhaustive ontology of the geospatial domain, and solve representational and logical issues relating to the choice of appropriate methods for formalizing ontologies. As a case study, we have built a geographic domain ontology (KaabOntology) based on the standards of the National Institute of Statistics, Geography and Informatics (INEGI) of Mexico. In addition, application ontologies have been designed. The GEONTO-MET approach proposed in [3] has been used to carry out the ontologies’ definitions. These knowledge structures represent the conceptualization of each context. They explicitly describe the environment as well as the semantics of each feature that composes the domain. A mechanism to retrieve geographic concepts based on Protégé and Jena in order to access the ontologies, by means of SPARQL queries, has also been implemented. The retrieved instances of concepts can be visualized in a web-mapping application or in a tabular form. Templates and descriptions obtained by this process explicitly describe the properties and relations of geographic objects represented by concepts, while their relationships describe behavior that represents the object semantics. The templates attempt to generate a remembrance by which human beings perceive the real world, and the way that humans communicate and cognitively interpret the real world. Summing up, this work presents an approach allowing integrate and share of geospatial information. GEONTO-MET provides feasible solutions towards these and other related issues. For instance, compact data by alternative structures of knowledge representation and avoid the ambiguity of terms, using a domain conceptualization. The remainder of the paper is structured as follows. Section 2 reviews earlier methodologies for building ontologies and works oriented to semantics in the geographic domain. Section 3 briefly describes the GEONTO-MET approach, which is proposed to conceptualize the geographic domain. Some results of the work are given in Sect. 4. Conclusions and suggestions for future work are outlined in Sect. 5.

180

M. Torres et al.

2 Related Works Basically, a set of methods and methodologies for developing ontologies has been reported. In [4] is described the first method for building ontologies, in which the authors proposed some guidelines based on their experience in developing the Enterprise Ontology. This ontology was developed as a part of the Enterprise Project. To build an ontology, according to Uschold and King’s approach, the following processes must be performed (1) identify the purpose of the ontology, (2) build it, (3) evaluate it, and (4) document it. During the building process, the authors proposed capturing knowledge, coding it, and integrating other ontologies inside the current ontology. The METHONTOLOGY approach [5] proposes the enabling of the construction of ontologies at the knowledge level. It has its basis in the main activities identified by the software development process and in knowledge engineering methodologies. This methodology includes: the identification of the ontology development process, a life cycle based on evolving prototypes, and methods to carry out each activity in the management, development oriented, and support tasks. The main processes involved in this approach are the following: (1) build the glossary of terms, (2) build concept taxonomies, (3) build ad hoc binary relation diagram, (4) build the concept dictionary, (5) define ad hoc binary relations, (6) define instance attributes, (7) define class attributes, (8) define constants, (9) define formal axioms, and (10) define rules. In [6], Guarino has proposed the Ontoclean, as a method to analyze and clean the taxonomy of an existing ontology by means of a set of principles based on philosophy. It is oriented to remove wrong Subclass-Of relationships in taxonomies, according to some philosophical notions such as rigidity, identity, and unity. These notions are applicable to properties, but they can be extended to concepts. Some works related to ontologies and semantics in geospatial information science to be mentioned are as follows: Mark et al. [7] designed an ontology of geographic kinds to yield a better understanding of the structure of the geographic world, and to support the development of GIS that is conceptually sound. This work first demonstrated that geographical objects and kinds are not just larger versions of the everyday objects and kinds previously studied in cognitive science.

Geospatial Information Integration Approach Based on Geographic 181

3 GEONTO-MET Approach GEONTO-MET [8, 9] is oriented to formalize geographic domain conceptualization according to the specifications from the INEGI. The main goal is to provide semantic descriptions, which represent the properties and relations being described so that the behavior and features of geographic objects are taken into account directly from the geographic domain ontology. GEONTO-MET is composed of four principal stages: Analysis provides an abstract model of the geographic objects involved in this domain. Synthesis makes the conceptualization of the geographic domain. A set of application ontologies (in tourist and topographic contexts) and domain ontology called Kaab-Ontology is generated by the Processing stage. Finally, Description produces an alternative representation of geographic objects as well as the integration of them in a semantic description template. This approach is based on a set of axiomatic relationships allowing for direct translation of the relations between concepts to the conceptualization. In this way, the semantic resolution is improved, that is, the definition of such relationships can be iteratively refined. To achieve this, we use a couple of sets ( A1 = { is, has, does} and A2 specific prepositions related to geospatial context). These sets are necessary and sufficient to define the rest of relationships involved in the conceptualization of geographic domain. The essence of this approach is to reduce the axiomatic relationships within conceptualization. One could think that this reduction is a limitation for the richness of expression that conceptualization can implicitly contain. Nevertheless, the universe of possible relations is not a priori defined, due to the “relation” in a classic sense not being predefined. In fact, the reduction of axiomatic relations has two main advantages: first, it is possible to define as many “typical relations” as needed, because this type of relation is treated as a concept. In other words, “typical relations” are part of conceptualization, they are not considered as axioms, and these are defined as concepts. The second advantage is that relations have a semantic association to themselves, not only from an axiomatic definition, but also from the conceptualization itself (the context of each relation). To illustrate the idea, let us consider one axiomatic relation widely used: the relationship “part_of ”. Such a relationship means that one concept is a constituent element of another concept. By using GEONTO-MET, it is possible to create this relationship as a concept (concept-R), by defining the concept “part” (in the way that the concepts are defined) and using the axiomatic relationships (is, does, has) to create the concept-R equivalent

182

M. Torres et al.

to the relationship “part_of ”. For instance, let us consider the following sentence: “heart part_of body”; in this, two concepts (heart and body) are involved as well as one axiomatic relationship (part_of ). By using the approach, the same relationship could be expressed “heart is part of body”, in which three concepts (heart, part, and body) and two axiomatic relationships: a fundamental one (is) and an auxiliary one (of ) are described. The advantage is that the semantic of the relationship is the same and it is not necessary to previously define the relation “part_of ”. Then, we only need to define “part” as a concept (having the semantic richness of concepts) and use it to define the new relationship. On the other hand, GEONTO-MET is composed of a set of elements that are used to make the geographic domain conceptualization. Due to space limitations, specific details of GEONTO-MET are described in [3]. 3.1 Retrieving Geospatial Objects Through Kaab-Ontology Ontologies have been implemented in Protégé, applying the GEONTOMET approach. To carry out the retrieving of geospatial objects, we have used the Jena API. This is a structure of Java oriented to build semantic web applications. It provides an integrated programming environment for RDF, RDFS, OWL, and SPARQL as well as including an inference engine based on rules. This API is used to extract instances of concepts from Kaab-Ontology. This ontology has been implemented in OWL. Therefore, it is necessary to generate a persistent model of this conceptualization to establish the link between the components. The instances are retrieved by using SPARQL, which is the query language that offers an access protocol of metadata into the OWL structure. In Fig. 1 is depicted the general framework to retrieve geospatial objects, by means of instances of concepts, which are mapped with geospatial objects stored in a geographic database. This process starts with the transformation of geographic domain ontology to a persistent model in OWL. The task consists of translating the abstract entity classes and concepts inherited from these in to tabular form, in which SPARQL can access the elements of the Kaab-Ontology. We have used a set of predicates in order to map geographic concepts and instances stored in the OWL persistent model. In this case, a searching method by strings is used to recover the instances from the Kaab-Ontology. This method is composed of subject, predicate, and objects (see Fig. 2).

Geospatial Information Integration Approach Based on Geographic 183

Knowledge Geographic Domain

Analysis

Synthesis

Processing

OBTAIN

OBTAIN

OBTAIN

Abstract Model

Conceptualization

Kaab-Ontology

OWL Persistent Generate Model

Jena

Concept Instances

Kaab-Ontology Geo-Mashup Application

Description

OBTAIN

Retrieve SPARQL Queries

Semantic Representation

Matching

Spatial DB

GEONTO - MET

Fig. 1 General framework to retrieve instances and the mapping of geospatial objects

Subject

Predicate

Object

Fig. 2 String information recovered by Jena

In this case, all the strings generated by Jena will be composed of a triplet of these elements in order to semantically represent the state of the conceptualization of a geographic object in a certain context. The instances are retrieved by means of a set of queries formulated in SPARQL. The main purpose of this work is to show the way for accessing the ontology and retrieving the individuals of concepts that belong to certain class and accomplish this with the semantic searching criteria. A fragment example of a SPARQL query implemented for retrieving instances of the Kaab-Ontology is described as follows. String queryString = "PREFIX result:"+ "SELECT ?Bares " + "WHERE "+ "{ "+" result:AcapulcoDiana result:hasA ?Bares ."+ "}"; com.hp.hpl.jena.query.Query query = QueryFactory.create(queryString); QueryExecution qe = QueryExecutionFactory.create(query, model);

184

M. Torres et al.

The code describes the mode to establish the connection to the persistent model and the specification of the OWL. In addition, it specifies the concepts that will be explored to extract the instances. The advantage of this retrieval mechanism is that the query model is oriented to data, whereby the meaning of each defined element in a vocabulary is represented by a language, and it is possible to semantically extract instances of concepts related to the context of the ontology. When the instances of concepts are retrieved, they are stored in tables, and each table has an identifier that is directly mapped to the shapefiles1 in order to link the semantic result with spatial objects. The geographic data that are achieved with these criteria are visualized in a web-mapping application. 3.2 Template for Semantic Description In the modeling approach, the modeler is required to capture a user’s view of the real world in a formal conceptual model. Such an approach forces the modeler to mentally map concepts acquired from the real world to instances of abstractions available in his paradigm choice. On the other hand, the consolidation of concepts and knowledge represented by a conceptual schema can be useful in the initial steps of ontology construction. To adequately represent the geographic world, we must have computer representations capable not only of capturing descriptive attributes about its concepts, but also of describing the relations and properties of these concepts. We propose a conceptual schema to describe the contents of the real world abstraction in order to specify the behavior of the geospatial entities. In this case, conceptual schemas certainly correspond to a level of knowledge formalization. Conceptual schemas are built to abstract specific parts of the geospatial domain and to represent schematically which geographic entities should be collected and how they must be organized. We perceive that geographic data modeling requires models to be more specific and capable of capturing the semantics of geospatial data, offering higher abstraction mechanisms and implementation independence. The conceptual schema is composed of two types of concepts (C): terminal ( CT ) and nonterminal ( CN ) . The first type are concepts that do not use other concepts to define their meaning (they are defined by “simple values”). The meaning of nonterminal concepts is conceived by other concepts, which can be terminal or nonterminal concepts (see the next equation). Shapefile is a popular geospatial vector data format for GIS software. It is developed by ESRI as a (mostly) open specification for data interoperability among ESRI and other software products. It spatially describes geometries: points, polylines, and polygons. 1

Geospatial Information Integration Approach Based on Geographic 185

C = CN ∪ CT .

(1)

Each concept has a set of aspects. They are characteristics that describe the properties, relations, and instances that involve the geospatial objects. From now on, we shall use the term “relation” to denote unary relations/ properties. From this point of view, all aspects of a terminal concept are simple, e.g., the type of all aspects that belong to the set of primitive types (punctual, linear, and areal objects) is denoted by (TP ), as shown in (2). TP = { number,character,string,enumeration,struct} , A = {ai | type ( ai ) ∈ TP } ,

(2)

where TP is the set of primitive types; A is the set of aspects. Then, the set of terminal concepts is defined by (3). CT = {c ( a1 , a2 ,..., an ) ∋ ai ∈ A, i = 1,.., n} .

(3)

The nonterminal concepts have at least one aspect that does not belong to TP . It is denoted by (4). C N = {c ( a1 , a2 ,..., an ) ∋ ∃ai ∉ A} ,

where c is a concept.

(4)

Finally, the set of relations R is defined by the pairs that are associated to Г and Ф, in which Г and Ф are nonreflexive, nonsymmetric, and transitive relations (5). R = RΓ ∪ RΦ = {( a, b ) | aΓb, a ∈ C N , b ∈ C } ∪ {( a , b ) | aΦ b, a ∈ C N , b ∈ C }.

(5)

According to these definitions, it is necessary to express the semantics that can provide a conceptual schema by means of a description D. Therefore, we consider the concepts C embedded into the conceptual schemas through geospatial objects, which are represented by primitive types as well as by the set of relations R involved among geospatial objects (6). D = 〈C , R〉

(6)

Figure 3 depicts a conceptual schema designed for the geospatial domain. Thus, this schema is adaptive for any context. In other words, it attempts to reflect the main features involved in this domain. For instance, if we have topographic, geologic, or tourism contexts, it is possible to describe the entities, characteristics, and relationships embedded between geographic objects as an inheritance mechanism. This conceptualization provides us with explicit vocabulary that represents the ontological commitment of the cognitive and intuitive perception of the subjects. As a result of this schema, we obtain a symbolic description that represents a logical organization of CT and CN . These concepts are used as a

186

M. Torres et al.

guide to generate the semantic description. To build the description, a set of tags are considered. The Java Topology Suite (JTS) API is used to populate the CN and exchange the geometric information by which the Well Known Text (WKT) strings are defined. The template for the semantic description is composed of the following tokens: ( ). < >. { }.

They represent the object “name.” They establish the relationship between objects. They represent the complete description of each geospatial object. Direction. It represents the relative orientation of an object. Punctual Measure

Datum Spheroid

Disjoint Contains

Scale

Inside

Projection

Equal

Coordinate System

Meet

Topological

Object Count

Spatial Reference

Punctual-Punctual

Linear-Linear

Areal Measure

Punctual-Linaer

Linear-Areal

Punctual-Areal

Areal-Areal

Summation Attribute-Sum

Complex Measurement

Simple Measurement

Average

Extreme Coordinates

Covers

Linear Measure

Standard Deviation Others..

CoveredBy Overlay Spatial

Measurement

Length

[1;n]

Area

[1;n]

Perimeter Elongation Sinuosity

Geometrical

Relation

[1;n]

Geospatial Domain

Slope Round

[1;n]

Narrow

Name

Thematic Context

Type

[1;n]

Layer

Symbology

[1;n]

[1;n]

Thematic

Convex Relative Position Attributive Aspatial

Symbol

[1;n]

Logical

Other

Name

Geographic object [1;n]

Layer GeoSpatial Domain Concept Non-terminal Concept

Punctual

Linear

Areal

Concept terminal Concept “has-a”Relation [m:n] “has [Cardinality]” Relation “is-a” Relation

Fig. 3 Conceptual schema used to generate semantic descriptions Table 1. Template to define the semantic description { [object thematic] (object) . . . [thematic] (object) direction }; . . . { Other object description };

Geospatial Information Integration Approach Based on Geographic 187

4 Results In this section, we present some results related to the GEONTO-MET approach. The ontologies designed by applying this approach were implemented in Protégé. Figure 4 depicts the main hierarchy of Kaab-Ontology. We can appreciate that concepts inherited from OWL: Thing are considered as abstract classes. The “is” relationship allows the generating of essential entities to conceptualize the geographic domain. OWL: Thing

Geographic_Entity Geo_Realationship Geo_Phenomenon Geometric

Geographic_Object

xuul chuuk

sayab

utskiin moots

Topological

rel_topo_share

rel_topo_connect

ixco Paakat

Fig. 4 Main hierarchy of Kaab-Ontology

In Fig. 5 is shown the partition of “geographic_object,” which is composed of a set of abstract classes that are used to conceptualize the geographic domain by means of concepts. Each concept of this domain can be collected and defined into these classes. Additionally, an ontological description of the concept “road ” with relations “has” and “is” is depicted in Fig. 6. Figure 7 shows the ontological description that represents abilities of concept instances. The ability of a concept is defined by the relation “does.” In Fig. 8, a semantic description of a geospatial region is depicted. We can appreciate that a XML document is generated in order to share and integrate geospatial information. A native template has been built to describe the semantics of a geospatial region.

188

M. Torres et al.

Fig. 5 Partition of abstract classes

Fig. 6 Ontological description of the “road” concept

Geospatial Information Integration Approach Based on Geographic 189

Fig. 7 Ontological description of “abilities” of concept instances

Fig. 8 Semantic description and XML document from a geospatial region

A semantic retrieval of concept instances is shown in Fig. 9. The query has been implemented in SPARQL and the code accesses the KaabOntology by means of an OWL persistent model to retrieve them. In this query, the cost per room in hotels is returned. In this case, “cost ” is a property of a concept and “hotels” are instances. These features belong to the application ontology in a touristic context. Finally, in Fig. 10, a web-mapping application is shown. The instances of concepts retrieved by the SPARQL query are mapped to the geographic objects stored in the Shapefile. The goal of this mechanism is to avoid ambiguities in the query

190

M. Torres et al.

Fig. 9 Instances and value properties associated to “hotel” concept

Fig. 10 Web-mapping that represents instances of concepts

process of GIS. A semantic focus is proposed for this purpose, a conceptualization of a geographic domain represented by the domain ontology provides readable mechanism to integrate and share geospatial information.

5 Conclusions and Future Work In this work an approach to conceptualize the geographic domain has been briefly described. The goal is to provide semantic descriptions that represent the properties and relations describing the behavior of geographic objects. GEONTO-MET is based on a set of axiomatic relations allowing direction translation of the relations between concepts to the conceptualization. In this way, the semantic resolution is improved, that is, the definition of such relations can be iteratively refined. This conceptualization approach attempts to generate a remembrance in which the human beings perceive the real world, and a natural way the humans communicate and cognitively interpret the environment in order to represent it in a computer. We demonstrate conceptual schemas to describe the contents of the real world abstraction to specify the behavior of the geospatial entities, in which context plays an important role to guarantee shared and explicit conceptualizations. As a case study, application ontologies have been designed. These represent the conceptualization of each context, which explicitly describe as well the semantics of every feature that composes the domain. A mechanism to retrieve geographic concepts based on Protégé and Jena to access the ontologies by means of SPARQL queries has been implemented. Retrieved instances of concepts are visualized in a web-mapping application. Templates and descriptions obtained by GEONTO-MET explicitly describe the properties and relations of geographic objects represented by concepts, while their behavior describes objects semantics.

Geospatial Information Integration Approach Based on Geographic 191

On the other hand, this approach allows integrating and sharing geospatial information. It provides a feasible solution towards these and other related issues. Future work is mainly oriented to propose conceptual issues related to translate semantic descriptions into geospatial ontologies, as well as what would be required to establish these kinds of ontologies. Our work is directed at formalizing appropriate methods to represent ontologies of the geospatial domain and to measuring semantic contents between geospatial ontologies. Acknowledgments The authors of this paper thank the CIC, SIP Project: 20082563, IPN, and CONACYT for their support.

References 1. Gruber T (1993) From a translation approach to portable ontology specifications. Knowl Acquis 5(2):199–220 2. Guarino N (1998) Formal ontology and information systems. In: Proceedings of the International Conference on Formal Ontology in Information Systems, FOIS 1998, Trento, Italy, pp 3–15 3. Torres M, Quintero R, Levachkine S, Guzman G, and Moreno M (2008) Towards a methodology to conceptualize the geographic domain. Lecture Notes in Artificial Intelligence, vol 5317. Springer, Berlin, Germany, pp 111–122 4. Uschold M and Grüninger M (1996) Ontologies: Principles, methods and applications. Knowl Eng Rev 11(2):93–155 5. Fernández M, Gómez A, and Juristo N (1997) METHONTOLOGY: From ontological art towards. In: Ontological Engineering. Symposium on Ontological Engineering of AAAI. Stanford University, California, pp 33–40 6. Guarino N and Welty C (1995) A formal ontology of properties. Lecture Notes in Artificial Intelligence, vol 1937. Springer, Berlin, Germany, pp 97–112 7. Mark D, Smith B, and Tversky B (1999) Ontology and geographic objects: An empirical study of cognitive categorization. In: Proceedings of the Spatial Information Theory: A Theoretical Basis for GIS, Stade, Germany, pp 283–298 8. Torres M and Levachkine S (2007) Obtaining semantic descriptions based on conceptual schemas embedded into a geographic context. Lecture Notes in Geoinformation and Cartography, vol 4977, Springer, Berlin, Germany, pp 209–222 9. Torres M (2007) Representación ontológica basada en descriptores semánticos aplicada a objetos geográficos. Ph.D. Thesis, in Spanish

An Approach to Comparing Different Ontologies in the Context of Hydrographical Information

L. M. Vilches-Blazquez , J. A. Ramos, F. J. Lopez-Pellicer, O. Corcho, and J. Nogueras-Iso Ontology Engineering Group – Universidad Politécnica de Madrid, Spain, [email protected]

Abstract. Geographical Information is increasingly captured, managed, and updated by different cartographic agencies. This information presents different structures and variable levels of granularity and quality. In practice, such heterogeneity causes the building up of multiple sets of geodata with different underlying models and schemas that have different structures and semantics. Ontologies are a proposal widely used for solving heterogeneity and a way of achieving the data harmonization and integration that Geographical Information Systems (GIS) and Special Data Infrastructures (SDI) need.This paper presents three hydrographical ontologies (which are built using top-down and bottom-up approaches) and an approach for comparing them; the goal of this approach is to prove which ontologies have a better coverage of the domain. In order to compare the resultant ontologies, six qualitative facets have been studied: sources used (amount, richness, and consensus), reliability of building approaches (community extending use, recommenddations), ontology richness (number and types of components), formalization (language), granularity (scale factor), and the design criteria followed. Keywords: Geographical information; Heterogeneity; Data harmonization and integration; Top-down and bottom-up approach; Hydrographical ontologies; Comparison

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_13, © Springer-Verlag Berlin Heidelberg 2009

193

194

L.M. Vilches-Blazquez et al.

1 Introduction Nowadays, Geographical Information (GI) is increasingly captured, managed, and updated by different cartographic agencies. Such information presents different structures and variable levels of granularity and quality. In practice, this diversity causes the building up of multiple sets of spatial data and models with different structures and underlying semantics. Ontologies are frequently used to describe explicitly the characteristics of these sets and models in a formal manner. They are a widespread proposal for solving heterogeneity and a way of achieving the data harmonization and integration that Geographical Information Systems (GIS) and Spatial Data Infrastructures (SDI) need to access, exchange, and query processes. Domain ontologies [22, 28] are reusable in a specific domain. They provide vocabularies of concepts within a domain and their relationships, of the activities taking place in that domain, and of the theories and elementary principles governing that domain. However, no single ontology is devoted to the hydrographical domain, but instead many. Hydrography focuses on the measurement and description of the characteristics of any type of water bodies. Hydrography is composed of subsets, which are called subdomains, and these can be as different as oceanography, bathymetry, limnology, or hydrographical survey. This variety of subdomains justifies the need to specify some criteria for ontology comparison. This comparison, on the other hand, will allow other ontology or application developers to determine which ontology has a better conceptualization of the domain, though its selection process depends on usability criteria, language restrictions, and others. Therefore, in this paper, we aim to set an approach for comparing and evaluating the coverage of different domain ontologies. Nevertheless, we must make clear that this paper does not deal with processes that measure the similarity between concepts of different ontologies or that achieve an evaluation process of internal ontology characteristics (taxonomic correctly, consistency, cycle existence, etc.). This paper is organized as follows. Sect. 2 describes the ontology development process. Section 3 presents two bottom-up approaches (Hydro and PhenomenOntology) and a top-down approach (hydrOntology) for ontology development. Section 4 describes some criteria for comparing and a comparison process between different ontologies. Finally, Section 5 draws some brief conclusions.

An Approach Comparing Different Ontologies Context Hydrographical

195

2 Ontology Development Process As described in [27] there are two main different strategies for ontology development depending on the approach followed to obtain the ontology components and to represent them in the ontology. These are the bottom-up and the top-down strategies and both have advantages and disadvantages. The bottom-up strategy proposes first identifying the most specific concepts and generalizing them into more abstract concepts. The authors affirm that a bottom-up approach provides a very high level of detail. This approach (1) increases the overall effort (sustained by people and machines), (2) makes it difficult to spot commonality between related concepts, and (3) increases the risk of inconsistencies, which can lead to (4) remaking the strategy and even to more effort. On the other hand, when the top-down strategy is used, the most abstract concepts are first identified, and then specialized into more specific concepts. The main result of using this approach is a better control of the level of detail; however, starting at the top may presuppose having to choose and later impose arbitrary and possibly unnecessary high level categories. Because these categories do not arise naturally, we risk having less stability in the model, which may imply having to remake the model and also greater effort. The emphasis on dividing up rather than on putting together the categories implies, for a different reason, missing the commonality inherent in the complex web of interconnected concepts. Figure 1 shows an overview of the different manners of developing hydrographical ontologies following these approaches. The ontologies, Feature Catalogues

Thesaurus

Top-Down approach

hydrOntology

Data Models

NOMGEO Database

Bottom-up approach hydro

BCN 25 Feature Catalogue

Bottom-up approach

PhenomenOntology

Fig. 1 An overview of the three ways of developing hydrographical ontologies

196

L.M. Vilches-Blazquez et al.

which are described in detail in the next section, are built following different methods and methodologies.

3 Ontologies for the Hydrographical Domain In this section, we briefly describe some technical and methodological characteristics (bottom-up, top-down, etc.) of three ontologies belonging to the hydrographical domain. 3.1 hydrOntology hydrOntology is an ontology that follows a top-down development approach. Its main goal is to harmonize heterogeneous information sources coming from diverse cartographic agencies and other international resources. Initially, this ontology was created as a local ontology that established mappings between different Spanish National Geographic Institute (IGN-E) data sources (feature catalogues, gazetteers, etc.). Its purpose was to serve as a harmonization framework among Spanish cartographic producers. Later, the ontology has evolved into a global domain ontology and it attempts to cover most of the hydrographical domain. The final version of this ontology was finished in mid-2008. An overview of the hydrOntology characteristics with the statistical data (metrics) and its different taxonomic relations is provided below. hydrOntology has 150 classes, 34 object properties, 66 data properties, and 256 axioms. Some examples of the four taxonomic relations defined in the Frame Ontology [6] and the OKBC Ontology [3], namely, Subclasses, Disjoint-Decomposition, Exhaustive-Decomposition, and Partitions have been implemented. Further details are shown in [29]. The ontology documentation is exhaustive and, in this sense, definitions and their sources can be found in each concept (class). The ontology has an important amount of labels with alternative names (synonyms) as well as concept and synonym provenances. In order to develop this ontology following a top-down approach, different knowledge models (feature catalogues of the IGN-E, the Water Framework European Directive, the Alexandria Digital Library, the UNESCO Thesaurus, Getty Thesaurus, GeoNames, FACC codes, EuroGlobalMap, EuroRegionalMap, EuroGeonames, different Spanish Gazetteers and many others) have been consulted; additionally, some integration problems of

An Approach Comparing Different Ontologies Context Hydrographical

197

geographic information and several structuring criteria [29] have been considered. The aim was to cover most of the existing GI sources and build an exhaustive global domain ontology. For this reason, the ontology contains 150 relevant concepts related to hydrography (e.g., river, reservoir, lake, channel, and others). Regarding methodological issues, the approach adopted is METHONTOLOGY, a widely-used ontology building methodology. This methodology emphazises the reuse of existing domain and upper-level ontologies and proposes using, for formalization purposes, a set of intermediate representations that can be later transformed automatically into different formal languages. hydrOntology has been developed according to the ontology design principles proposed by [14] and [2]. Some of its most important characteristics are that the concept names (classes) are sufficiently explanatory and are rightly written. Thus, each class tries to group only one concept and, therefore, classes in brackets and/or with links (“and,” “or”) are avoided. According to some naming conventions, each class is written with a capital letter at the beginning of each word, while object and data properties are written with lower case letters. 3.2 Hydro This bottom-up hydrographical ontology, developed at the University of Zaragoza (its final version appeared in 2007), is the result of applying the process described in [20] to the hydrographical features of the National Geographic Gazetteer, also called Georeferenced Database or NOMGEO. Such a process consists in applying to the toponymic database the following tasks: (1) the thematic analysis task, which determines the feature type and the generic name of each feature in the database; (2) the signature filter task, which selects the distinct signatures, i.e., pairs made of a feature type and a generic name that represents a significant number of features; and (3) the formal context builder task, which creates an incidence matrix whose rows are the aforesaid signatures. Once the incidence matrix is built, the lattice builder task applies formal concept analysis (FCA) techniques to produce a concept lattice; and 4) the ontology generator task, which transforms that lattice into Web Ontology Language (OWL). The National Geographic Gazetteer is the source used for building Hydro. The gazetteer compiles more than 495,000 toponyms classified in 82 feature types. These toponyms have been drawn from several national and provincial atlas and gazetteers, cartographical maps, and specialized toponymic databases. To build Hydro, six feature types with 110,000

198

L.M. Vilches-Blazquez et al.

toponyms were selected. It should be explained that this gazetteer has an underlying a geographical database, not a lexical one. It contains a huge collection of proper names used to identify features in the real world, and the type of feature, and also some hint of location in the form of a pair of coordinates. With regard to richness, this ontology contains 51 named classes, which can be classified from their source as follows: the original IGN-E feature types and the types extracted from the name of the features, i.e., generic names, and also the concepts derived from the combination (map) of concepts in the previous groups. It must be added that this ontology is more comprehensive than the six original hydrographical feature types. However, it is also more difficult to interpret because its correspondence in terms of the real world depends on the interpretation of terms used in the database – mostly generic names – and on the semantics of the concepts generated by FCA. Sometimes FCA generates concepts that exist but that cannot be immediately interpreted by the expert. With respect to the methodology, this approach is based on the FCA [7]. Further details of this methodology and of its different steps of building process are shown in [20]. The ontology follows some design principles regarding the names of the classes, and these principles are the names drawn from the original feature type names, or from the generic names, or from a composite name made by joining both a feature type and a generic name. 3.3 PhenomenOntology During 2007, the Ontology Engineering Group (at the Universidad Politécnica de Madrid) and IGN-E collaborated in building automatically an ontology of geographic features; their aim was to integrate the knowledge bases of this geographic agency. Both partners decided to use BCN25 (Numerical Cartographic Database scale 1:25,000) to create the ontology automatically. The current version of PhenomenOntology is 2.0 and dates from September 2008. The Numerical Cartographic Database (BCN25) was built to obtain the 1:25,000 cartographic information that complies with the required data specifications exploited inside GIS environments. Therefore, BCN25 contains geometric and topological properties and follows a specific databaseoriented model and feature catalogue [25]. The information contained in BCN25 is structured in eight different topics (Administrative boundaries, Relief, Hydrography, Vegetation, Buildings, Communications, Pipe lines, and Toponymy). Each topic is coded with three pairs of digits: two digits

An Approach Comparing Different Ontologies Context Hydrographical

199

for its topic, two digits for its group (part of homogeneous information structured in topics), and two digits for its subgroup (a stretch of a geographic feature belongs to a group). These numbers describe and classify different features regardless of its location and spatial dimension. The following text box shows an example: Topic 03: Hydrography Group: 01 constant watercourse Subgroup: 01 Watercourse symbolized by one line The authors have used a 1:25,000 scale catalogue to generate automatically an ontology using an ad hoc application. Such an application extracts the concepts of PhenomenOntology from the feature type attributes found in the instances of a feature catalogue. The application is a wrapper that upgrades the information presented as a collection of rows to a taxonomy of concepts order. The software developed for the automatic creation of this ontology permits selecting the criteria for taxonomy creation and its order. These criteria are based on the information contained in each row of the BCN25 feature catalogue table. The code (“código”) column stores encoded information about a three-level taxonomy. The application permits the extracting of a super class for each different value of the pair of digits selected. IGN-E used the application developed for generating criteria combination tests and chose an automatic generated ontology with three levels (two criteria: first pair of code and second pair of code), 686 concepts, and 3,846 attributes. In this paper, we focus only on the hydrographical subtree, which contains 87 concepts and 468 attributes (416 attributes corresponded directly to table columns, 35 were automatically generated in superclasses with criteria information, and 17 were discovered in name analysis). The ontology is stored in the WebODE platform [1]. This first version of PhenomenOntology is being refined by IGN-E experts with the WebODE editor. The subtree includes 52 concept names taken from BCN25 names (with its naming convention), 34 concept names, which are composed of a second pair of code, and one concept name composed of a first pair of code (03).

4 Comparison By providing a shared conceptualization of a domain of interest, ontologies have become an important means for knowledge interchange and integration. However, to date, there are not many works whose aim is to compare ontologies in the same domain. Different approaches make this comparison,

200

L.M. Vilches-Blazquez et al.

which is based on matching techniques [23, 5], comparisons to conceptual level [33], similarity measurements [32, 21, 9], and senses refinement algorithms [31, 30]. As we mentioned in the Introduction, the goal of this paper is not to measure the similarity of ontologies or of ontology parts, neither is it to set alignments with different matching tools (in fact, matching techniques do not achieve good results); in fact, our work is focused on the facets cited. On the other hand, no criteria exist that evaluate domain coverage. There are only evaluation criteria, such as [11, 12, 16], which focus on ontology verification, ontology validation, ontology assessment, consistency, and philosophical notions of properties and concepts. Hence, we have to compare different ontologies on the same knowledge domain and then propose some evaluation criteria to point out which ontology better covers the domain, which, in this case, is the hydrographical domain. The selected criteria for making comparisons between different ontologies follow some of the general ontology design criteria published in the literature; these criteria also focus on the different aspects covered by the most widely used ontology definition, i.e., an ontology is a formal, explicit specification of a shared conceptualization [15]. Finally, these criteria take into account some aspects of the methodological process for building the ontologies. Therefore, in this paper, we group different selected criteria and emphasize some concepts of the commented ontology definition. Thus, the significance of this definition is used as a basis for our proposal of comparison features. According to [26], a “conceptualization” refers to an abstract model of some phenomenon in the world by having identified the relevant concepts of that phenomenon. “Explicit ” means that the type of concepts used and the constraints on their use are explicitly defined. “Formal ” refers to the fact that the ontology should be machine readable, which excludes natural language. “Shared ” reflects the notion that an ontology captures consensual knowledge, that is, knowledge that is not exclusive to some individuals, but accepted by a group. The comparison criteria followed, which are detailed in the next section, are the following: zon; sources and granularity with respect to shareability; implementation tools and formalization language with respect to explicitness and formality; and design criteria. 4.1 Conceptualization Quality Ontological richness. These ontologies contain information sources with different quality and granularity characteristics, and this divergence creates

An Approach Comparing Different Ontologies Context Hydrographical

201

their different ontological richness, i.e., different components, which can change both in number and type. PhenomenOntology has 87 different classes and only 17 data properties because various identifiers (IDs) are not considered as real data properties in this comparison process since such identifiers were created during the automatic development of the ontology. Hydro has only classes (51 different classes) because of the method used to develop this ontology, whereas hydrOntology has 150 classes, 34 object properties, 66 data properties, and 256 axioms; this difference is in part due to the amount and granularity of the sources selected for its development and to the information processing and modeling steps followed by the domain experts. Reliability of methodologies. hydrOntology was developed with the help of METHONTOLOGY, a methodology that has been applied by different groups to build ontologies in different knowledge domains, such as Chemistry, Science, Knowledge Management, e-Commerce, etc. A detailed description of this methodology can be found in [10]. METHONTOLOGY takes into account the main activities identified by the IEEE software development process [18] and other knowledge engineering methodologies. METHONTOLOGY has been proposed as the methodology for ontology construction by the Foundation for Intelligent Physical Agents (FIPA), which promotes interoperability across agent-based applications. On the other hand, Hydro is based on FCA [7] and follows a bottom-up approach. This ontology has proven to be very useful in different steps of the ontology building process. It is used during the ontology extraction step and in fields as different as medicine [19] and software development [17]. METHONTOLOGY can be found in data-driven ontology building scenarios, such as [8]. Finally, PhenomenOntology was developed following an ad hoc methodology. Obviously, the reliability of the methodologies is much higher than the reliability of the ad hoc wrapper. 4.2 Shareability Sources. Both bottom-up approaches are based on a single available information source. Thus, PhenomenOntology is based on the BCN25 feature catalogue, whereas Hydro is based on the National Geographic Gazetteer. On the other hand, the top-down approach (hydrOntology) is based on more than 20 different information sources, as mentioned above. This fact implies that the building of hydrOntology uses a great amount of shared concepts. These ontologies have many differences between them with respect to the level of detail, as shown in Table 1.

202

L.M. Vilches-Blazquez et al.

Table 1. Criteria for comparing ontologies Richness

Hydro

150 classes 34 object properties 66 data properties 256 axioms 51 classes

Phenomen Ontology 2.0

87 classes 17 data properties

hydr Ontology

Sources

+20 different ones National Geographic Gazetteer BCN25

Methodology

Granularity

Formalization

METHONTOLOGY

From Global– Continental to Regional– Local

OWL Full

FCA

1:25,000 to 1:5,000

OWL Full

Ad hoc wrapper

1:25,000

OWL DL

Granularity. According to [36], the granularity concept is shared by two different viewpoints. In the first one, semantic granularity addresses the different levels of specification of an entity in the real world. In the second viewpoint, spatial granularity addresses the different levels of spatial resolution or representation at different scales. In this paper, we deal with a merged vision of both viewpoints; therefore, the notion of granularity applied to GIS should take into account some cognitive aspects, the amount of detail involved in the presence – absence, and a representation of different geographical features across a wide range of scales. With regard to the three ontologies that are the target of this comparison process, it should be said that they have different levels of granularity; therefore, hydrOntology, Hydro, and PhenomenOntology are fed on different information sources, whereas certain phenomena are scale-dependent. Thus, PhenomenOntology is based on one source with geographical features, whose detail level corresponds to a 1:25,000 scale. Hydro is also fed on one source that has information of instances from a 1:25,000 to a 1:5,000 scale. hydrOntology, which is based on more than 20 different sources, has geographical features that range from a global – continental scale to a regional – local scale. Accordingly, these variations at the level of information detail serve to classify ontologies into two levels: low-level ontologies, which correspond to very detailed information (hydrOntology), and high-level ontologies, which correspond to more general information [36] (Hydro and PhenomenOntology).

An Approach Comparing Different Ontologies Context Hydrographical

203

4.3 Explicity and Formality Implementation tools. The tools employed for developing these ontologies guarantee that all their components are explicit and formalized. hydrOntology and Hydro employ Protégé [24], while PhenomenOntology employs WebODE [1]. Formalization language. The three different ontologies are formalized according to OWL [34]. This language is a technical recommendation of the W3C Consortium,1 and from such a language three increasingly expressive sublanguages (OWL Lite, OWL DL, and OWL Full) [35] have derived. Next, we show briefly some characteristics of these sublanguages. Further details can be found on the W3C website.2 • OWL Lite gives support primarily to those users that require a classification hierarchy and simple constraints. OWL Lite has a less formal complexity than OWL DL. • OWL DL helps those users who want maximum expressiveness while retaining computational completeness (all conclusions are guaranteed to be computable) and decidability (all computations will finish in finite time). This sublanguage includes all OWL language constructs, though these can be used only under certain restrictions. PhenomenOntology is formalized according to the expressiveness of this language. • OWL Full is meant for users who need maximum expressiveness of and syntactic freedom from the resource description framework3 (RDF) with no computational guarantees. OWL Full allows an ontology to augment the meaning of the pre-defined (RDF or OWL) vocabulary. It is very unlikely that any reasoning software can support complete reasoning for every feature of OWL Full. Hydro and hydrOntology are formalized according to the characteristics of this sublanguage. 4.4 Design Criteria The following criteria have been taken into account in our comparison process: 1. Clarity criterion [13]: An ontology should effectively communicate the intended meaning of the defined terms. These definitions should be objective and documented with natural language. 1 2 3

http://www.w3.org/. http http://www.w3.org/TR/owl-features/. http://www.w3.org/RDF/.

204

L.M. Vilches-Blazquez et al.

1Ext. Extended criterion [4]: Term names should be sufficiently descriptive and be used and written correctly, even if there are no definitions. 2. Extendibility criterion [13]: One should be able to define new terms for special uses based on the existing vocabulary in a way that does not require the revision of the existing definitions. 3. Minimizing the syntactic distance between sibling concepts criterion [2]: Sibling concepts should be represented using the same primitives. 4. Standardization of names criterion [2]: The same naming conventions should be used to name-related terms to ease the understanding. 5. Minimal encoding bias criterion [14]: Design decisions should be independent of the implementation features. 6. Minimal presentation bias criterion [4]: Design decisions should be independent of the presentation features. 7. Maximizing the useful information quantity criterion [4]: The information of an ontology should be complete and should not have redundancies for being useful. As can be seen in Table 2, criteria 2 and 5 are not applicable, whereas criterion 7 is evaluated as ontology richness (see Sect. 4.1). Moreover, the naming convention of PhenomenOntology is the same as that of its source (BCN25) because the wrapper does not implement any name transformation. As for the extended design criterion 1, we must add that only hydrOntology observes it. With regard to criterion 3, it can be said that Hydro and PhenomenOntology present some sets of siblings. Table 2. Design criteria for comparing ontologies hydrOntology Hydro PhenomenOntology

1 9 9 BCN25

1 Ext. 9 X X

3 9 ~ ~

4 9 9 9

6 9 9 9

5 Conclusions and Future Work We have presented some criteria for ontology comparison that will permit ontology or application developers to investigate which ontology has a better domain conceptualization. The ontology comparison task using the above criteria is a complex one. As can be observed, the ontological richness, the sources used, the methodological approach, and the design criteria of ontologies of the same domain are very different. This reflects the fact that ontology development in a domain is strongly biased by the point

An Approach Comparing Different Ontologies Context Hydrographical

205

of view of the experts involved, hence the need to establish some ontology comparison criteria prior to reusing an existing ontology. With regard to future work, we are attempting to collect some hydrographical ontologies in order to carry out an exhaustive comparison and then to choose the ontology that covers this knowledge domain best. Additionally, we are trying to test our approach by means of comparing other ontologies of different geospatial topics among themselves and with other domain ontologies out of the geographical domain. Moreover, we will analyze other criteria for comparison process between ontologies. The goal of our approach is to set such an approach as an international comparison method of domain coverage. Acknowledgments This work has been partially supported by the National Projects “GeoBuddies: Anotación semántica colaborativa con dispositivos móviles en el Camino de Santiago” (TSI2007-65677C02) and “Avances en la definición y tratamiento de metainformación para la gestión de información y servicios en infraestructuras de datos geoespaciales” (TIN2007-65341), and the bilateral collaboration UPM-IGN-E 2007-2008. We are also grateful to Rosario Plaza for her help in checking and reviewing the grammar and spelling of the paper and improving clarity and style.

References 1. Arpírez JC, Corcho O, Fernández-Lopez M, and Gómez-Pérez A (2003) WebODE in a nutshell. AI Magazine 2. Arpírez JC, Gómez-Pérez A, Lozano A, and Pinto HS (1998) (ONTO) 2Agent: An ontology-based WWW broker to select ontologies. In: Gómez-Pérez A, Benjamins RV (eds) ECAI’98 Workshop on Applications of Ontologies and Problem-Solving Methods. Brighton, United Kingdom, pp 16–24 3. Chaudhri VK, Farquhar A, Fikes R, Karp PD, and Rice JP (1998) Open knowledge base connectivity 2.0.3. Technical Report KSL-98-06, Knowledge Systems Laboratory, Stanford, CA, http://www.ai.sri.com/ okbc/okbc-2-0-3.pdf 4. De Diego R (2001) Método de mezcla de catálogos electrónicos. Grade thesis, Facultad de Informática, Universidad Politécnica de Madrid 5. Euzenat J (2004) An API for ontology alignment, In: Proceedings of the Third International Semantic Web Conference (ISWC) 6. Farquhar A, Fikes R, and Rice J (1997) The Ontolingua server: A tool for collaborative ontology construction. Int J Human Comput Studies 46(6):707–727

206

L.M. Vilches-Blazquez et al.

7. Ganter B and Wille R (1997) Formal concept analysis: Mathematical foundations. New York, Springer, Secaucus, NJ, USA; Translator-C. Franzke 8. Gessler DD, Joslyn CA, Verspoor KM, and Schmidt SE (2006) Deconstruction, re-construction, and ontogenesis for large, monolithic, legacy ontologies in semantic web service applications. Technical Report 06-5859, Los Alamos 9. Giménez-Lugo GA, Amandi A, Sichman JS, and Godoy D (2002) Enriching information agents’ knowledge by ontology Comparison: A case study. In: Proceedings of 8th Ibero-American Conference on Artificial Intelligence (IBERAMIA’02), Seville, Spain 10. Gómez-Pérez A, Fernández-Lopez M, and Corcho O (2003) Ontological Engineering. London (United Kingdom), Springer 11. Gómez-Pérez A, Juristo N, and Pazos J (1995) Evaluation and assessment of knowledge sharing technology. In: Mars NJ (ed) Towards Very Large Knowledge Bases. Knowledge Building and Knowledge Sharing, IOS Press, pp 289–296 12. Gómez-Pérez A (2003) Ontology evaluation. In: Staab S and Studer R (eds) Handbook on Ontologies, Springer, pp 251–274 13. Gruber TR (1993) Toward principles for the design of ontologies used for knowledge sharing. In: International Workshop on Formal Ontology in Conceptual Analysis and Knowledge Representation. Padova, Italy, Kluwer, Netherlands 14. Gruber TR (1995) Toward principles for the design of ontologies used for knowledge sharing. Int J Human Comput Studies pp 43(5–6) 15. Gruber TR (1993) A translation approach to portable ontology specifications. Knowledge Acquisition 5:199–220 16. Guarino N and Welty C (2000) A formal ontology of properties. In: Dieng R and Corby O (eds), Knowledge Engineering and Knowledge Management: Methods, Models and Tools. 12th Intnal. Conference, EKAW2000. Springer 17. Hyung Hwang S, Kim HG, and Yang HS (2005) A FCA-based ontology construction for the design of class hierarchy. In: ICCSA (3), pp 827–835 18. IEEE (1996). IEEE Standard for Developing Software Life Cycle Processes. IEEE Std 1074-1995. New York, IEEE Computer Society 19. Kim IC (2004) FCA-based ontology augmentation in a medical domain. In: PAKM 20. Lopez-Pellicer F, Vilches-Blazquez LM, Nogueras-Iso J, Corcho O, Bernabé MA, and Rodríguez AF (2007) Using a hybrid approach for the development of an ontology in the hydrographical domain. In: Proceedings of 2nd Workshop of COST Action C21 -Towntology Ontologies for urban development: conceptual models for practitioners 21. Maedche A and Staab S (2001) Comparing Ontologies- Similarity Measures and a Comparison Study, Institute AIFB, University of Karlsruhe, Internal Report 22. Mizoguchi R, Vanwelkenhuysen J, and Ikeda M (1995) Task ontology of reuse of problem solving knowledge. Towards Very Large Knowledge Bases: Knowledge Building & Knowledge Sharing, pp 46–59

An Approach Comparing Different Ontologies Context Hydrographical

207

23. Noy NF and Musen MA (2004) Using prompt ontology – comparison tools in the EON ontology alignment contest, In: Proceedings of the Third International Workshop Evaluation of Ontology-based Tools (EON) 24. Noy NF, Fergerson RW, and Musen MA (2000) The knowledge model of Protege-2000: Combining interoperability and flexibility. In: Dieng R, Corby O (eds) 12th International Conference in Knowledge Engineering and Knowledge Management (EKAW’00). Juan-Les-Pins, France. (Lecture Notes in Artificial Intelligence LNAI 1937) Springer, Berlin, Germany, pp 17–32 25. Rodríguez Pascual AF and García Asensio L (2005) A fully integrated information system to manage cartographic and geographic data at a 1:25,000 scale. XXII International Cartographic Conference (ICC2005), A Coruña, Spain 26. Studer R, Benjamins VR, and Fensel D (1998) Knowledge engineering: principles and methods. IEEE Trans on Data Knowledge Eng 25(1–2):161–197 27. Uschold M and Grüninger M (1996) Ontologies: Principles, methods and applications. Knowledge Eng Rev 11(2):93–155 28. van Heijst G, Schreiber A, and Wielinga B (1997) Using explicit ontologies in KBS development. Int J of Human Comput Studies 46(2/3):183–292 29. Vilches-Blazquez LM, Bernabé-Poveda MA, Suárez-Figueroa MC, GómezPérez A, and Rodríguez-Pascual AF (2007) Towntology & hydrOntology: Relationship between urban and hydrographic features in the geographic information domain. In: Ontologies for Urban Development. Studies in Computational Intelligence, vol 61, pp 73–84 30. Wang JZ, Ali F, and Appaneravanda R (2005) A Web Service for Efficient Ontology Comparison. ICWS 2005, pp 843–844 31. Wang JZ and Ali F (2005) An Efficient Ontology Comparison Tool for Semantic Web Applications. In: Proceedings Web Intelligence 2005, pp 372–378 32. Weinstein P and Birmingham W (1999) Comparing concepts in differentiated ontologies. In: Proceedings of KAW-99 33. Zimmermann K (2004) Ontology Comparison D19 v0.1. SW-Portal Working Draft. Available in http://www.deri.at/research/projects/sw-portal/2004/d19/ v0.1/20040906/ 34. Dean M and Schreiber G (2003) OWL Web Ontology Language Reference. W3C Working Draft. http://www.w3.org/TR/owl-ref/ 35. McGuinness DL and van Harmelen F (2004) OWL Web Ontology Language Overview. W3C Recommendation. http://www.w3.org/TR/owl-features/ 36. Fonseca FT, Egenhofer MJ, Davis CA, and Câmara G (2002) Semantic granularity in ontology-driven geographic information systems. AMAI Annal Math Artif Intell 36 (1–2):121–151

A Web-Service Approach for Multisensor Data Fusion and Geographic Information Systems

Mihai Cristian Florea, Nicolas Duclos-Hindie, Eloi Bosse, and Pierre Valin Thales Canada Systems Division, Quebec, Canada, [email protected]

Abstract. Different concepts from the higher-levels data fusion, such as situation awareness, impact assessment, dynamic resource management, threat evaluation, and weapon assignment, as described in [Valin P, Technical Memorandum DRDC Valcartier TM 2008-090, 2008], can be addressed as a mix between the Geographic Information Systems (GIS) and the Multisensor Data Fusion (MSDF) systems. In compliance with the Department of National Defence and Canadian Forces Architecture Framework (DNDAF) and the Service Oriented Architecture (SOA), we develop a new web services implementation of MSDF System. The migration and the decomposition into web services of the Concept Analysis and Simulation Environment for Automatic Target Tracking and Identification (CASE ATTI) test bed, developed at DRDC Valcartier, is realized using a spiral approach. A validation process of the web services is proposed by comparison with the results generated by the CASE ATTI test bed. Keywords: GIS; Multisensor data fusion; DNDAF; SOA; Webservices

1 Introduction A Geographic Information System (GIS) is a hardware/software design, able to collect, analyze, understand, interpret, and visualize the geographically related data, presented as maps, reports, and charts. In the last decades,

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_14, © Springer-Verlag Berlin Heidelberg 2009

209

210

M.C. Florea et al.

several GIS military and nonmilitary/civil applications have been developed. Geospatial capabilities (visualization of the operational theatre, terrain analysis, etc.) are now exploited in a full range of domains related to military GIS, such as: battle field management, monitoring of possible terrorist activity, command and control, maritime surveillance, and naval or air operations. In [2], Hall et Llinas define the Multisensor Data Fusion (MSDF) as “an emerging technology applied to Department of Defense (DoD) areas such as automated target recognition, battlefield surveillance, and guidance and control of autonomous vehicles, and to non-DoD applications such as monitoring of complex machinery, medical diagnosis, and smart buildings”. Bowman and Steinberg [3] and Waltz and Llinas [4] already addressed some questions about the design and the implementation of such MSDF systems. A lot of effort was deployed to develop several implementations of these MSDF systems or of some components of them, using a diversity of architectures, platforms, applications, and programming languages. One of the existing implementations of such a MSDF system in a maritime environment is the Concept Analysis and Simulation Environment for Automatic Target Tracking and Identification (CASE ATTI) test bed realized by Defence R&D Canada – Valcartier [5]. The fusion level referred in the CASE ATTI test bed is the Level-1 Data Fusion, according to the JDL taxonomy described in [6, 7], which focuses on objects (e.g., targets) tracking and identification. Other implementations of MSDF systems can be found in [8], and more general surveys of the DF applications and products are reported in [9–11]. Different concepts from the higher-levels data fusion [1], such as situation awareness, impact assessment, dynamic resource management, threat evaluation, and weapon assignment, can be addressed as a mix between the GIS and the MSDF systems, such the ones presented in [12, 13]: −

− − −

The geographic related data can be displayed in an intuitive environment so as to increase the situational awareness of a commander about a specific battlefield operation The geographic related data can be used to optimize the fusion algorithms and to increase the reliability of the resulting information The geographic related data can be used to dynamically manage the resources in a battlefield operation, in order to feed the MSDF systems The geographic related data can be used to correctly evaluate the threat priorities.

Consider, for example, that a MSDF system is identifying a convoy of motor vehicles to be close (in terms of line of sight distance) to a battlefield

A W eb-Service Approach for Multisensor Data Fusion and GIS

211

operation. In order to evaluate the threat, the MSDF system should identify the possible damage the convoy can do and the time the convoy can reach the battlefield operation. Thus, the MSDF system should use information/ data from sensors close to the identified convoy to refine its estimation about the identities inside the convoy. The geographic data is needed to identify the most suitable sensors for this situation. The MSDF system should also be able to identify if the convoy represents an imminent threat or a possible threat in the future, by evaluating the expected time to reach the battlefield operation. Since the convoy is close, when the path from the convoy to the battlefield operation is identical to the line of sight, the threat is imminent and should be treated with high priority. When the path from the convoy to the battlefield operation is different from the line of sight (a river between the convoy and the battlefield operation and no bridge nearby) the threat is possible in the future, and should have a lower priority. However, one of the problems invoked by several major actors in this field is the poor and heavy interoperability capabilities between the existing systems. To overcome this problem, a service-oriented architecture (SOA) [14] is proposed for the MSDF systems such as the CASE ATTI test bed. Its decomposition into web services, creating a more flexible and platform/ application-independent MSDF system, is our main interest. We propose such a decomposition according to the Department of National Defence and Canadian Forces Architecture Framework (DNDAF) [15] which is an extension of the US Department of Defence Architecture Framework (DoDAF) [16]. Besides the interoperability between the existing systems, some authors bring up arguments in favor of the SOA and network-centric architectures which enable much more rapid situational awareness and understanding [17, 18]. Such a Network-Centric Warfare Architecture (see Fig. 1) was described recently by Llinas in [18]. Our main interest is the collaboration between MSDF and GIS systems through a SOA architecture, and the decomposition of the CASE ATTI test bed into web services is our primary goal, which is addressed in this paper. Section 2 presents a brief introduction to the CASE ATTI test bed. Sections 3 and 4 detail the DNDAF and the SOA architectures, respectively. Section 5 shows a brief decomposition of the CASE ATTI test bed into essential services and proposes spiral decomposition into more granular services. Section 6 introduces the web services’ validation process. Section 7 is the conclusion.

212

M.C. Florea et al.

 Fig. 1 Top-level network-centric warfare architecture (from [18])

2 CASE ATTI Test Bed The CASE ATTI test bed [5] developed by DRDC Valcartier, provides a highly modular, structured, and flexible hardware/software simulation environment for the MSDF. The aim of this test bed is to study and compare various advanced MSDF concepts and schemes in order to demonstrate their applicability, feasibility, and performance. A high-level structure of the CASE ATTI test bed is presented in Fig. 2. CASE ATTI is composed by three main modules: (a) A Stimulation module which emulates the behavior of real targets, sensor systems, and the meteorological environment in an anti-air warfare (AAW) context.

A W eb-Service Approach for Multisensor Data Fusion and GIS

213

Simulation Inputs Database Data Generation Scenarios LIDF Scenarios Stimulation-to-LIDF Connections Environmental Data Externally Generated Observation Data Externally Generated Track Data

Simulation Module

User Interface

LIDF Module

PE Module

Performance Analysis Database Ground Truth Data Observation Data(Raw Measurements) Track Data Stimulation Module Internal Data LIDF Module Internal Data

Fig. 2 High-level structure of the CASE ATTI test bed (from [19])

(b) A Level 1 Data Fusion (L1DF) module which provides the algorithmlevel test and replacement capability required to study and compare the technical feasibility, applicability, and performance of advanced, stateof-the-art L1DF techniques. (c) A Performance Evaluation (PE) module which evaluates (using different metrics between different parameters) the performance of the algorithms from the L1DF module.

3 DNDAF: A Common Architecture Guide to Design MSDF Systems In the last 30 years, the size and the complexity of the information systems increased very quickly and the need of a logical construct (or architecture) for defining and controlling the interfaces and the integration of all the components of a system became more a necessity than an option. Several

214

M.C. Florea et al.

architecture frameworks were developed to deal with the complexity of the information systems. Zachman’s framework (first introduced in [20] and later revised in [21]) is widely regarded as the first architecture framework, from which others evolved, such as the C4ISR Architecture Framework [22], DoDAF (v1.0 and v1.5 [16]), MoDAF, NAF, AGATE Architecture Framework, and TOGAF, which have been used to some degree of effect as systems architecture frameworks. The DoDAF broadened the applicability of the last version of Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) architecture framework to all the mission areas rather than just to the C4ISR community, and is heading toward a new type of information intensive warfare known as net-centric warfare. Services are a key means to share information and capabilities in a net-centric environment (NCE) through published service interfaces. A service is a self-contained function in which the consumer does not know (or care) “how” the service is implemented. It only knows that the service performs “what” is defined by its published interface. The Department of National Defence and Canadian Forces Architecture Framework (DNDAF) [15] adjusts the DoDAF, MoDAF, and other already known architecture frameworks to the Canadian DND and the Canadian Forces requirements. The DNDAF defines a set of 31 products for visualizing, understanding, and assimilating the broad scope and complexities of an architecture description through graphic, tabular, or textual means, and to ensure uniformity and standardization in the documentation (from requirements to implementation) and communication of architecture. The products and elements defined within the DND Architecture Framework are organized under six views, each depicting certain perspectives of the architecture: − −

−

− −

Common View (CV): Describes the global architecture plans, scope, definitions, context, and taxonomies Operational View (OV): Focuses on the behaviours and functions describing the enterprise mission aspects – identifies what needs to be done and who does it System View (SV): Describes the system and applications supporting the mission functions – relates systems and characteristics to operational needs. Technical View (TV): Describes a set of standards governing the implementation, arrangement, interaction, and interdependence of systems. Information View (IV): Provides the definitions and structures of information required to make decisions and to manage the resources.

A W eb-Service Approach for Multisensor Data Fusion and GIS −

215

Security View (SecV): Focuses on the attributes of the architecture that deal with the protection of the operational assets (including the information assets).

These views and their relationships (shown in Fig. 3 as presented in [15]) enable one to measure the interoperability and the performance of the system and also the impact on mission and task effectiveness. 

Fig. 3 Relationships between Views (from [15])

4 Web Services Within a Service-Oriented Architecture A service-oriented architecture (SOA) is “a way of sharing functions in a widespread and flexible way” [23] and “an architectural style where existing or new functionality are grouped into atomic services” [14]. The concept of a SOA is not a new concept. SOA supports the transformation of a complex application into a set of linked services (repeatable basic applications) that can be accessed when needed over a local network or over the internet. What is new in a SOA is the property of loose coupling, meaning that the implementation of a service is hidden from the caller of this service. Loosely coupled services can thus use incompatible system technologies and nevertheless they can easily be joined together to create composite services. The strength of such a system is that it reduces the risk that a change in one application/module will force a change in another application/module.

216

M.C. Florea et al.

SOAs can be implemented using a wide range of technologies, such as SOAP, RPC, DCOM, CORBA, WCF, or web services, and a file system mechanism could be used to communicate data between services/ processes. Web services (WS) implement a SOA. A major focus of web services is to make functional building blocks accessible over standard internet protocols that are independent from platforms and programming languages. These services can be new applications or just wrapped around existing legacy systems to make them network-enabled [14]. Figure 4 shows how a web service system works. The numbers indicated in the diagram show the order of the interactions between the different actors involved in a web service system. Web service registery (service broker)

The web service Provider Publishes (1) the web service service description

(2)

service description

The clients find the service they want

service Requester

Communication Protocol (3)

service Provider

Fig. 4 Web services diagram

In the next sections we present a web services implementation, using a SOA, of a MSDF system. Our goal is to make functional building blocks accessible over standard internet protocols that are independent from platforms and programming languages.

5 CASE ATTI Decomposition into Web Services A target identification test scenario is presented in Fig. 5. This graphic is associated to the DNDAF OV-1 view, which represents a high-level operational concept graphic. The systems/services functionality description (DNDAF SV–4) is depicted in Fig. 6, which present a detailed decomposition (from [24]).

A W eb-Service Approach for Multisensor Data Fusion and GIS

217

z

Target 3

Target 1 Target 2

y

(0, 0, 0) Platform 1

Platform 2

x

Fig. 5 MSDF – test scenario (DNDAF OV–1)

Navigation Activity Control Requests/Data integration

Sector-Based Track Selection

Track Subset

High Quality Composite Tracks

Internal System track Data Store

Time Alignment Time Aligned Tracks Potential Assignation (Track-to-track)

Input Data Preparation

Pairing Yse/No

Gating (Assignation Constraints)

Track Data

Track Fusion

Track-to-Track Assignment Trk/Trk Pair

Identify Data

Configuration Monitoring & Control

Track Subset Track Data Set

Management Data

Track Reports

User Output (Firm Tracks)

Sector-Based Track Selection

Assignation Information/

Space Aligned

Sector Data

Bearing Intercept Fix (Triangulation)

Track Management -Initiation -Confirmation -Deletion

(Kinematic & ID) Curent System Tracks

Trk/Trk Pair

Users/ STA/RM

Cluster Management -Initiation -Combining -Splitting -Deletion

Target State Estimation (Contact Fusion)

Kinematic Data

Current System Tracks

Tracker Clock

Contact-to-Track Assignation

Kinematic Fusion Assignation Information/ Management Data

Track Reports

Sector Data

Information

Track Reports

-Interface -Buffer Formatting -Time corrections -Unit alignment -Attribute Prop. Cons. -Modeling Dist. Corr.

Track Reports

Time Alignment

Cluster & Track Lists

Track Reports

-Interface -Buffer Formatting -Time corrections -Unit alignment -Attribute Prop. Cons. -Modeling Dist. Corr.

Contact Data Set

Metric Data

Contact-to-Track Assignment

Potential Assignation

Track Source

-Interface -Buffer Formatting -Time corrections Track -Unit alignment Reports -Attribute Prop. Cons. -Modeling Dist. Corr.

Time Aligned Contacts/Tracks

Track Report Grouping

Track Source

Track Reports

Space Aligned Contact Reports

Contact Data

Cluster & Track Lists

Track Source

Contact Reports

-Interface -Buffer Formatting -Time corrections Contact -Unit alignment -Attribute Prop. Cons. Reports -Parametric Analysis -Modeling Dist. Corr.

Potential Assignation (Contact-to-track)

Contact Data

spatial Alignment / Missing Coordinate Processing

Contact Source

Contact Reports

-Interface -Buffer Formatting -Time corrections Contact -Unit alignment -Attribute Prop. Cons. Reports -Parametric Analysis -Modeling Dist. Corr.

Contact Report Grouping

Contact Source

Contact Reports

Activity Correlation Info. Info. Contact-to-contact Correlation

Association Metric Cnt/Trk Pair

Pairing yes/No

Cnt/Trk Pair

Potential Assignation Information

Contact Source

-Interface -Buffer Formatting -Time corrections Contact -Unit alignment -Attribute Prop. Cons. Reports -Parametric Analysis -Modeling Dist. Corr.

Gating (Assignation Constraints)

Activity Monitoring/Control

ID Information Fusion

Track-to-TrackAssignation Metric Data

Association Metric

Tracker Processing

Fig. 6 Functional decomposition of a generic MSDF system (from [24])

218

M.C. Florea et al.

A first step decomposition of the CASE ATTI into web services should be made according to its main modules: the stimulation, the level 1 data fusion, and the performance evaluation modules as presented in Fig. 2. Figure 7 shows an implementation of the stimulation web service. A detailed block diagram of the stimulation module can be found in the left side of Fig. 6. The stimulation web service is based on the following steps: 1. The client connects to the stimulation web-server and obtains a client ID number 2. The client provides to the stimulation web-server the stimulation CONFIG files, the input socket port, address, and key for the report reception 3. The stimulation web service extracts the CONFIG files in a separate directory and spawns a sensor module specifying the client’s socket port, address, and key; 4. The client receives the contact reports (pop them from the socket) and can process them at will; 5. The client asks the stimulation web-server to close the stimulation simulation; 6. The stimulation web-server closes all processes and removes the CONFIG files associated with the completed simulation. Figure 8 presents the functionality of a tracking web service. The block diagram of the tracking module can be found in the right side of the Fig. 6. Copy of stimulation config Stimulation Web-server Stimulation module CASE-ATTI

Contact Buffers via socket client Stimulation Config

Store received buffers in “sensor output” file

Fig. 7 Stimulation web service

A W eb-Service Approach for Multisensor Data Fusion and GIS

Tracking Web-server

Service Request

Copy of Tracking Config socket Address & key Tracking Config

Store contact buffers from “stimulation output” file

Copy of Connection Config

Tracking Module CASE-ATTI

Connection Config

219

Contact Buffe

rs Copy of stored contact buffers from “stimulation output” file

All Buffers via socket Client Store received buffers in “tracking output” file

Fig. 8 Tracking web service

The tracking web service is based on the following steps: 1. The client connects to the tracking web-server and obtains a client ID number 2. The client provides to the tracking web-server the tracking and connection CONFIG files, the input socket port, address, and key for the report reception 3. The tracking web service extracts the CONFIG files in a separate directory and spawns the tracking module specifying the client’s socket port, address, and key 4. The tracking web service asks for the contact buffers which are provided by the client using the “stimulation output” file 5. The client receives all the buffers (pop them from the socket) and can process them at will 6. The client asks the tracking web-server to close the tracking simulation 7. The tracking web-server closes all processes and removes the CONFIG files associated to the completed simulation. The performance evaluation (PE) module from CASE ATTI is divided in several parts: a 2D–3D viewer, a performance analysis database (PADB), and a measure of performances (MOP) module. Figure 9 shows a first attempt of the PEModule’ migration into a web service.

220

M.C. Florea et al.

Perfomance Evalution Web-server

Copy of the “tracking output” file

Load pdb from buffer PE Config ORACLE PADB

Client Stored all buffers from “tracking output” file

Applet client launch PE Analysis

Fig. 9 Performance evaluation web service

In the next step, using a top to bottom incremental decomposition, each WS created in the previous step could be broken up, if possible and necessary, into several web services, which may lead to a very fine granularity of services. For example, the L1DF web service could be broken up into more granular web services such as: tracking, data association, kinematic fusion, and identity information fusion. The PE web service could be broken up into more granular web services such as: radial missed distance, accuracy of the filter calculated covariance, state estimator error, etc. Different measures of uncertainty for evidence theory, probability theory, or fuzzy sets theory should also be considered in the decomposition of a MSDF system into web services, even if they were not originally part of the CASE ATTI test bed.

6 Validation of the Services In this section, we only concentrate on the validation process of the main web services derived from the CASE ATTI test bed (see Fig. 2) which are the stimulation, L1DF, and performance evaluation web services. This validation step supposes to disconnect from the CASE ATTI test bed one module at a time and use the associated web service instead. We then perform tests using the hybrid CASE ATTI test bed and the real CASE ATTI test bed and the results should match together.

A W eb-Service Approach for Multisensor Data Fusion and GIS

221

TRACKING SERVICE

Copy of Tracking Config Store received buffers in “tracking output” file

Tracking Web-server

Copy of Connection Config

Tracking Module CASE-ATTI

socket Address & key

Tracking Config

All Buffers via socket

Connection Config

Contact Buffers via socket

Stimulation Module CASE-ATTI

Client Stimulation Web-server

Stimulation Config STIMULATION SERVICE

Copy of Stimulation Config

Fig. 10 Stimulation and tracking web services working together

Figure 10 shows how the independent stimulation and tracking web services can be used together to perform the same task as the corresponding modules from the CASE ATTI test bed.

7 Conclusions In this paper, we provide a web services approach in the design of a Multisensor Data Fusion (MSDF) system in order to integrate it into a Geographic Information System (GIS). We use the CASE ATTI test bed – developed at DRDC Valcartier as a starting point of our migration toward a MSDF web services architecture. The design of the stimulation, the tracking, and the performance evaluation web services was proposed here. A more granular decomposition into web services is still under study. A validation mechanism was also proposed.

Acknowledgment This work was partially supported by DRDC Valcartier Canada under the contract number W7701–6–3797. The content of this paper is exclusively the responsibility of the authors.

222

M.C. Florea et al.

References 1. Valin P (2008) Distributed information fusion and dynamic resource management: State-of-the-art status in 2007, DRDC Valcartier, Technical Memorandum DRDC Valcartier TM 2008–090 2. Hall DL and Llinas J (1997) An introduction to multisensor data fusion. In: Proceedings of the IEEE, vol 85, no 1, pp 6–23 3. Bowman CL and Steinberg AN (2001) A systems engineering approach for implementing data fusion systems. In: Handbook of Multisensor Data Fusion. CRC Press LLC, pp 16.1–16.39 4. Waltz E and Hall DL (2001) Requirements derivation for data fusion systems. In: Handbook of Multisensor Data Fusion. CRC Press LLC, pp 15.1–15.9 5. Roy J, Bosse E, and Dion D (1995) CASE ATTI: an algorithm-level testbed for multisensor data fusion, Defence Research Establishment, Valcartier, Canada, Tech Rep DREV–9411 6. White FE (1987) Data fusion lexicon, in Technical Panel for C3, Data Fusion SubPanel, Naval Ocean Systems 7. Steinberg A, Bowman CL, and White FE (1999) Revisions to the JDL data fusion model. In: Proceedings of the SPIE. Sensor Fusion: Architectures, Algorithms, and Applications III, vol 3719, pp 430 – 441 8. D’astner K, Kausch T, and Opitz F (2007) An object oriented development suite for data fusion: design, generation, simulation and testing. In: Proceedings of the 10th International Conference on Information Fusion, ISIF, Canada 9. Hall DL, Linn RJ, and Llinas J (1991) Survey of data fusion systems. In: Proceedings SPIE Conference Data Structure and Target Classification, pp 13–36 10. Hall DL and Linn RJ (1993) Survey of commercial software for multisensor fusion. In: Proceedings SPIE Conference Sensor Fusion: Aerospace Applications 11. Nichols ML (2001) Handbook of multisensor data fusion. CRC Press, ch A Survey of Multisensor Data Fusion Systems, pp 22.1–22.8 12. Carthel C, Coraluppi S, and Grignan P (2007) Multisensor tracking and fusion for maritime surveillance. In: Quebec (ed) Proceedings of the 10th International Conference on Information Fusion, ISIF, Canada 13. Guitouni A, Valin P, Boss´e E, and When H (2007) Canadian coast watch test bed for large volume surveillance through distributed fusion and resource management. In: Proceedings of the First Northern Watch Conference and Exposition on Arctic C4ISR, Dalhousie University, Halifax, Canada 14. http://en.wikipedia.org/wiki/Service–oriented architecture 15. Department of Department of National Defence and Canadian Forces Architecture Framework (DNDAF) (2007) Department of National Defence, Canada, Tech. Rep 16. DoD Architecture Framework: Version 1.5 (2007) United States of America, Department of Defense, Tech. Rep

A W eb-Service Approach for Multisensor Data Fusion and GIS

223

17. Network Centric Operations Conceptual Framework (2003), Evidence Based Research, Inc 18. Llinas J (2007) New challenges for defining information fusion requirements. In: Proceedings of the Third International Workshop on Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. Berlin Heidelberg, Springer, pp 1–17 19. Paradis S and Roy J (2000) An architecture and a facility for the integration of all levels of data fusion. In: Proceedings of the Third International Conference on Information Fusion, ISIF, vol 1, Paris, France, pp MOD5/11 –MOD5/17 20. Zachman JA (1987) A framework for information systems architecture. IBM Syst J 26(3):276–292 21. Sowa JF and Zachman JA (1992) Extending and formalizing the framework for information systems architecture. IBM Syst J 31(3):590–616 22. C4ISR Architecture Framework (1997) United States of America, Department of Defense, Tech. Rep [Online]. Available: www.afcea.org/education/courses/ archfwk2.pdf 23. Ort E (2005) Service-Oriented Architecture and Web Services: Concepts, Technologies, and Tools. http://java.sun.com/developer/technicalArticles/ WebServices/soa2 24. Roy J, Dessureault D, and Duclos–Hindie N (1999) Object-Oriented Analysis and Design of a Generic Multi–Source Data Fusion System. DREV, Tech. Rep. TR, p 195

Theoretical Investigation of Terrorism. Ontology Development

Phillip Galjano and Vasily Popovich St. Petersburg Institute for Informatics and Automation of the RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. This paper considers the problem of combating the terroristic threat from a theoretical standpoint. For the sake of developing the theoretical concepts, the basic notions have been singled out, and the subject domain was formalized. The structure of the system serving for estimating the terroristic threat level is examined. The development of ontology, describing the subject domain, was emphasized. Analysis of the processes of ontology creation for such, system and description of the developed ontology are discussed. Keywords: Ontology; Terrorism; Geographic information system; Monitoring system; Security

1 Introduction The end of the twentieth and the beginning of the twenty-first centuries are characterized by a considerable growth in terrorist acts. According to the RAND [16] and MIPT [17] data, the number of international terrorism victims is grows steadily 4,737 victims in the 1970s, 9,774 in the 1980s, 21,108 in the 1990s, and 11,421 from 2000 to 2006 [7]. One response to this is a development of monitoring systems to operatively prevent acts of terrorism and/or minimize the consequences of their perpetration. To develop such systems it is necessary to solve a set of interrelated tasks, namely, to develop a theory, principles, and methods for: construction and operation of the monitoring systems functioning at various levels and scales V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_15, © Springer-Verlag Berlin Heidelberg 2009

227

228

P. Galjano, V. Popovich

as the elements of global, national, and international systems monitoring the emplacement of explosives as well as other hazardous materials: and to prevent their use that can lead to mass extermination of humans and/or cause a significant detriment to the ecology and systems of megalopolis maintenance. The theoretical basis and a demo version of such monitoring systems are developed, in particular, in the project: “Systems Monitoring the Improvised Explosive Devices: theory, principles, methods” funded by the US ONR award N 00014–07–1–0798. The project was focused on humans or their organizations that can be the potential executors and/or the organizers of assembly, transportation, emplacement, and application of improvised explosive devices (IED). The main consideration in the proposed research was given to investigating a profile or classification features, to allow the identification the individuals and organizations linked to IED, and to develop both local and distributed monitoring systems operating in real time and aimed at realizing such an identification. Within the IED project the following results are received: • Formal description of the subject area, analysis of the available problemrelated printed matter: information sources of the governmental, public, and private sectors; study of the past terrorists’ actions, forming “profiles” of potential criminals and their activities’ “tracks.” • Determining a potential of the currently existing and developing information sources (cellular communications, internet, various forms of registration, booking, using credit cards, etc.). • Development of mathematic methods to identify terrorist situations, classification of potentially vulnerable locations, “profiles” and “tracks” identification, based on immunocomputing and aggregative indices methods. • Development of the principles and architectures for humans’ monitoring systems, related or possibly related (to a certain probability degree) to IED. • Theoretic substantiation of the system processing information arriving from heterogeneous sources based on the principles of information fusion. One of the challenges taken up when building such systems is the existence of heterogeneous data sources, a large amount of various data types, and the distributed information sources. In particular, such data can be: • • • •

Not formalized data (text, numbers, etc.) Formalized data (XML, etc.) Measurements (text or numbers) Databases, cartographic data, etc.

Theoretical Investigation of Terrorism. Ontology Development

229

Thus, while building such a system it is necessary to solve the data harmonization, integration, and fusion problems. Harmonization in the general case could be interpreted as data standardization. Data integration (consolidation) is meant as the access to data sources aimed at solving and modeling the current/emerging tasks. The integration inevitably results in the increase of data volume. The integration of information assumes the real-time processing of the huge data volumes and is directed to solving tasks within a relatively narrow range. Information fusion is a process of data combining to obtain knowledge. At present the problem lies rather in change of data quality than in high quality data. The change of data quality requires a serious analytic development of data domain [3]. One approach to addressing these challenges is to build ontology of the subject domain. Further, the development of ontology will be examined in detail.

2 Description of Subject Domain There exist many definitions of “terrorism”. Most government definitions outline the following key criteria [9]: target, objective, motive and perpetrator. The terrorism is also often recognizable by a subsequent statement from the perpetrators. • Violence. • Psychological impact and fear – the attack is carried out in a way that maximizes the severity and length of the psychological impact. Terrorists also attack national symbols to show their power and to shake the foundation of the country or society they are opposed to. • Perpetrated for a political goal. • Deliberate targeting of noncombatants. • Disguise – terrorists almost invariably pretend to be noncombatants, hide among noncombatants, fight from in the midst of noncombatants, and when they can, strive to mislead and provoke the government soldiers into attacking the wrong people, that the government may be blamed for it. Four main types of the terrorism may be singled out [9]: • Nationalist–Separatist, such as Irish Republican Army and Palestine Liberation Organization or Basque Fatherland and Liberty (ETA); • Religious Fundamentalist, for example Al-Quaeda and the Palestinian Hamas, the Lebanese Hizballah;

230

P. Galjano, V. Popovich

• Social Revolutionary – anarchist, fascist, and other, like Italian Brigate Rosse; • New Religious Formations. Regarding the politics the terrorism can be classified as: • Political Terrorism – violent criminal behavior designed primarily to generate fear in the community, or its substantial segment, for political purposes. • Limited Political Terrorism – refers to the acts of terrorism committed for ideological or political motives and not being a part of a concerted campaign to capture control of the State. • Nonpolitical Terrorism – terrorism that is not aimed at political purposes and exhibits conscious design to create and maintain a high degree of fear for coercive purposes, and ends up as an individual or collective gain rather than the achievement of a political objective. Other types of terrorism are: • Civil Disorders – a form of collective violence interfering with the peace, security, and normal functioning of the community. • Quasi-Terrorism – the activities incidental to the commission of crimes of violence that are similar in form and method to genuine terrorism. It is not the main purpose of the quasi-terrorists to induce terror in the immediate victim, but the quasi-terrorist uses the modalities and techniques of the genuine terrorist and produces similar consequences and reaction. • Official or State Terrorism – “referring to nations whose rule is based upon fear and oppression that reach similar to terrorism or such proportions.” Terrorist acts are varied by the weapon type used. It is possible to define the following not exhaustive classification: • Agro-terrorism (the malicious use of plant or animal pathogens to cause devastating disease in the agricultural sector) • Bioterrorism (bacteria, viruses, or toxins) • Car bomb • Environmental terrorism (the unlawful destruction of resources in order to deprive others of their use) • Aircraft hijacking • Nuclear terrorism • Proxy bomb (also known as a human bomb) • Suicide attack.

Theoretical Investigation of Terrorism. Ontology Development

231

Responses to terrorism vary over a wide range, including realignments of the political spectrum and reassessments of the fundamental values. The term counter-terrorism has a narrower connotation, implying that it is directed to terrorist actors. Specific types of responses include, though are not limited to: • Targeted laws, criminal procedures, deportations, and enhanced police powers • Target hardening, such as locking doors or adding traffic barriers • Pre-emptive or reactive military action • Increased intelligence and surveillance activities • Pre-emptive humanitarian activities • More permissive interrogation and detention policies • Official acceptance of torture as a valid tool. Up-to-date juridical antiterrorist measures include: • International conventions open to ratification by all states (as of Feb 2006, 12 are in force) • Regional multilateral terrorist conventions, such as Council of Europe Convention on the Prevention of Terrorism (2006), the Inter-American Convention Against Terrorism (2002); and the Organization of African Union Convention on the Prevention and Combating of Terrorism (1999) and Protocol (2004) • Bilateral extradition treaties – the 1961 Vienna Convention on Diplomatic Relations, and the 1963 Vienna Convention on Consular Relations • European Conventions, such as Council Framework Decision on Terrorism (2002), Treaty on Cooperation among the States Members of the Commonwealth of Independent States in Combating Terrorism (Minsk, June 1999) and others. The subject domain structure is reflected in the knowledge base being a part of the monitoring system.

3 Basic Concepts One of the key components of a system is the knowledge base (KB), see Fig. 1. The knowledge base consists of two components. • Ontology, used to describe the domain • Set of objects, described by the ontology.

232

P. Galjano, V. Popovich

Fig. 1 Monitoring system’s structure

The ontology is subjected to the following requirements [4]; it is supposed: • To analyze the domain knowledge • To extend the common understanding of the information structure over people or software agents • To make the domain assumptions explicit • To enable reuse of the domain knowledge • To separate the domain knowledge from the operational knowledge. Furthermore: • Ontology has to represent objects and relations of the subject area, taking into account their evolution over time • The ontology structure should allow for its effective implementation in the working system. Whereby the ontology may be defined as a formal explicit description of concepts in a domain of discourse (classes), properties of each class describing various features and attributes of the concept (slots), and restrictions on slots – facets [4]. Ontology should not be confused with a dictionary, thesaurus, etc.: • A controlled vocabulary is a list of terms that have been enumerated explicitly • A taxonomy is a collection of the controlled vocabulary terms organized into a hierarchical structure • A thesaurus is a networked collection of the controlled vocabulary terms.

Theoretical Investigation of Terrorism. Ontology Development

233

Taxonomies, thesauri, ontologies, and controlled vocabularies have different though overlapping uses [11]. Ontologies are used to solve a variety of tasks, including: • CYC [18] – project of Microelectronics and Computer Technology Corporation, USA. • The role of ontologies in internet development (the concept of semantic web [13]) is considerable. The semantic web provides for a common framework that allows data to be shared and reused across application, enterprise, and community boundaries. It is a collaborative effort led by W3C with participation from a large number of researchers and industrial partners. It should be borne in mind that [4]: • “There is no one correct way to model a domain – there are always viable alternatives. The best solution almost always depends on the application that you have in mind and the extensions that you anticipate”. • The development of ontology is necessarily an iterative process. Each ontology is described by a special language, like KIF, RDF, OWL, etc. “Knowledge Interchange Format (KIF) is a language designed to be used in the interchange of knowledge among disparate computer systems (created by different programmers, at different times, in different languages, and so forth). KIF is not intended as a primary language for an interaction with human users. KIF is also not intended as an internal representation for the knowledge within computer systems or within closely related sets of computer systems” [12]. Language resource definition framework (RDF) was developed by W3C (the World Wide Web Consortium) [14]. RDF provides for the convenient means for data structure formalizing. RDF might be excessively universal, however, but not sufficiently expressive to be used at solving the task of building a monitoring system. W3C also created an ontology language Web Ontology Language (OWL), that superseded Ontology Interchange Language (OIL) and DARPA Agent Markup Language (DAML) + OIL. Ontology in the language OWL can include a description of classes, their properties, and objects. OWL is designed to process information, rather than to present it to people in a specified form; usage of OWL can solve the task of data harmonization. Currently, OWL is recommended by W3C to be used. The head of W3C, Tim Berners-Lee, indicates: “OWL provides the standard for the exchange of ontologies” [15].

234

P. Galjano, V. Popovich

4 Ontology Development Basics The main components of the ontology are: • Classes. A class is a set of objects with a common structure and behavior [8] • Slots. Describe properties of the classes and objects • Facets. Specifies the restrictions imposed on the slots. Components of the ontology are in definite relations with each other. In the general case, the relationships used to build the ontology are divided into the following groups [4]: • Classes’ relations: establishes a link between the object and a class or between classes.1 The main tool for building ontologies. • Structural relations: “is part of ”, “similar to”. • Spatial relations: “inside”, “close”, etc. • Relationships: specific for the subject domain. The above does not mean that all kinds of relationships must exist in any ontology. Thus, building a KB generally includes the following steps [4]: • Ontology development – Determine the domain and scope of the ontology – Consider reuse of the existing ontologies – Enumerate important terms in the ontology – Define the classes and the classes’ hierarchy – Define the properties of classes’ slots – Define the facets of the slots • Create objects.

5 Ontology Development In this case, two assumptions were made when constructing the ontology: • The terrorism is understood solely as international terrorism • The source of danger is a terrorist group. Individual terrorists constitute a danger and are of concern to the extent of their association with the group. To create the ontology, Protégé, the free open source ontology editor and knowledge-base framework, was used. 1

In this case we consider only binary relations.

Theoretical Investigation of Terrorism. Ontology Development

235

5.1 Definitions of Basic Concepts • Monitoring Object: a physical object, whose degree of terroristic threat is evaluated by the system. • Monitoring Subject: the individual, who is inspected for its implication in terrorist activities. • Environment: a set of external, in regard to the terroristic threat monitoring system, factors influencing the decision of the terrorist situation’s class and the level of terroristic threat against the monitoring object. • Terrorist Situation (TS): the situation of the monitoring object (in the region) characterized by a high probability of committing a terrorist act. • Individual Profile (IP): a set of biographies’ parameters documenting the important facts of the individual life stories. • Individual Terrorist Profile (TR): a set of parameters of biography, recording the life of the individual and describing his implication in terrorist activities. • Individual Terrorist Track (ITT): the combination of parameters that characterize the behavior of an individual and link these events to time and place that affect the decisions about individual implication in terrorist activities. 5.2 Defining the Hierarchy of Classes Ontology is composed of the following classes: • Monitoring Object • Monitoring Subject – Terrorist Profile – Terrorist Track • Monitoring System • Information Source • Environment • Terrorist Situation. 5.3 Properties of Classes The major classes of ontology and their properties are described in the Table 1.

236

P. Galjano, V. Popovich

Table 1. Classes of ontology and their properties Class

Subclass

Slot Name

Monitoring Object

Scale Shape

Monitoring Subject

– Terrorist profile

Terrorist track

Monitoring system

Range of slot values

–

The degree of object’s security outside the monitoring device A summary measure of implicating in the terrorist activities – Age – Place of birth – Nationality – Religion – Party affiliation – Participation in social organizations – Previous convictions – Being in federal and international lists of wanted terrorists, and so on – Sign of a terrorist orientation of, cellular communication’s usage – Sign of a terrorist orientation of Internet usage –Sign of a terrorist orientation of credit cart’s usage, and so on Name Structure

– Global – Local – Dot – Square – Linear [0 ;1] [0;1] Depending on the slot

Depending on the slot

– Subsystem of information sources – Subsystem of identification of terrorist situation – Geographical information subsystem (Continued)

Theoretical Investigation of Terrorism. Ontology Development

Class

Subclass

Slot

237

Range of slot

values Information source

–

Environment

–

Terrorist situation

–

Name The location against monitoring object The nature of the information provided. The degree of reliability of the information provided.

– Internal – External – Primary – Secondary – Reliable – Doubtful – Unreliable Political environment – Tense – Normal Economic enviroment – Tense – Normal Military environment – The presence of military conflict – Absence of military conflicts Terroristic environment – Tense – Normal Class 1,2,3,4 Gradation of the degree of – Weak terrorist threat (1, 2, 3 or 4). – Medium – High – Very high Standard value level of terrorist threat. 0.3 – Weak 0.5 – Medium 0.8 – High 0.95 – Very high The index of the terrorist [0;1] threat.

5.4 Creation of Objects The process of objects’ creation in the database is performed as follows:

Fig. 2 Data flow during objects creation

238

P. Galjano, V. Popovich

6 Conclusion The designed ontology allows for describing the subject domain, that is sufficient for the use in the terrorist situations’ monitoring system. However, the integration of the ontologies (in particular, the developed ontology) aimed at solving special problems with already existing ontologies that are used in the law-enforcement field (though not solely) remains a challenge. The resolution of this issue is closely related to the problem of creating a top-level ontology, and the possibility of its development is not yet confirmed.

Acknowledgement This research was supported by the USA Office of Naval Reasearch, award N00014–07–1–0798.

References 1. Popovich V, Korolenko K, Prokaev A, Hovanov N, Gorev Y, Galiano P, Ivakin Y, and Smirnova A (2008) Intelligent decision-making support system with respect to anti-terrorist activity in harbor and coastal waters. In: Proceedings of WSS2008, Bjorno L (ed), Copenhagen 2. Popovich V, Prokaev A, Schrenk M, Galiano P, Voronin M, and Smirnova A (2008) Monitoring of terrorist’s treats: A theoretical approach. In: Proceedings of CORP2008, Schrenk M (ed), Vienna 3. Popovich V and Voronin M (2005) Data harmonization, integration and fusion: Three sources and three major components of Geoinformation Technologies. In: Proceedings of IF&GIS, St. Petersburg 4. Noy NF and McGuinness DL (2001) Ontology development 101: A guide to creating your first ontology. Stanford Knowledge Systems Laboratory Technical Report KSL–01–05 and Stanford Medical Informatics Technical Report SMI–2001–0880, http://protege.stanford.edu/publications/ontology_development/ ontology101.html 5. Matheus CJ, Kokar MM, and Baclawski K (2003) A core ontology for situation awareness. In: Proceedings of Sixth International Conference on Information Fusion, pp 545–552, Cairns, Australia 6. Rosseeva OI and Zagorulko UA Organization of effective search based on ontologies (in Russian). Russian Scientific Research Institute of Artificial Intelligence, Institute of Informatics Systems of SB RAS. http://www.dialog– 21.ru/Archive/2001/volume2/2_49.htm 7. Jakobson G, Buford J, and Lewis L (2007) Situation management: Basic concepts and approaches. In: Proceedings of the Third International Workshop:

Theoretical Investigation of Terrorism. Ontology Development

8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18.

239

Information Fusion and Geographic Information Systems, St. Petersburg, Russia Booch G (1994) Object-oriented Analysis and Design with Applications. Benjamin/Cummings Pub. Co Wikipedia, the three encyclopedia. http://en.wikipedia.org/wiki/Terrorism Statistics on Terrorism. http://www.johnstonsarchive.net/terrorism/intlterror. html What are the differences between a vocabulary, a taxonomy, a thesaurus, an ontology, and a meta–model? Woody Pidcock. http://www.metamodel.com/ article.php?story=20030115211223271 Knowledge Interchange Format. Draft proposed American National Standard (dpANS). NCITS.T2/98–004. http://logic.stanford.edu/kif/dpans.html W3C Semantic Web Activity. http://www.w3.org/2001/sw/ Resource Description Framework, http://www.w3.org/RDF/ Online Computer Library Center (2003). Stuart Weibel Interviews Tim Berners– Lee, http://www.oclc.org/research/announcements/features/tbliview.htm Research and Development Corporation, http://www.rand.org/ The Memorial Institute for the Prevention of Terrorism, http://www.mipt.org/ Cycorp, Inc. http://www.cyc.com

Terrorists: Statistical Profile

Vasiliy Osipov and Yan Ivakin St. Petersburg Institute for Informatics and Automation of RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. This paper considers the problem of opposing the terroristic threat. It covers one of the aspects, which it was investigated within a complex project that examined the development of the terroristic threat monitoring system based on geoinformation technologies. A biographical data analysis has been made for 93 known terrorists. The analysis has resulted in time distribution reflecting the beginning and the end of their implication in terrorist activities. The probabilities were estimated for different levels of education, social background, marital status, existence of personal tragedies, and unbalanced temper, and pursuing different targets and objectives. Based upon the analyzed properties, the statistical profile of the terrorists has been compiled. Examples and recommendations on the above profile application were developed. Keywords: Terrorism; Biography; Analysis; Indices; Statistical picture; Distribution law; Guidelines; Risk assessment

1 Introduction The recognition of individuals implicated in or inclined to terrorist activities represents one of the urgent tasks in opposing the contemporary terrorism. The efficiency of counter-terrorism strongly depends on this task having a satisfactory solution. The above task’s specifics is that the terrorists in their everyday life are indistinguishable from regular people. At the same time, they possess certain hidden inherent properties which when subjected to an V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_16, © Springer-Verlag Berlin Heidelberg 2009

241

242

V. Osipov, Y. Ivakin

analysis lead to determination of the criteria for certain individuals falling in the risk group. A number of international [1–9] and domestic [10–13] publications discuss the discovery of these properties mostly based on qualitative evaluation. There also exist evaluations of certain quantitative characteristics, reflecting, first and foremost, the terrorists’ activities. The above evaluations take into account the available statistics on the objects, number, and types of the terrorist acts perpetrated by some individuals within a certain time period, crimes scenes, weapons applied, and victims [1–5]. Some publications [1, 2, 11, 12] also analyze individual characteristics of terrorists. However, there so far exists no exact statistical profile of terrorists that would permit their successful recognition. This paper brings up the results of statistical analysis of the biographies of the known terrorists and proposes one of the possible statistical profiles for those individuals.

2 Characteristics of Initial Materials and Research Principles The reference data [12] were used as the facts reflecting biographical data of the terrorists; therefore, 93 biographies of the kind were subjected to the analysis, including biographies of terrorists from Great Britain, Germany, Greece, Egypt, India, Israel, Yemen, Lebanon, Palestine, Poland, Russia, Saudi Arabia, Syria, the USA, and France. A time period of 120 years was covered. The terrorists’ data were analyzed, such as age, education, social background, marital status, existence of personal tragedies, temper, and goals they pursued. The times reflecting the beginning and the end of their implication in terrorist activities were considered the age parameters. The educational levels were divided into elementary or incomplete secondary, secondary or incomplete higher, and higher education. By their social background, peasants, workers, intellectuals, and business people (industrialists) were singled out. The existence of personal tragedies included these problems: with the law in the family where the terrorist was raised; of being deprived of parents’ care; of losing loved ones; of expulsion from a university, etc. The personal character features, such as well balanced or hot tempered, were separated. Through the biographies’ analysis and based on the above listed features histograms were built that were further processed to obtain the quantitative characteristics of terrorists’ profiles using known methods of mathematical statistics.

Terrorists: Statistical Profile

243

3 Statistical Analysis: Results The following time distributions reflecting the beginning and the end of the terrorists’ implication in the related activities were found (Figs. 1 and 2). 0.16 0.14 0.12 0.1 0.08 0.06 0.04 0.02 0 12

16

20

24

28

32

36

40

44

48

52

56

yrs

Fig. 1 Distribution of the beginning and the end of the terrorists’ activities 0.08 0.07 0.06 0.05 0.04 0.03 0.02 0.01 0 18

23

28

33

38

43

48

53

58

63

68

73

yrs

Fig. 2 Time distribution of the end of the terrorists’ activity

In accordance with the first histogram (Fig. 1), the mathematical expectation of time (age) when the active terrorists’ activity commenced was determined as mx1 = 25.84 ± 1.7 years for the evaluated individuals. The

244

V. Osipov, Y. Ivakin

mean-root-square deviation σ x l of this time from its mathematical expectation is equal to 7.24 years. In accordance with the second histogram (Fig. 2), the mathematical expectation m x2 of time distribution for the end of the terrorist activity equals 35.23 ± 2.84 years, and the respective mean-root-square deviation is σ x 2 = 12.18. The confidence level of the evaluated mathematical expectations falling into the above limits is 0.95, both in the first and second cases. The analysis of Figs. 1 and 2 shows that the mean duration of the terrorists’ activity is about 10 years. Thus, the received distributions can be lognormally approximated with density: ⎛ (ln x − m) 2 ⎞ 1 exp ⎜− ⎟, 2 ⋅ σ2 ⎠ 2π ⋅x ⋅σ ⎝

f (x) =

(1)

where m is the mathematical expectation of the variable ln x ; σ is its meanroot-square deviation. For the first case, those parameters are as follows: m1 = 3.2185 , σ 1 = 0.2538 ; for the second case, m2 = 3.5108 , σ 2 = 0.3130 . Their values are rated by the values of m x1 , m x 2 , σ x1 , σ x 2 with the use of known formulas: m x1( 2 ) = exp(m1( 2 ) + σ 1( 2 ) ) ,

σ x21( 2 ) = exp(2m1( 2 ) + σ 12( 2 ) ) ⋅ (exp(σ 12( 2 ) ) − 1) . The density diagrams (1) for the considered cases are given in Fig. 3. Comparing the distributions in Figs. 1 and 2 and the curves 1, 2 in Fig. 3, the conclusion can be reached that function (1) formalizes the distributions with sufficient accuracy. Using this approximation and based on the age of individuals, it is possible to determine the conditional probabilities of the above individuals falling into the groups of people who began and ended the terrorist activity as well as the probability of their belonging to the risk group. The latter probability can be calculated by the following formula: ⎛ (ln x − m1)⎞ ⎛ (ln x − m2 )⎞ , ⎟ − Ф0 ⎜ σ σ 2 ⎟⎠ 1 ⎝ ⎠ ⎝

P( x) = Ф0 ⎜

(2)

where Ф0 (U ) is the Laplace function, U

t2

− Ф0 (U ) = 1 ⋅ ∫ e 2 dt . 2π 0

(3)

Terrorists: Statistical Profile

245

0.07 0.06 1

0.05 0.04 0.03

2 0.02 0.01 0

0

10

20

30

40

50

60

70

yeares

Fig. 3 Distribution densities for the aleatory variables obeying the lognormal law with the parameters: 1 – m1 = 3.2185 , σ 1 = 0.2538 ; 2 – m 2 = 3.5108,

σ 2 = 0.3130

Besides the distributions depicted in Figs. 1 and 2 and resulting from the research done, the relative distributions of terrorists over the highlighted levels of education, social background (Figs. 4 and 5) and by the pursued goals (Fig. 6) were also determined.

Fig. 4 Relative terrorist distribution by education levels

V. Osipov, Y. Ivakin

246

Figure 4 relative distribution of terrorists by educational levels: – – – –

Elementary or incomplete secondary Secondary Incomplete higher Higher.

According to the above distributions, the relative frequencies of whether a terrorist has elementary or incomplete secondary, secondary, incomplete, and complete higher education are, respectively, 0.229, 0.243, 0.257, and 0.271. The estimates of probability that by social background the terrorist belongs to peasants, workers, intelligentsia, or businessmen (industrialists) have the following respective values: 0.208, 0.208, 0.406, and 0.178. Terrorists most likely pursue political goals (0.779), while religious and criminal ones comprise 0.101 and 0.095, respectively, and other goals – 0.025. Twenty-five percent of terrorists experience personal tragedies, and only 27.2% are married, while 25.9% have unbalanced temper. As a rule, terrorists are rather well educated, with a high percentage of them incomplete higher education. Note that by having social background, 40.6% of terrorists are descendents of intelligentsia. Many of them experience personal tragedies, and are not married. 0.45 0.4 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0 Farmworker

Worker

Intelligentsia

Business men (industrialists)

Fig. 5 Relative distribution of terrorists by social background

Terrorists: Statistical Profile

247

Fig. 6 Relative distribution of terrorists by pursued goals

4 Profile Taking into account the above analyzed properties and the received estimates, the terrorist’s statistical profile can be composed in the form shown in Table 1. The confidence level for the values given in Table 1 equals 0.95, as before. In accordance with the table, the final index defining whether an individual belongs to the terrorists irrespective of citizenship, nationality, current religious wars, or political, territorial, economic and some other conflicts, M

is proposed to be calculated as

ni

∑∑ i =1 j =1

Qij ⋅ Pij , provided that

ni

∑Q

ij

j =1

≤ 1,

i = 1,2,.., M . Here, Qij is the Boolean function taking values: 1, if an individual possess an i property of type j, and 0, otherwise; Pij , the probability of this property belonging to terrorists as taken from the table; М is the number of properties given in the table (equals seven).

248

V. Osipov, Y. Ivakin Table 1. Estimable parameters

№

Indices

Expression evaluation

1.

Probability of an individual’s falling into the risk group by his/her age, х

or

quantitative

⎛ (ln x − m1 ) ⎞ ⎟⎟ − P( x) = Ф0 ⎜⎜ σ1 ⎝ ⎠ ⎛ (ln x − m 2 ) ⎞ ⎟⎟ − Ф0 ⎜⎜ σ2 ⎝ ⎠

2.

3.

4. 5. 6. 7.

Probability of education received: – Elementary or incomplete secondary education – Secondary – Incomplete higher – Higher Social background probability: – Peasants – Workers – Intelligentsia – Businessmen (industrialists) Probability of being single Personal tragedy probability Unbalanced temper probability Probability of pursuing goals: Political Religious Criminal Other

0.229 ± 0.0979 0.243 ± 0.100 0.257 ± 0.1018 0.271 ± 0.1036 0.208 ± 0.0946 0.208 ± 0.0946 0.406 ± 0.1145 0.178 ± 0.0892 0.728 ± 0.1149 0.250 ± 0.1118 0.259 ± 0.1132 0.779 ± 0.0967 0.101 ± 0.0702 0.095 ± 0.0683 0.025

If the a priori probability Pa of the terrorists’ presence in the analyzed stream of people is taken into account, the main condition attributing them to the risk group can be written as: M

ni

Pa ⋅ ∑∑ Qij ⋅ Pij ≥ Wz i =1 j =1

(4)

where Wz is the given threshold value of mathematical expectation for the terrorist features manifestation that accounts for the a priori probability of their presence. For individuals falling into the risk group subject to citizenship, nationality, current religious or political and some other domestic and international conflicts results in the following approach. According to this approach for

Terrorists: Statistical Profile

249

each state, or confession s resulting from the sociological research done, the probability of nodes Ps for individuals is determined. Notice that values of Ps vary with the course of time and require periodical updating subject to political, economic, and some other parameters taking a dangerous turn in domestic and international situations. Under assessment, this probabilities left-hand member (4) must be multiplied by values Ps . As a result we obtained a fuller term for reference of the various states and confessions of individuals belonging to the group of terrorist risk. Consider an example. One individual from the state with Ps = 0.1, 30 years old, an intelligentsia descendent, having a higher education, single, experiencing a personal tragedy, unbalanced, actively interested in politics, at a priori probability Pa = 0.7 has total index values equal to 0.241. Another individual from the state with Ps = 0.07, age 45, with a secondary education, descended from workers, married, experiencing no personal tragedy, well balanced, a believer, has an index value equal to 0.0343. It follows from a comparison of two above values that the first individual is essentially closer to the terrorist risk group than the second one. Provided that Wz = 0.1, an individual will fall into the risk group. Other methods of pattern recognition can also be applicable [14–17] to making a judgement on individual belonging to the risk group based upon the terrorist statistical profile.

5 Conclusions The received statistical terrorist profile allows one to analyze/evaluate certain individuals from different states or confessions for their belonging to terrorist risk groups. The basis of this profile is made from seven common indices and the individual’s conflict index depending on their countries and religion. It establishes that the time of the beginning and the end of the terrorist’s activity comply with lognormal law. By means of the created profile certain individuals implicated in or inclined to terrorism can be recognized as well as entire groups. The received results can be used to increase the efficiency of providing antiterrorist security measures in airports, at railway stations, at document check points, and in other geo-information systems.

250

V. Osipov, Y. Ivakin

References 1. The Global Terrorism Database (2007). National Consortium for the Study of Terrorism and Responses to Terrorism START: A Center of Excellence of the U.S. Department of Homeland Security University of Maryland, College Park. http://www.start.umd.edu 2. Report on Terrorism (2008) USA. National Counterterrorism Center 3. Terrorism Review (2006) Israel Ministry of Foreign Affairs 4. Susan B and Glasser (2005) Global Terrorism Statistics Released. Clearinghouse Data Show Sharp Rise. Washington Post Staff Writer 5. Terrorism Statistics (2008). http://www.nationmaster.com. 6. Hetherington Cheryl L (2005) Modeling transnational terrorists’ center of gravity: an elements of influence approach. Thesis. USAF: Air Force Institute of Technology. Graduate School of Engineering and Management 7. Kendall Shanece L (2008) A unified general framework of insurgency using a living systems approach. Thesis. Naval Postgraduate school. Monterey, California 8. Popovich V, Hovanov N, Hovanov K, Schrenk M, Prokaev A, and Smirnova A (2008) Situation assessment in everyday life. In: Manfred Schrenk (ed) 13th International Conference on Urban Planning and Regional Development in the Information Society, Vienna 9. Popovich V, Prokaev A, Schrenk M, Galiano F, Voronin M, and Smirnova A (2008) Monitoring of terrorist’s treats: A theoretical approach. In: Schrenk M (ed) 13th International Conference on Urban Planning and Regional Development in the Information Society, Vienna 10. Akimov VA (2004) Assessment and prediction of strategically risks Russia: theory and practice (in Russian). Law Security 1(10) 11. Terrorist threats of Russia (2007) http://lukoyanov.novoemnenie.ru/articles2/ 16.html (in Russian) 12. Zharinov KV (1999) Terrorism and terrorists: History directory (in Russian). Taras AE (ed), Minsk, Harvest 13. Sokolova LV (2005) Computer software of the analysis, modeling and forecasting and possibility of their use for struggle against terrorism (in Russian). Anal Bull 7(259). Moscow, Russian Federation 14. Vasil’ev VI (1969) Distinguishing systems: Handbook (in Russian). Kiev, Naukova Dumka 15. Mathematical methods of recognition of images (2007). In: 13th All–Russia conference: the Collection of reports. Мoscow, MAX Press (in Russian) 16. The directory on the applied statistics (in Russian) (1990) vol 2: Lloyd E, Lederman U, Ajvazjan SA, and Tjurin JN (eds). Мoscow, Finance and statistics 17. Tsypkin JZ (1995) The information theory of identification (in Russian). Мoscow, Nauka

Geographical Information System for Analysis of Critical Infrastructures and their Hazards due to Terrorism, Man-Originated Catastrophes and Natural Disasters for the City of Gdansk

Marcin Kulawiak, Zbigniew Lubniewski, Krzysztof Bikonis, and Andrzej Stepnowski Gdansk University of Technology, Department of Geoinformatics, Narutowicza 11/12, 80-953 Gdansk, Poland, [email protected]

Abstract. The paper presents a web-based Geographic Information System (GIS) for assessment and visualization of Critical Infrastructure (CI) and its hazards which was developed by the Department of Geoinformatics at Gdansk University of Technology for the City of Gdansk. The system allows spatial processing and mapping of various CI analysis results, with the CI analysis module based on the CARVER2™ technology adapted to particular requirements of the Gdansk City Hall Crisis Management Department (CMD). The system works as an integrated solution for both visualization of hazard scenarios and a team-enabled environment for information analysis and sharing among geographically distributed decision makers. The paper focuses on the sample applications with reference to the analysis, visualization, and mapping in a geographical context of several threat scenarios, such as blast attack, chemical attack, and toxic leakage as well as the spatial distribution of critical infrastructure components in Gdansk, Poland. Keywords: GIS; CARVER2; Critical infrastructures; Hazards

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_17, © Springer-Verlag Berlin Heidelberg 2009

251

252

M. Kulawiak et al.

1 Introduction Many regions and places in the world, previously considered relatively safe, have recently become targets of various kinds of terrorist attacks, as the incidents of terrorism have been increasing continuously in recent years. This situation concerns many regions of Europe, including the country of Poland. It requires determined and effective actions for the protection of people and critical infrastructures (CI) against such attacks and their consequences. Within this context, for prediction of hazards and to support the activities for minimizing their results, some type of new information and communication technology achievements and solutions may be a useful aid. Specifically, Geographic Information Systems (GIS), when applied to CI protection, are used for real-time monitoring and information sharing purposes, visualizing threats as they are discovered [1]. Taking the case of CI components and their threats within the area of Gdansk in Northern Poland as a real-world implementation example, this paper presents the recently developed GIS application. The system allows for comparison of different types of CI as well as spatial analysis of all its aspects, including various threat scenario simulation. This approach should result in an overall increase in CI protection effectiveness, due to the system’s assistance in the creation of better response scenarios leading to quicker and more decisive actions and potentially reducing the impact of different threats. The system’s architecture is shown along with its sample applications with respect to several hazards, including terrorist attacks, man-originated catastrophes, natural disasters, etc.

2 The System Structure The block diagram of the developed system architecture is presented in Fig. 1. In general, the system consists of the CI analysis module based on the CARVER2™ technology, the web-based GIS system and authorized remote end users [2,3]. CARVER2™ delivers synthetic data regarding CI to the Geodatabase which stores them along with threat scenarios as well as digital charts of the city of Gdansk. The stored data is processed by spatial analysis module. The spatial data along with its processing results are disseminated for the authorised users in a form of thematic layers by the internet map server and via the WWW access portal.

GIS for Analysis of Critical Infrastructures and their Hazards due to Terrorism

253

Fig. 1 The system architecture

2.1 The CARVER2™ Module CARVER stands for the acronym from Criticality, Accessibility, Recoverability, Vulnerability, Espyability and Redundancy [4]. The CARVER2™ analysis tool is a software for comparing dissimilar types of critical infrastructure using the same standards. It is designed for quick and easy identification and comparison of potential terrorist targets at the local, state, and national levels in order to assist government officials in the allocation of protective resources. Regarding the presented system, the CARVER2™ technology has been adopted to the particular requirements of the Crisis Management Department of Gdansk City Hall (CMD). Specifically, these requirements have been defined with respect to:

254

M. Kulawiak et al.

• The specific homeland security strategic objectives on the Polish national and regional level • The accessibility of data on several CI sectors and types for the city of Gdańsk • The experience of CMD. It was decided that, in the implemented prototype application of the system, the following types of CIs would be analyzed: • • • • •

Energy Water and sewage Specific, potential concentrations of people (hospitals, schools etc.) High buildings Local authority and crisis management centers.

The following types of hazards have been selected by analysis by the system: • • • • •

Blast attack Chemical attack Liquid toxin leakage Gas toxin leakage Radioactive material leakage.

The CARVER2™ criticality assessment algorithm takes into account the complex interdependencies between sectors of critical infrastructures, as well as the susceptibility of evaluated infrastructures to various types of attack, as is presented on the diagram in Fig. 2.

Fig. 2 CARVER™ interdependencies of critical infrastructures

GIS for Analysis of Critical Infrastructures and their Hazards due to Terrorism

255

The synthetic score calculated by CARVER2™ module reflects the total value of all data inputs and gives the numerical basis for making the infrastructure comparisons. 2.2 The Geodatabase and Spatial Analysis Module These modules are responsible for creating and storing the thematic layers of spatial data in response to various user queries, like results of threat scenario simulation or visualizations of different distance relations between processed CIs. The Geodatabase is involved in optimized and integrated storage, maintenance, and updating of the various kinds of data. The spatial analysis module performs several spatial processing and analysis functions operating on critical infrastructure data, background data, hazard scenarios data, and other types of data possessing the spatial component. The sample possible analysis tasks include: • Basic geoprocessing tools • Advanced spatial analysis tools • Creation of time-varying thematic layers. Basic geoprocessing tools can prove to be a useful aid in analysis of urban areas in relation to spatial distribution of CI. The example here may be the creation of a thematic layer of polygons basing on the rule that the distance from any of them to the nearest CI (with respect to a specified range of scores in a chosen category of criticality or not) is not greater than a chosen value. Another example might be the selection of an area where objects belonging to two or more CI overlap and occupy the same or very close spatial locations, like viaducts in the case of roads and railway systems [5]. Advanced spatial analysis tools operate on both vector and raster data as their input or output. An example may be the creation of a thematic (raster) layer with the value of each point (pixel) defined as the local density of CI objects, calculated as the total number of critical objects of a specified type (weighted by its score or not). The result can be presented in the form of a layer overlaid on the source data, as is presented in the next section. Another example could be the interpolation of vector point data, obtained previously as a result of a given spatial processing or analysis, using the specified interpolation method, e.g., inverse distance, spline, or kriging [5]. The spatial analysis module allows for the creation of time-varying thematic layers based on threat simulation algorithms results. These use the spatial models describing several scenarios for the cases of occurrence of various types of hazard, like terrorist attacks (chemical, biological, bomb,

256

M. Kulawiak et al.

etc.), natural disasters (e.g., flood), or disasters of other origin (e.g., toxic leakage). The internet map server is responsible for providing the authorised users with layers of CI spatial data, background data, analysis results, and other contents of the Geodatabase through a comfortable, intuitive, web-based interface. The user is granted a set of GIS functions for accessing the spatial data served by the system, including: • Basic map viewing tools like scrolling, zooming, panning, etc. • Tools for easy map object information retrieval, including nonspatial attributes like number of inhabitants • Creation of queries for selection of object subsets using both spatial and nonspatial criteria • Execution of the geoprocessing and spatial analysis procedures and definition of their parameters • Customization of map appearance.

3 Sample Applications of the System and Processing Results Obtained Sample data obtained from the CARVER2™ analysis tool for various CI in the Gdansk area is presented in the Table 1. For the purpose of visualization of this data, two different methods were used. Table 1. CARVER2™ scores of chosen critical infrastructures in Gdansk, Poland 1 2 3 4 5 6 7

Critical Infrastructure Gdansk Refinery Port of Gdansk Hospital Straszyn – Water Source Power Station Gdansk Airport Railway Station

Score 165 138 144 172 90 142 112

The visualization of CI synthetic scores in a spatial context utilizes GIS and electronic chart techniques. These include presentation of the scores in several layers overlaid, where the score values are interpolated between the individual CIs using the inverse distance weighted (IDW) method, as shown in Fig. 3. The IDW implicitly assumes the decrease of influence

GIS for Analysis of Critical Infrastructures and their Hazards due to Terrorism

257

Fig. 3 CARVER2™ scores interpolated with IDW and registered as a new layer in the multilayer mapping system

Fig. 4 CARVER2™ scores interpolated with IDW and registered as a new layer in the 3D multilayer mapping system

with distance from its sampled location [3]. In such a manner, the obtained raster layer may be treated as a graphical representation of the local CI element concentration. For a more thorough overview of CI distribution over an area, the system provides three-dimensional visualization. In this context, the height of each peak of the plot is directly related to the value of CARVER2 score of the respective CI (see Fig. 4).

258

M. Kulawiak et al.

Fig. 5 Spatial visualization of simulated blast attack on the railway station, showing affected buildings. Dark circle – complete damage zone, light circle – severe injures zone

The system provides a more complete overview of CI vulnerabilities by means of complex visualizations of various hazard scenarios. For example, spatial visualization of the outcome of a blast attack on the railway station (see Fig. 5) reveals greater costs (CI as well as citizen-related) than pure CARVER2™ or GIS-derived data. The radii of the structural damage zone (the air pressure over 27kPa) and severe injuries zone (the air pressure below 27kPa and above normal) are calculated on the basis of the mathematical model used for blast effect assessment [6]: 0.8333

⎛ 185m 0.4 ⎞ (1) ⎟⎟ R = ⎜⎜ , p ⎝ ⎠ where R is the radius of zone in m, m is the mass of the used explosive material in kg, p is the threshold pressure in kPa. Visualization of the spatial distribution of different CI allows more comprehensive analysis of the examined region’s vulnerability to various threats, therefore becoming an invaluable asset for strategic planning. Another example concerns the simulation of chemical hazard using the simple hazard zone assessment algorithm based on the NATO ATP-45 norm [7]. Figures 6 and 7 present the spatial visualization of simulated chemical leakage from containers situated in the facility of Port of Gdańsk. Figure 6 presents the case with relatively low wind speed (5km/h–1), whereas Fig. 7 depicts a substantially different wind speed of 15km/h–1.

GIS for Analysis of Critical Infrastructures and their Hazards due to Terrorism

259

Fig. 6 Spatial visualization of the simulated chemical leakage from containers situated in the facility of Port of Gdańsk for the assumed wind speed of 5km/h–1

Fig. 7 Spatial visualization of the simulated chemical leakage from containers situated in the facility of Port of Gdansk for the assumed westerly wind speed of 15km/h–1

260

M. Kulawiak et al.

The system incorporates necessary tools for effective simulation and visualization of outcomes of various other threat scenarios, including natural disasters. Figures 8 and 9 show visualizations of two different results of the flood scenario simulation over the same area. In Fig. 8, most of the area is covered by the overflowing water. Figure 9 represents the result of the simulation after the addition of protective dykes.

Fig. 8 Visualization of flood scenario simulation outcome

Fig. 9 Visualization of flood simulation outcome after addition of dykes

GIS for Analysis of Critical Infrastructures and their Hazards due to Terrorism

261

4 Conclusions The web-based Geographic Information System for assessment and visualization of CI and its hazards was presented. The developed system allows for CI risk assessment and visualization of potential hazard scenarios simulations (blast attack, chemical attack, toxic leakage, flood) and provides different tools for data analysis and sharing between geographically distributed decision makers. The system’s verification and validation was performed by the Crisis Management Department of Gdansk City Hall. Preliminarily, the system has proven to be very useful for medium as well as large agglomeration municipalities in the European Union. The presented approach should result in an overall increase in CI protection effectiveness, due to the system’s assistance in the creation of better response scenarios leading to quicker and more decisive actions and potentially reducing impacts of different threats.

Acknowledgment This work was sponsored by the European Commission under the European Programme for Critical Infrastructure Protection (EPCIP), grant No. ABAC 30-CE-0158016/00-49.

References 1. 2.

3.

4. 5.

ArcView for Community Safety, http://www.esri.com/fliers/pdfs/av_homeland_ flier. pdf, March 2007 Kulawiak M, Bikonis K, and Stepnowski A (2008) Dedicated geographical information system in the context of critical infrastructure protection. In: Proceedings of the 2008 1st International Conference on Information Technology, Gdansk, Poland, pp 157–162 Demkowicz J, Bikonis K, Chybicki A, and Stepnowski A (2006) Coastal zone Critical Infrastructure protection using dedicated geographical information system. In: Proceedings of the Technologies for Homeland Security and Safety (TEHOSS), Istanbul, Turkey, pp 127–132 NI2 Center for Infrastructure Expertise (2006) CARVER2™ Users Manual Partyka A, Lubniewski Z, Ogonowski A, Stepnowski A, and Gajewski J (2006) Web-based marine GIS for littoral security. In: Proceedings of the Technologies for Homeland Security and Safety (TEHOSS), Istanbul, Turkey, pp 185–190

262

6. 7.

M. Kulawiak et al. U.S. General Services Administration (2001) GSA Security Reference Manual: Part 3 Blast Design and Assessment Guidelines Ballard J, Choi J, Oakes T, Pizzuto M, Ramírez J, Brown DE, and Dalton J (2004) Visual decision-support tools for first responders. In: Proceedings of the 2004 Systems and Information Engineering Design Symposium, USA

IGIS Controlling Polystatic Detection Security Marine Economic Activity

Victor Ermolaev, Sergey Kozlovskiy, and Andrey Makshanov St. Petersburg Institute for Informatics and Automation of RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected], [email protected]

Abstract. This paper considers certain approaches to realization of intelligent geo-information systems’ capacities for solving problems of controlling the means that implement polystatic methods for underwater objects’ detection in solving tasks of protecting the objects related to maritime economic activity. Keywords: Polystatic detection systems; Control; Intelligent geoinformation systems (IGIS)

1 Introduction Successful functioning of maritime activity objects depends to a great extent on a level of their protection against various threats: terrorist acts, piracy, hostile actions of unfriendly countries, etc. Exploiting advantages of the polystatic hydroacustic detection methods is one of the ways to protect such types of objects underwater [1]. Practical implementation of polystatic methods is based on the use of active acoustic signal sources. However, these sources negatively influence the region’s aquatic ecology, unmask security systems, and also lead to unreasonably high energy consumption. The above-stated reasons determine the necessity of joint (combined) application of the systems implementing polystatic detection methods and the passive systems for primary detection of an object-intruder. This option of the means application presupposes that

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_18, © Springer-Verlag Berlin Heidelberg 2009

265

266

V. Ermolaev et al.

a number of control problems’ would be solved, such as the selection of an emitter out of a certain given set, the determination of emission start time, and the selection of a signal power. The problems, solution is based on a dynamic analysis of the relative spatial position of objects (an objectintruder and object-observer) and the generation of the corresponding control actions. Application of the intelligent geo-information systems (IGIS) is efficient for such types of problem solving, as they provide an operational control of an intruder’s location and the generation of detection systems control recommendations using a predefined set of rules. This paper analyzes approaches to the application of the IGIS capacities to controling the means that use polystatic methods of underwater objects’ detection.

2 Problem Statement A system providing for object-intruder (intruder) detection is functioning in a secure zone Ω, thus incorporating: • A system of passive detection means that allows to obtain the a priori probability f (x, y, t 0 ) of an assumed intruder location at a certain time instant t 0 ; • A polystatic hydro-acoustic detection system represented by a set of К active acoustic signal emitters and L receivers of a reflected signal [1, 2]. The sources and receivers of acoustic signals have fixed coordinates within zone Ω. There exists a calculation algorithm of the polystatic system allowing the use of various active sources and various power values of the emitted signal [3,4] to calculate, in each given point of the secure zone, a probability of reaching an acoustic contact with an intruder located at a certain point; denote this probability by P(x, y, k , w) . • A control system that provides for the collection and representation of data from information sources, prediction of the detected intruder location, and also generation of recommendations for controlling the active sources. The optimal control problem of the security system as a whole [7] with regard to the equation of phase coordinates change x(ti ) = f [ x(ti − 1), u (ti ), ti ], ti ∈ [0, T ], i = 1,..., N

(1)

IGIS Controlling Polystatic Detection Ensuring Security Marine Economic

267

and conditions

u (ti ) = {Sti, Rti}, Sti ⊂ ΩS , Rti ⊂ ΩR, i = 0,..., N

(2)

is formulated as a problem of a stepwise choice of an admissible control u (t1), u (t 2),..., u (tN ),

(3)

that provides the realization of a value for the problem solving efficiency index not less than the predefined critical threshold: P(x, y, k , w, t ) > Pcr

(4)

The following notations are accepted in (1–4): – x(ti ) – phase coordinates of the controlled system represented by the system states (an intruder detection by passive means, prediction of its location using the passive systems’ data and detection by active systems) f [ x(ti ), u (ti ), ti ] – a system control function at a time instant t i u (ti ) – a vector-function correlating the polystatic system operation mode (active, passive), its configuration, and its active elements emissive power to the discrete time instant t i ΩS – a set of polystatic system spatial configurations ΩR – a set of polystatic system emitting power values N – a number of discrete time counts used to select the control impacts Pcr – a predefined value of the object detection probability by the polystatic system.

3 General Approach to the Problem Solving Assume that an event of the intruder detection by the passive system occurred. Then the task of controlling the security system at each step reduces to solving three interrelated subproblems: (a) choice of acoustic signals emitters k m used in the observation cycle (b) determination of the emitting power wn (c) determination of the emitting start time t.

km, wn, ti : P( x, y, k , w, t ) > Pêð; x, y ∈ Ω, k ∈ Ωs, w ∈ ΩR, t ∈ 0, T .

(5)

Thus, the intruder detection probability field P(x, y, k , w) is calculated for each emitter and for each value of its emitting power.

268

V. Ermolaev et al.

For each elementary zone [ x , x + d x ] × [ y , y + dy ] of the concerned water area, there exists a probability f (x, y, t )dxdy of an object location in this zone at a certain time instant t and a probability P(x, y, k , w) of an acoustic contact with a target located in a given point. Therefore, an integrated probability of a contact occurrence, when using the active polystatic system at a time instant t , is:

P( x, y, k , w, t ) = ∫∫ P(x, y, k, w) f (x, y,t ) dxdy .

(6)

Ω

Security concerns and ecology requirements set the lower bound and the condition of the object’s stable detection – the upper bound of the power w. A time of the active system functioning start should be defined by the inequality P ( x, y, k , w, t ) > Pcr . Example. Let the polystatic system have a fixed power w = w0 of the emitting signal for a given emitter k 0 . Function P(x, y, k 0 , w0 ) is defined by its level lines depicted in Fig. 1, a priori distribution f (x, y, t ) is given as an assemblage of 2D normal densities with an expectation and a covariance matrix depending on the time t (Fig. 1). Figure 2 shows the function P(x, y, k 0 , w0 , t ) diagram and the detection probability critical level Pcr . An abscissa of these two curves’ intersection point is the solution of the stated problem. This solution is found based on the polynomial Kalman prognosis of an object trajectory and the mentioned prognosis accuracy characteristics. The standard procedure of the dynamic object location prognosis and the prognosis’ errors covariance matrix forms the basis of the proposed intruder location prognosis algorithm [5]. The object location will be T described as a point in the state space X = [x ⋅ vx ⋅ y ⋅ vy ] . A linear relation X (t + τ ) = Φ (τ ) X (t ) + ξ (t )

(7)

will be used to describe the object dynamics, and the relation below will be a measurement equation: Y (t ) = HX (t ) + η (t ),

(8)

IGIS Controlling Polystatic Detection Ensuring Security Marine Economic

269

where ⎡1 ⎢0 Φ (τ ) = ⎢ ⎢0 ⎢ ⎣0

τ

0 0⎤ 1 0 0⎥⎥ , 0 1 τ⎥ ⎥ 0 0 1⎦

⎡ξ ⎤ ⎡Q 0⎤ ⎢η ⎥ ∈ WN (0, ⎢0 R ⎥ ⎣ ⎦ ⎣ ⎦

),

⎡6 ⎢0 Q=⎢ ⎢0 ⎢ ⎣0

0 0 0⎤ 2 0 0⎥⎥ , 0 6 0⎥ ⎥ 0 0 2⎦

⎡1 0 0 0⎤ H =⎢ ⎥; ⎣0 0 1 0 ⎦

measurement errors covariance matrix R for each detection time instant tk is considered to be known. Symbol WN (0, G ) is used for the model of the vector white noise with the matrix intensity G. A value corresponding to the first detection of the intruder is taken as a primary value of the vector X and a primary covariance matrix S. Filtration of the measurements in progress is made recurrently by the following formulae: ~

τ = tk + 1 − tk ; S k + 1 = Φ (τ ) SkΦ (τ )T + Q;

~ ~ ~ ~ Kk + 1 = S k + 1H T( HS k + 1H T + R k + 1) − 1 ; Xk + 1 = Φ (τ ) X k + Kk + 1(Yk + 1 − HΦ (τ ) Xk ); ~ S k + 1 = ( I − K k + 1 H ) S k + 1.

(9)

~ Upon the obtaining of the filtration results of the last n th detection X n and its covariance matrix S k +1 , both corresponding to the time instant tn , a prognosis for time τ and its covariance matrix could be determined using formula: ~ ~ X (t n + τ ) = Φ (τ ) X (t n + τ ), S (τ ) = Φ (τ ) SnΦ (τ )T + Q. (10)

Restoring the Gaussian a posteriori density of an object location predicttion based on the obtained prognosis values, calculate for several values τ the contact probabilities upon the start of the active system at the time instant t n + τ . The calculations are made by (1) using numerical methods. The curve in Fig. 2 is obtained as a spline interpolation of these prognosed values. The active system start time for the predefined emitter and the predefined emitting power is to be determined as a moment of crossing the critical level by the obtained curve. In this case the inequality is true. P(x, y, k0 , w0 , t ) > Pcr

(11)

The curve P = P (τ ) does not attain the value P = 1 , which by the obtained prognosis means that the intruder does not pass the maximal efficiency point of the active acoustic system. Optimal control, when using various configurations of the emitting system and various emitting power values, is provided under the condition: u (ti ) : ti = min t , P(x, y, k , w, ti ) > Pcr

(12)

270

V. Ermolaev et al.

The secure zone and results of the object-intruder forecast

300

Confident estimates of the object-intruder location

0.1

0. 2

250

0.6

8 0.

3 0.

0.2 0.5 0.4

0.6

0.6

0.8

0.7

0.4 0.5 0.7

0.8

0.6

0. 6

0.8

0.1

Forecast: probability of contact is 0.8

0.7

0.7

100

0.3

0.5 .6 0

0.2

0.7

150

0.1

0.4

Longitude (m)

2

0.

0.4 0.5

0.1

200

0.3

50

0

50

100

150

200

0.3

1

0.2

0.

0.3 0.2

0

0. 0.4 5

0.9

250

300

350

Latitude (m)

Fig. 1 The controlled zone and results of the object-intruder location prognosis Forcast probability of acoustic contact

1 0.9 0.8

Probability

0.7 0.6 0.5 0.4 0.3 0.2 0.1 0

0

5

10

15 20 Time for forcast (h)

25

30

Fig. 2 Variation of the predicted probability for attaining an acoustic contact by the polystatic system

IGIS Controlling Polystatic Detection Ensuring Security Marine Economic

271

4 Problem Solving Using IGIS Capabilities Practical implementation of the problem-solving algorithm described above using intelligent geo-information systems (IGIS) has certain specifics. IGIS combines both advantages of geo-information and expert systems. IGIS technologies allow incorporating calculation and algorithmic modules in an expert system, thus using data received from geo-information systems as well as GIS standard procedures. Thus, for instance, (Open Geodata Interoperability Specification) (OGIS) architecture allows interacting with various geodata warehouses and provides access to spatial data processing services. A combination of the OGIS architecture with the expert system architecture supports visual modeling of spatial processes [6, 8–12] and, based on the above, allows for realizing an algorithm of control recommendations generation for a security system. Visual computer modeling uses all the ideas of statistical simulation and places the emphasis on the visual representation of the modeled process or event. The visual modeling process particularly for the security system’s control has certain time constraints. The modeling start is determined by the time of the intruder’s detection by the passive acoustic system, the modeling end by the time of generating the application recommendations for the polystatic system. One of the forms for the visual modeling process realization is a scenario representing a sequence of stages and decisions. A stage in terms of the security system control is the current or predicted intruder’s location calculated with certain time discreteness. Stages, change happens as a result of actions representing an intruder’s displacement with the consequently evaluated speed and course from one point to another. The decision is a control recommendation for the polystatic detection system generated at each modeling stage. For realizing a prototype for the spatial processes visual modeling architecture, the use of a set of the existing open-source freeware packages available on the Internet is recommended: • • • •

Protégé – ontology editor [8] JBossRules – inference engine of RETE type [9] OpenMap – GIS library [10] Groovy – script language interpreter for virtual Java machine [11].

The above software set allows implemention of the technology of the ontologies-based knowledge representation. This technology has the following distinguishable stages sequence: – –

A subject area ontology design The ontology representation as a class tree

272 – – – –

V. Ermolaev et al.

A design of the corresponding element actions scenario in graphic primitives An implementation of the procedural knowledge: design and formalization of classes’ interpretation rules An implementation of the subject knowledge: addition of class representatives An integration of the procedural and subject knowledge; knowledge base testing.

The methods realizing the above mentioned technology elements for knowledge representation is discussed in detail by [12]; Fig. 3–5 show scenario elements of the control recommendations’ generation for the polystatic detection system At the first stage (Fig. 3) the intruder detected based on the passive detection system data is mapped onto the cartographic system, and the algorithm calculating its possible location region (TPLR – target possible location region) is started. Then the intruder’s TPLR calculation, its detection probability by the polystatic system, is calculated. In this case the probability of the object’s belonging to some region that characterizes the object’s detection probability is calculated by the Monte–Carlo method and OpenMap library

Fig. 3 Scenario of objects’ mapping and algorithm start

IGIS Controlling Polystatic Detection Ensuring Security Marine Economic

273

standard functions for P(x, y, k , w, ti ) probability calculation at each control step. The intruder’s location, being predicted is calculated according to (7–10). The P(x, y, k , w, ti ) probability calculation algorithm assumes: (a) Generation of a random point with (x, y ) coordinates distributed by 2D normal law characterizing the predicted object-intruder location. Here, the fact is used that if X – sample of dimension n from normal law N (0, S ) , then Y = S 1 2 X is a sample of normal law N (0, S ) . Adding to each Y column a vector of means a, obtains a sample of N (a, S ) . When a “square root out of matrix” function is unavailable, proceed as follows. Let Q be a scalar matrix with eigenvalues of S on its diagonal, ⎡λ 0 ⎤ Q=⎢ 1 ⎥, ⎣0 λ 2 ⎦

(13)

P be a matrix whose columns are S normalized eigenvectors. Form a matrix ~ ⎡ λ 0⎤ Q=⎢ 1 ⎥, λ 2 ⎥⎦ ⎢⎣0

(14)

T~ Then S1/2 = S 1 2 = P QP . (b) Determination of the random point belonging to a region characterizing some probability of the object detection by the active system, using isPointInPoligon method from the OpenMap library. (c) Counting n j – a number of the random point entering each j-th

region. (d) The received data processing and the intruder’s detection probability P(x, y, k , w, ti ) evaluating:

P( x, y, k , w, ti ) =

1 No ∑ Pj ( x, y, k , w) ⋅ nj Nи j =1

(15)

N u – a number of iterations providing the results’ preset accuracy and reliability, N 0 – a number of zones, Pj (x, y, k , w) – a value of the intruder detection probability characterizing a polystatic system detection zone when using the k th power w emitter, n j – a number of the random point entering the jth region.

274

V. Ermolaev et al.

Fig. 4 Scenario of decision making

Fig. 5 Scenario of calculations

IGIS Controlling Polystatic Detection Ensuring Security Marine Economic

275

(e) Generation of recommendations for the active systems deploying polystatic detection methods based on the condition’s satisfaction control u (ti ) : P(x, y, k , w, ti ) > Pcr

The complete calculation constituent might be expediently realized within the expert system using Groovy language which is well applicable to the special-type Calculus actions. The above is a “low-level tool for all cases” [11, 12] that allows for inserting any text written in the Groovy language and performing any information processing by the algorithm parts possessing no standard actions.

5 Conclusions 1. Intelligent geo-information systems allow the solving of a wide range of problems related to the control of detection systems incorporated into the security systems of maritime economic activity objects. Moreover, they provide for a visual representation of the current situation as well as for an automatic generation of recommendations for the control of a detection means complex. 2. To automate the control of the detection means complex the use of the architecture for spatial processes’ visual modeling that includes a set of the existing Open Source Code free software packages available on the Internet is expedient. These software packages set allow for realizing the ontology-based technology for knowledge representation. 3. The considered approach to solving the problem of the polystatic detection means control can be extended to other means functioning within the security systems of maritime economic activity objects.

References 1. Luchinin AG and Hil’ko AI (2005) Low-frequency acoustic tomography of shallow sea using low-mode pulses (in Russian). Acous J 51(2):124–125 2. Smirnov IP, Caruthers JW, and Hil’ko AI (1999) Tomographic Observations of Localized Inhomogeneities in Plane-Layered Waveguides (in Russian). Preprint, IAP RAS 658, Nizhny Novgorod, p 26 3. Ivanova IA and Leont’ev UB (2005) Classes hierarchy in implementation of the sound-field intensity calculations in geo-information systems. In: International IF&GIS Workshop proceedings, St. Petersburg, pp 188–195

276

V. Ermolaev et al.

4. Hil’ko AI (2005) Media-specific ocean acoustic tomography on the basis of application of the geo-information system with physical models. In: International IF&GIS Workshop Proceedings, St. Petersburg, pp 196–209 5. Makshanov AV (1983) Dynamic Models in Tracking and Surveillance Problems (in Russian). St. Petergurg, VICU 6. Meditch JS (1969) Stochastic Optimal Linear Estimation and Control. New York, McGraw Hill 7. Belen’kiy AS (1992) Transport Systems Operation Analysis: Ideas and Schemes of Planning Optimization Methods (in Russian). Moscow, Mir 8. Knublauch H (2003) An AI Tool for the Real World. Knowledge Modeling with Protégé, www.JavaWorld.com 9. Owen J (2006) Open source rule management. www.InfoWorld.com 10. Owen D (2003) Java Geography for the Smart Mob, Part 1: OpenMap, O’Reilly On Java.com 11. Koenig D, Glover A, King P, Laforge G, and Skeet J (2006) Groovy in Action. Manning, 2006 12. Sorokin RP and Ivakin YA (2005) Artificial Intelligence methods and tools application in geo-information systems. In: International IF&GIS Workshop Proceedings, St. Petersburg

Real-time Web-based GIS for Analysis, Visualization, and Integration of Marine Environment Data

Jacek Dabrowski, Marcin Kulawiak, Marek Moszynski, Krzysztof Bruniecki, Lukasz Kaminski, Andrzej Chybicki, and Andrzej Stepnowski Department of Geoinformatics, Gdańsk University of Technology, Gdańsk, Poland, [email protected]

Abstract. Visualization and integration of the marine spatial data collected by various marine sensors and sources is an important factor in the context of marine environment sensing and monitoring. Several approaches and techniques of measurements are available to achieve this purpose including direct sampling, airborne and satellite imagery, and underwater acoustics. The paper briefly describes the state-of-the art marine GIS system developed in the Department of Geoinformatics of Gdansk University of Technology, Poland. The proposed system is able to integrate many different types of marine data, especially those acquired by various acoustic sensors like multibeam sonar (MBSS), echosounder and side scan sonars (SSS), and other external sensors such as satellite data receiver, radar, or automated identification of ships (AIS) data analyzer. Instantaneous 2D and 3D visualization is provided by the two components of the system: GeoServer web-based module and a standalone application basing on ESRI ArcGIS Engine solutions. Keywords: Marine GIS; WMS; Real-time; Web-based GIS; Multibeam sonar; Side-scan sonar; Radar; Single-beam echosounder; Integration; GeoServer; Open Layers; ESRI ArcGIS Engine; ArcGlobe; Satellite imagery.

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_19, © Springer-Verlag Berlin Heidelberg 2009

277

278

J. Dabrowski et al.

1 Introduction The problem of efficient methods of monitoring, prediction, and visualization of various marine environment processes has been of great importance for many years. This is the reason for extensive research in this area and for development of various techniques using different approaches and equipment. These techniques include [1]: • • • •

Direct sampling Hydrological measurements using CTD probes Satellite and airborne imagery Acoustic methods based on the data acquired by multibeam systems, side-scan sonars, and single-beam echosounders (ES).

The acquisition, processing, integration, and visualization of various kinds of data constitutes an important problem in the context of numerous applications related to aquatic ecosystems management. The paper describes a marine GIS system capable of integrating the data from various types of sources. These include real-time sensors like radar or satellite data receiver, where data are transmitted to the system without relevant delays and presented on the map, dynamic data sources such as results from numerical simulations, e.g., prediction of oil spill behavior, and other data types such as bathymetry, background maps, underwater acoustic sensor data, and others. Comprehensive descriptions of important visualization algorithms are also outlined in the paper. The data from the investigated marine region can be presented by two separated components of the system: GeoServer integrated with open layers web-based GIS and standalone GIS application built upon ESRI ArcGIS Engine technology. Each of these modules differs by data visualization algorithms and is characterized by specific capabilities. This paper presents the design and the application of the newly developed nearly real-time, remotely accessible GIS. The new features like web integration framework and advanced 3D visualizations of underwater acoustic data are described in the following sections.

2 Previous Work The Department of Geoinformatics of Gdansk University of Technology carries out intensive research in the field of designing and creating marine GIS systems. The recently developed versions of the system were already

Real-time Web-based GIS Analysis, Visualization and Integration Marine

279

presented in [2] or [3], nevertheless its basic functionalities are briefly described in this section. The developed marine GIS enables the integration of the different kinds of distributed data from various types of sensors and sources, along with the presentation of the data from the investigated marine region in a form of multiple, time-varying 2D and 3D thematic maps. It consists of two basic modules, which provide full functionality to end-users, namely webbased GIS and standalone application. The Web GIS module was developed entirely with the use of open-source technology. It utilizes the GeoServer for serving Open Geospatial Consortium’s (OGC) Web Map Service (WMS) layers, Apache Web Server as the HTTP proxy, Java 2 Standard Edition with the Tomcat Servlet Engine for data processing, and OpenLayers Javascript library for building the DHTML client. The web-based system is dedicated to providing basic 2D visualization for every user of the system. Due to technological limitations, interactivity with the user is limited to basic 2D visualization and some editing of the data capabilities. Also, rendering algorithms are less complex and cannot provide 3D information about the marine environment. The standalone application module provides far more complex solutions on integration, analysis, and visualization of the spatial data; however, it requires an ArcGIS license and a better CPU unit for rendering algorithms. This part of the system was developed in C# language using .NET platform and uses ArcGIS Engine functions as spatial processing and visualization tools. ArcGIS Engine is a set of objects that provides application programming interfaces (APIs) for COM, .NET, Java, and C++. It also includes a series of high-level visual components that makes it fairly easy to build a GIS application. ArcGIS Engine provides well-defined, cross-language objects called ArcObjects, the same objects on which the ArcGIS Desktop products are built. Thus, ArcGIS Engine is a tool that allows building applications or extending existing applications to provide focused spatial solutions to both GIS and non-GIS users. An important feature of ArcGIS Engine is the form of map presentation that can be either an incidental or a central element in an application. These features make ArcGIS Engine particularly well-suited to specific GIS solutions like marine ecosystems’ sensing. The standalone application provides complex mechanisms of 3D visualization of custom spatial objects ranging from MBS bathymetry, side-scan, and single-beam echosounder data results to 3D modeling of oil spills or pelagic fish visualization. To provide common and efficient solutions to serve the geospatial data via TCP/IP protocol, particular modules of the system are compatible with widely used spatial data-serving protocols such as Arc SDE and WMS. Several open-source and commercial solutions were used to provide the set

280

J. Dabrowski et al.

of basic GIS functionalities like viewing, panning, and zooming of the map including ESRI ArcGlobe control for 3D visualization of custom spatial objects in standalone application or open-source Open Layers Javascript library for implementing WWW client in the web-based module. The detailed architecture of this marine GIS data is presented in Fig. 1 and its comprehensive description is available, e.g., in [1] or [2].

Fig. 1 The architecture of the previously developed system

Integration and visualization of spatial data is one of the most important objectives of every GIS application. The previous version of the system was capable of analyzing, processing, and visualization of marine data acquired from various external sensors, namely Simrad-Kongsberg EM 3002 multibeam sonar, EdgeTech DF 1000 side-scan sonar, Simrad EK 500 single-beam echosounder, Sitex radar, and others. These tasks were accomplished by implementing several data-processing algorithms responsible for transforming all external sources and sensors data to manageable data types that can be presented by visualization components of the system. The design and applications of the developed real-time, remotely accessible marine GIS for marine ecosystems’ monitoring and mapping is outlined in this paper. When integrated with sensors providing the current on-line data the system may be a valuable, intelligent support in marine research providing a tool for fast efficient visualization of collected data and validation of the results.

Real-time Web-based GIS Analysis, Visualization and Integration Marine

281

The previously developed system had several features and functionalities that made it a fairly helpful tool for marine habitat monitoring. However, many additional algorithms and functions needed to be implemented to make it more efficient in marine research. New features and functions that were implemented in the system are described in the following sections.

3 GIS Integration Framework (GIS-IF) Collecting marine data in research is a complex task which not only consists of measurements but also analysis, validation, and interpretation of information acquired by various sensors. Scientists of the Department of Geoinformatics of Gdansk University of Technology have made several scientific cruises with Polish Academy of Sciences researchers on the R/V “Oceania” where such measurements took place. It became clear that in this context it is crucial to provide efficient means of communication between distributed marine data sources and to create mechanisms of dissemination of the measurement results among other groups of scientists. This task was accomplished by creating an additional framework that is responsible for integration of the metadata in web-based modules and distributed users of standalone applications. In this context, metadata is considered to be a description of the information that is analyzed and visualized in the main module of the system. The detail architecture of this solution is presented in Fig. 2. GIS-IF Java-based web application provides information about the data stored in the web-based module of the system to distributed standalone applications’ users. By creating an additional metadatabase, GIS-IF can associate each particular layer stored in GeoServer with its data source file. In this particular structure, the standalone application can be used anywhere and the only requirement is a TCP/IP connection that enables communication with the GIS-IF server. It is important to note that the information from the metadata is available not only for PC computer clients having a standalone GIS application installed but also for mobile applications with HTTP protocol support. GIS-IF can be used as well for data managing, viewing, and sharing among distributed actors of the system. GIS-IF also provides systems for previewing of the data stored in local metadatabases. This enables remote clients to decide which particular data source files are in their area of the interest without downloading whole data and is particularly important for large size source files such as multibeam sonar data files which often exceed 500 MB of local disk space. The screenshot presenting the use of GIS-IF and the GeoServer is presented in Fig. 3.

282

J. Dabrowski et al.

Fig. 2 GIS Integration framework architecture

Fig. 3 GIS-IF as a synchronization tool in the developed GIS system

Real-time Web-based GIS Analysis, Visualization and Integration Marine

Numerical oil spill simulation model results

OpenLayers web Admin module Web access Portal

Satellite weather data imagery PC Radar Multibeam Sonar Single-beam Echosounder U

Standalone application

Data adaptation module

Map Server OpenLayers limited Client

Data adaptation module

Background Map data

283

2D View 3D View

Side-Scan Sonar

Web GIS

Internet

External GIS data GoogleMaps

WMS

ArcSDE

Fig. 4 The architecture of the recently developed system

The presented solution made the system much more flexible and useful as a tool in the research activity. GIS-IF enabled the rest of the developers of the system to consider the web-based module and standalone application as two separated modules, where the synchronization of the data is provided. This basically made development of applications much more easier and led to significant changes in the developed GIS structure. Most of the functions responsible for data processing were also separated to provide wider functionality especially in the web-based part of the system.

4 Supported Sensor Types The proposed system integrates several types of data coming from various sensors. Many sensors available on the market deliver their measurements along with their absolute spatial position in global coordinated systems. However, providing the data for real-time web-based GIS systems requires special processing depending on the data type. For exemplification purposes, the system was tested on three kinds of real-time sensors’ data very different

284

J. Dabrowski et al.

in the sense of its origin, i.e., echo data from radar system, meteorological data from satellite receiver, and marine traffic data from automated identification system (AIS). These data differ not only by their data structure but also by their hardware and software acquisition interface. The first mentioned system delivers data acquired by the portable PC radar located at the top of the building of Electronic, Telecommunication, and Informatics Faculty of Technical University of Gdansk. The radar, manufactured by Sitex, provides the streamed data containing radar images every 2 s via USB interface. The maximum 16-Nm range covers the most interesting coastline area of Gulf of Gdansk. For the purpose of web-based access, this kind of real-time data requires setting up a dedicated software server, which provides the geo-referenced simple raster image file on user demand. Depending on the sensor geographic orientation, each requested frame of image data needs to be rotated for its precise overlaying over the base map of the GIS system. In the actual system the single 240 × 240 raw raster image headed from North by 11° is rotated to standard 256 × 256 tiles that are geographically scaled on the map to its actual range setup. In spite of the small size of the single GIF compressed radar image, its nearcontinuous transfer (5 kB each 2 s) became quite demanding for the network and WWW client software. The second sensor system used for the testing of the developed GIS performance processes the data acquired from EumetSat’s Broadcast System for Environmental Data (EumetCast). It is a multi-service dissemination system based on standard digital video broadcast (DVB) technology. It uses commercial telecommunication geostationary satellites to multicast files received from meteorological satellites. The new data is disseminated every 15 min. Because of limited bandwidth, full scan is available each 15 min after reception by a satellite antenna. The data contains 12 spectral channels spread from visible band centered on 0.6 μm to carbon dioxide band centered on 13.4 μm including one broadband high-resolution visible band channel. Data received from channels are segmented to 8 or 24 (for high-resolution channel) strips, as a 3,712 × 464 raster (5,568 × 464 for high-resolution channel). The received information is stored in the local file system, and published by classical Apache web server. However, georegistered and compressed files in geostational projection require additional processing for presentation in unprojected Plate-Care charts or Mercator-projected marine maps. To accomplish this task, the channel data organized in the form of GIS layers are geo-concatenated and reprojected by another dedicated WMS server providing each web-based GIS with near real-time snapshots of almost half of the Earth’s area in the form of 256 × 256 tiles.

Real-time Web-based GIS Analysis, Visualization and Integration Marine

285

The last real-time sensor considered as an example is of different computer technology origin. It is based on data already published in the Internet and coming from MarineTraffic.com web-site provided by University of the Aegean in Greece [4]. The marine traffic web-service manages the radio signals obtained by AIS receivers from all over the world and publishes them in the form of dedicated XML files obtained by HTTP queries. In this case the software processing part is moved to the client side by applying Javascript parsing code based on AJAX requests. The code is prepared for use by Google Maps and Open Layers APIs. According to the data provider its internal database representing positions of all world-wide AIS-equipped ships is updated every 5 min so the refreshing rate of this GIS layer is set up for this time period. Moreover, as the layer represents so-called feature information the data are visualized using earlier prepared icons in the form of ship markers with adequate orientation (rounded to 5°) reflecting ship course. The HTTP queries are map extent and zoom level sensitive for being efficiently transferred by global internet network. Figure 5 shows three described real-time sensor layers overlaid on the base map. The layers are refreshed according to software setup timeouts imitating near real-time acquisition. It is worth noting that although the

Fig. 5 Satellite and radar real-time imagery overlaid on AIS data

286

J. Dabrowski et al.

system allows for multiple selection of many such layers, its heavy usage may lead to bottlenecks due to its demanding requirements for client machines operated in WWW browser environment. In addition to the real-time sensor data the GIS can be used to display offline data. The standalone application is capable of displaying data from typical online sources (e.g., SDE, WMS) together with custom layers containing results of sonar surveys. The basic functionality, i.e., view management, layer organization, and basic geodata import is based on components available from the ArcGIS Engine SDK. However, for the custom data, we needed to create our own OpenGL procedures that display three dimensional views. Figure 6 contains an overview of the Gdansk Bay and three detailed views that present data acquired using the echosounder, side-scan sonar, and multibeam sonar. The application allows seamless navigation between data acquired from various sources at various times.

Fig. 6 A typical overview and three detailed views in the standalone

The data from MBS is displayed in two forms – as a series of points contain bathymetry data, and as a series of two-dimensional fan-shaped images that can be used to visualize objects other than the seabed such as fish or pollution. In order to maintain visibility, signals below a certain threshold are completely transparent. Figure 7 contains data acquired during one of our surveys. Using this method we can clearly notice objects floating above the seafloor, which in our case are most likely pelagic fish schools.

Real-time Web-based GIS Analysis, Visualization and Integration Marine

287

Fig. 7 Water column data containing pelagic fish schools

5 Summary The paper introduces the design and applications of the developed real-time, remotely accessible marine GIS dedicated for marine environment sensing, monitoring and visualization. When integrated with sensors providing the current on-line data containing the measurement results, the system may be a valuable, intelligent support for diverse groups of scientists, authorities, and others. The presented system delivers multi-resolution maps designed for different scale observations of marine environment and various ecosystem components. The system was developed using open source and ESRI ArcGIS Engine technologies which are powerful tools for developing GIS applications. It is particularly useful for instantaneous integration, processing, and imaging of data acquired from different sensors and distributed sources.

References 1. Bikonis K, Partyka A, Łubniewski Z, Moszynski M, and Stepnowski A (1997) GIS for shallow water pollution awareness and emergency management. In: Stepnowski A, Ruciński A, Kosmowski K (eds) Proceedings of the IEEE International Conference on Technologies for Homeland Security and Safety TEHOSS 2005, Gdańsk, Poland, pp 45–50 2. Partyka A, Łubniewski Z, Stepnowski A, and Gajewski J (2006) Remotely accessible web-based GIS for real-time monitoring and mapping of the marine

288

J. Dabrowski et al.

environment. In: Jesus SM and Rodriguez OS, Proceedings of the 8th European Conference on Underwater Acoustics, Carvoeiro, pp 609–614 3. Bikonis K, Moszynski M, Chybicki A, and Kociński P (2006) 3D imaging software tools for multibeam sonar data. Hydroacoustics 9:17–22 4. MarineTraffic.com, Live ship maps – AIS – vessel traffic and position, developed and hosted by the Department of Product & Systems Design Engineering – University of the Aegean, http://www.marinetraffic.com/ais/

On Optimizing Search Efforts (Area Effectively Swept) Allocation in the Course of Search and Rescue Operations

Andrey Makshanov and Viktor Ermolaev St. Petersburg Institute for Informatics and Automation of RAS, 39, 14 Liniya V.O., St. Petersburg, 199178, Russia, [email protected]

Abstract. A solution is considered for a problem of optimal distribution of search efforts among areas while running search and rescue operations under limited search resources and probabilistic nature of a priori information about the location of an emergency object. Keywords: Search and rescue operation; Area effectively swept (search efforts); Detection probability

1 Introduction Typical search tasks arise, for instance, at mineral prospecting, at locating fish schools in fishing, etc. Different rescue operations, as a rule, also have a stage of search for emergency objects or people. The most detailed analysis of situations and mathematical settings of respective problems that arise is given in [1–3]. Suppose that a certain number of observers varying in their search capacities are detached to perform an operation. Each observer’s capacities are characterized by the search efforts being developed, measured in square units inspected per time unit. A priori information is most naturally preset as a probability density of the search object’s possible location. The process V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_20, © Springer-Verlag Berlin Heidelberg 2009

289

290

A. Makshanov, V. Ermolaev

of search effort distribution aimed at achieving their application’s best efficiency in a specified region is named the optimal distribution of search effort. The logic of solving such tasks consists in revealing the most promising search areas, optimal distribution of search units among areas, and estimating the efficiency of the search task solving based on the index of the object’s detection probability. Let us consider the above task solving using the problem definition proposed in [2] for the case when initial information is given as a poly-modal probabilistic distribution, so the search area at optimizing remains disconnected. In this case the main problem consists in revealing the connectivity components and in optimally distributing the available discrete set of search units over the above components.

2 Setting a Task The search for an object is carried out in the area whose location is set by 2D probabilistic density w(x, y ) . There exists a search forces detail, consisting of N search units. Each search unit is characterized by its search efforts F j , j = 1,..., N . An optimal distribution of N search units within the area should be provided for as well as estimation of task solving efficiency for the search based on the probability index of object detection. The areas of search units’ activity are assumed nonintersecting. Examine the specific task setting for the case of initial data given in Table 1. Let object location in k areas be defined by probabilities p1 ,..., pn , k

∑ pi = 1.

Probability density for the object’s location in each area is

i =1

described by 2D normal law with its own mean and covariance matrices. Parameters of these distributions ( k = 3 ) and search efforts for N search units ( N = 6 ) are given in Table 2. The form of 2D probability density w (x, y ) for the object’s location used in a case study and its level lines within the defined water area of 400 × 300 miles are given in Fig. 1.

On Optimizing Search Efforts Allocation Course Search Rescue

291

Table 1. Basic data Region

Probability

1st Region

W(1,1) = 0.3

2nd Region

W(2,1) = 0.5

3rd Region

W(3,1) = 0.2

Coordinates of the center W(1,2) = 120 W(1,3) = 230 W(2,2) = 280 W(2,3) = 170 W(3,2) = 100 W(3,3) = 70

SD

Correlation index W(1,4) = 60 W(1,6) = 0.5 W(1,5) = 40 W(2,4) = 70 W(2,6) = –0.5 W(2,5) = 50 W(3,4) = 60 W(3,6) = 0.3 W(3,5) = 60

Table 2. Search effort by units Unit

1st–unit 2nd–unit 3rd–unit

Search effort 3,000 2,700 2,400

Unit 4th–unit 5th–unit 6th–unit

Search effort 2,100 1,800 1,500

Fig. 1 2D probability density w(x,y) for object’s location and level lines

292

A. Makshanov, V. Ermolaev

3 Task Solving In accordance with the theory developed in [1, 2] the calculations are based upon the detection potential F (x, y ) ≥ 0 of observers detailed to execute the search, while search efforts F are specified in square units: ∞ ∞

F=

∫ ∫ F ( x , y )dxdy.

(1)

−∞−∞

Therefore, the detection probability density p ( x, y ) , defining the possibilities of target detection by observers looks, like p ( x, y ) = 1 − exp[− F ( x, y )] .

(2)

If there exists an a priori probability density of the object’s location w( x, y ) , then the probability of a target detection Pdet serving as the efficiency index for search efforts distribution is calculated as follows: ∞ ∞

Pdet =

∫ ∫ {1 − exp[− F ( x, y)]}w( x, y)dxdy.

(3)

−∞−∞

As shown in [2] the maximum attained for the above probability requires meeting the following condition in each point ( x, y ) : exp[− F ( x, y )]w( x, y ) = λ = const ,

(4)

and the condition w( x, y ) ≥ λ . results immediately from the above. So, the physical sense of the λ value consists in the fact that target search is only expedient in the areas where w( x, y ) ≥ λ . In practice, the above ratios mean that the detection potential F ( x, y ) and probability density of the object’s location w( x, y ) are strongly connected. In particular, if density w( x, y ) is set, then search efforts F j , j = 1,..., N are assumed to be calculated through the connected (4) function F ( x, y ) , and the carefully defined functional (3) will be optimized. Let us introduce parameter λ being the value of a probability density w ( x, y ) cut-off. The physical sense of that value is that the target search is only carried out in the area S where the target penetration probability density is greater than or equal to λ . One of the main results of the theory [1, 2] is that expression

On Optimizing Search Efforts Allocation Course Search Rescue

F (λ ) =

∫∫ {ln[ w ( x , y )] − ln( λ )}d xdy.

293

(5)

S

determines the integrated search efforts necessary to control the area S with target detection probability (6)

P (λ ) = ∫∫[ w( x, y ) − λ ]dxdy. S

With regard to (5) and (6), the task in the above setting can be solved step by step, through solving particular tasks. 3.1 Task One

Task One consists in finding the optimal λ = λ0 and the respective area S from the following equation F (λ ) = F0 ,

(7)

N

where F0 = ∑ F j are integrated search efforts of search forces. j =1

In this case the target detection probability can be defined as P(λ0 ) by formula (6). The graphical and screen displays for the example in question are in Fig. 2. 10

x 10

4

9 8

Integrated search

7 6

Required value for search efforts

5 4 3 2

Sum for search efforts

1 0 -13

-12.5

Optimal value ln_lambda: –11.0974

-12

-11.5

-11

Lambda logarithm

Detection probability: 0.6776

-10.5

-10

Number of search area (clusters) 3

Fig. 2 Solution for the equation for the case study conditions

294

A. Makshanov, V. Ermolaev

3.2 Task Two

Task Two consists in forming compact clusters within the received area – search zones. This is done based on a known algorithm of multidimensional classification – nearest neighbor analysis [4, 5]. The procedure has to be repeated twice in order to remove the smallest clusters. The calculation results for the case study conditions are given in Fig. 3. Dots of different colors indicate search zones in Fig. 3.

Fig. 3 Forming compact clusters (isolated search zones) in the detected area

3.3 Task Three n

Task Three consists in distributing total available search efforts F0 = ∑ U j j=1 between the detected nonintersecting search zones S1 ,..., S m , m

S = ∪ Sm .

(8)

i =1

For that and according to (6), find the probabilities Pi of object detection in each of S i zones by:

On Optimizing Search Efforts Allocation Course Search Rescue

Pi = ∫∫[ w( x, y ) − λ 0] dxdy , Si

295

m

∑ P = P(λ ), i =1

i

0

(9)

then define search efforts Fi , that will be separated for a search in each S i zone, by formula (5): Fi = ∫∫ {ln[ w( x, y )] − ln(λ 0)}dxdy.

(10)

Si

The calculation results for the case study conditions are given in Fig. 4. Detection probability: 0.3174 Number of search areas (clusters) 3 Detection probabilities by search areas 0.0712 0.1119 0.1343 Search effort allocation by search areas 3.465.8 4739.4 5280.7 Fig. 4 Results for calculations of search efforts distribution among search zones

3.4 Task Four

Task Four is to distribute the available discrete set of search units among the detected search areas, so as to attain for each area the total of search efforts, maximally close to values received by formula (7). Thus, the detection probability must be close to a theoretically possible P(λ0 ) , received by formula (6). This is a task of discrete optimization, and under condition of low dimensionality could be solved by simple enumeration of 2 NM variants. Let us view the discrete optimization algorithm using the above considered example. Thus, the discreet set of search efforts for the available search units is given (Table 1): U = [ 3000 2700 2400 2100 1800 1500 ]. The optimal distribution of search efforts among search zones is defined as (Fig. 4): F = [ 3465.8 4739.4 5280.7]. It is required to divide U into three groups A1 , A2 , A3 , so that the efforts’ sum in the jth group would be minimally deviated from i F .

296

A. Makshanov, V. Ermolaev

In a given setting A1 = {U 5 ,U 6 }, A2 = {U 2 ,U 4 } , A3 = {U 1 ,U 3 } can clearly be used. To define a real probability of object detection, for example in A1 area, let us find, according to (5 and 7), ⎧⎪ ⎫⎪ ⋅ ⎨ ∫∫ ln[w( x, y )]dxdy − U 5 − U 6 ⎬ . ⎪⎩( S 1) ⎪⎭ ~ Then the desired probability P 1 will be defined by formula (6):

ln(λ 1) =

1 S1

~ P1 =

∫∫[w( x, y) − λ ]dxdy.

(11)

(12)

1

( S 1)

The calculations for the particular reviewed case are in Table 3. Table 3 The calculations for the particular reviewed case. Detection probabilities Optimal Pi

Area 1

Area 2

Area 3

Integrated probabilities

0.0712

0.1119

0.1343

0.3176

Real

0.0686

0.1128

0.1361

0.3174

~ Pi

3.5 General Setting

There exists a set of positive numbers U = {U 1 ,...,U N } and set of values F = {F1 ,..., FM } , M << N . It is required to divide U into M groups A1 ,..., AM so that the sum in the jth group would be minimally deviated from Fi . 3.6 Solution

The considered task belongs to the field of nonlinear integer programming and has no standard solution algorithm. Complete enumeration means the analysis of 2 NM variants, and this is unlikely to be realistic. So, a suboptimal solution is proposed, consisting of the following consecutive steps. Step 1. All numbers from 0 to 2 N − 1 are enumerated in their binary record. This results in matrix X of dimensionality (2 N − 1) × N ; therefore, the lines are all possible N long sequences of zeros and ones. The above matrix multiplication by vector column U results in the column of numbers

On Optimizing Search Efforts Allocation Course Search Rescue

297

and selects out of the latter an element closest to F1 , and based on its order number, the elements to be attributed to Group 1 are determined. Step 2. Positions corresponding to the elements attributed to Group 1 are removed from column U . Now N is the length of a new, reduced column U. At a new enumeration, Group 2 is filled, and so on. Generally speaking, the result depends on the order of groups’ numbering, i.e., the order of Fi presentation. Logically, first of all, maximum Fi values should be presented; they are corresponded to by areas with maximum detection probability. In this case, the zones with low detection probability are filled based on a residual principle. The highest integrated detection probability can yet be reached based on a different order of groups’ formation. Having no means to analyze all permutations (this is equivalent to a complete enumeration of variants), two possibilities can be examined: from the greatest Fi to the least one, and vice versa, and then select the best variant, giving the highest detection probability. The results of calculations are given in Fig. 5. Search units’ allocation by regions 2 3 3 1 2 1 Optimal allocation of search efforts by regions 1.0e+003 * 3.4658 4.7394 5.2807 Real allocation of search efforts by regions 3600 4800 5100 Real detection probabilities by regions 0.0732 0.1128 0.1315 Theoretical and real detection probabilities 0.3174 0.3176 Fig. 5 Calculation result

4 Conclusions • This work presents the solution for five important tasks of search theory related to the distribution’s optimization for a discrete set of search units within a given area, accounting therefore for the probabilistic nature of a priori information about the object’s location. • The considered approach assumes several generalities, consisting in the introduction of search units’ efforts dependence on the application area (heterogeneity), and accounting for risk factor at operations’ planning, etc.

298

A. Makshanov, V. Ermolaev

• The most radical generality of the received results consists in a possibility of their extension to a phase space of a more general nature, e.g., in the space of regulation parameters of a certain technical system, into the space of frequencies and polarization in communications theory, etc.

References 1. Hellman O (1985) Introduction in Optimal Search Theory (in Russian). Мoscow, Nauka 2. Koopman BO (1956) Theory of search: 3. The optimum distribution of searching efforts. Oper Res 4(5) 3. Popovich VV (2000) Modeling, Efficiency Evaluation, and Optimization of Naval Observation Systems (Search Theory for Moving Objects) (in Russian). St. Peterburg, VMA 4. Enyukov IS (1986) Меthods, Algorithms, Programs of Multidimensional Statistical Analysis: PPSA package (in Russian). Мoscow, Finance and Statistics 5. Маkshanov АV and Yakovlev VА (1988) Меthods of Complex Objects and their States Recognition (in Russian). Leningrad, MD USSR

Design of Entrusting Protocols for Software Protection

Vasily Desnitsky and Igor Kotenko St. Petersburg Institute for Informatics and Automation of RAS, 39, 14 Liniya V.O., St. Petersburg, 199178, Russia, [email protected]

Abstract. The paper considers the problem of design and analysis of entrusting protocols used within software protection mechanisms, including the protection mechanisms for Geographical Information Systems (GIS). The main goal of these mechanisms is to protect software against malicious tampering accomplished by potential intruders. The given protocol set is intended for data exchange between the trusted server and the client program being protected as necessary for the entire protection mechanism function. The paper presents the main security requirements for the entrusting protocols and their analysis. The model of the intruder attempting to fulfill attacks on the protocol to compromise it as well as issues connected with protocol implementation are considered. We propose the general technique to design these types of protocols, including formal methods of protocol construction and analysis. Specifically, besides conventional protocol development methods that embrace the search of possible attacks on the protocol (including formal means), consequent protocol correction, and formal verification, the paper considers the methods of automatic synthesis proposing correct-by-construction protocol design. Keywords: Software protection; Security protocol design; Remote entrusting; Attacks; Protocol analysis and verification

V.V. Popovich et al, (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_21, © Springer-Verlag Berlin Heidelberg 2009

301

302

V. Desnitsky, I. Kotenko

1 Introduction One of the most relevant and important problems in the computer security field is software protection from malicious tampering (hacking). Currently, there exists no absolutely dependable and universal solution of this problem. The mechanism of software protection based on remote entrusting [3] is aimed at discovering unauthorized modifications of client program functioning in potentially hostile environments. This mechanism assumes that a client program to be protected is executed within an untrusted client environment and that a trusted server is located on a safe host. Constant network connection between the client and the server is also assumed. One of the main principles is to create a software module that is sent to the client from the server in real time with the possibility of its subsequent update at specified time instants. The basic elements of this module are a monitor and a tag generator. The monitor’s function includes the continuous fulfilment of a certain bundle of client application runtime checks, particularly the verification of the program’s state, its code, and data being handled. In its turn, the tag generator is in charge of continuous forming of a specific kind of tags containing verification outcomes and some other data to be passed to the trusted server. The trusted server analyzes the received data and then decides whether a tampering took place at the client program execution. The trusted server decides the program is incorrect if it reveals that at least one of the accomplished verifications was completed with a negative result. In this situation the server stops providing the given client with all services and program updates. Design and further analysis of the particularized protocol of message exchange (entrusting protocol) as a part of protection mechanism based on remote entrusting is an important task requiring individual consideration. The entrusting protocol is targeted at safe exchange between the client program and the trusted server, particularly at delivery of mobile module code and data containing outcomes of accomplished checks. Designing a well-behaved entrusting protocol is a challenging task since it can contain subtle flaws that are difficult to find, and which can lead to violation of the protection mechanism correct function. In the context of solving the general software protection task the necessity of particularized entrusting protocol design arises from the fact that this task requires a specific bundle of requirements, which are unique to the security of the protocol being developed, whereas no existing network protocol provides for all these requirements in full measure. Moreover, in the process of further development and improvement of the entrusting protocol any new requirements could be assessed and should not be

Design of Entrusting Protocols for Software Protection

303

constrained by the bounds of a selected network protocol. Therefore, the purpose of our research is rather the construction of the entrusting protocol model defining a set of different entrusting protocols and being represented by a bundle of requirements, and so for these the implementation of different base network and cryptographic protocols can be chosen depending on existing conditions. A possible use of the regarded approach to software protection against tampering, and the entrusting protocol as a part of this, in GIS is to grant extra services improving GIS’s security. The main goal of such services is to protect remote (from central GIS’s kernel) software entities (i.e., remote client programs participating in GIS’s work and being able to get its services) from being subject to malicious modifications from dishonest customers and hackers. A possible intruder’s action can be malicious changes of any GIS behavior elements whose implementations are shared between different system’s entities. Such remote software entities are located outside the central system’s kernel, so they appear to be unprotected by the usage of general centralized GIS protection means. So, particularly, a possible impact is an attempt to modify the code and/or state of a GIS’s remote client program for its further unauthorized use, its exploitation in a mode forbidden for a given user, or an elimination of some restrictions intentionally applied to a user’s actions. So far in the published papers considering security protocol construction and analysis, close attention has been paid to authentication protocols [8]. Thus, the problem of entrusting protocol building being examined in this paper proposes a possibility of entrusting protocol integration with other security protocols and means, thus adding extra qualities to the protocol. Particularly, integrating the time-stamp protocol based on public key certificates [6] into the entrusting protocol gives the possibility to provide a control over message delivery time. The methods of protocol automatic synthesis presented in [5, 10, 11] do not yet provide for any final solutions, regarding correctness and adequacy, that could be ensured completely. These methods are the subject of investigations at present; nevertheless these methods are of great interest. This paper considers the above task and is structured as follows. Second section introduces possible attack types and intruder models and also specifies an approach to the time complexity assessment of attacks. Third section describes the general requirements for entrusting protocols. Fourth section analyzes the ways of entrusting protocol construction and the problems of entrusting protocol integration with other security protocols. The methods of automatic synthesis of protocols are considered in the fifth section. The Conclusion surveys some work results and future research prospects.

304

V. Desnitsky, I. Kotenko

2 Attack Types and Intruder Models Let us regard three generic types of attacks on entrusting protocol. (1) Eavesdropping of communication channels transmitting data. Such a kind of attack in itself does not represent a threat to correct functioning of entrusting protocol; however, this attack fulfilment may be an essential condition of the other attack types. (2) Malicious modification of data being transmitted and handled. In the case of modification of data (mobile module’s code) being sent to the client the aim of that attack (substitution for the module) is to influence the program from the outside to modify its behavior in accordance with the attacker’s desires. The main goal of such an attack represents an intentional distortion of the client program’s current state that the trusted server receives and analyzes. (3) Denial of Service (DOS) attack – an attack that is directed at disabling (or embarrassing) the correct function of the protection mechanism based on remote entrusting principles. Fulfilment of such attacks may be possible even in cases when both entrusting protocol’s parties are legitimate. In that situation the DOSattack is realized by a third party desiring to influence the protocol course or to explore it. For entrusting protocol construction and its following analysis we need to define an intruder model [4] trying to tamper with the process of protocol work. Such tampering can take place either somewhere on intermediate nodes between the trusted server and the client or within the client’s program and its environment. Let us consider two intruder models, characterizing possible actions of an attacker attempting to compromise the entrusting protocol. The first model involves describing and analyzing man-in-the-end type of attacks, whereas the second one is directed to man-in-the-middle attacks. In practice, an attacker is able to combine both types of attacks, achieving attacks that are more effective and convenient for realization. In the case of man-at-the-end attack on the protocol the attacker is expected to tamper with a specific program component located within the mobile module and being in charge of a client side of the protocol. Malicious change of the state of this component (or its program code) by the attacker occurs in order to modify entrusting protocol functioning rules, including the rules of outgoing client traffic forming. Intruder activities can be represented as the activities of some agent located within the client program and attempting to realize specific effects on the protected program, including the mobile module (Fig. 1). In Fig. 1, Verifier is responsible for the verification process, Tag Generator is in charge of entrusting tag forming, whereas Ent-comp (entrusting protocol component) produces

Design of Entrusting Protocols for Software Protection

305

the communication connection with the server and is responsible for the entrusting protocol functioning. In case the entrusting protocol is resistant enough, any similar modifications could be discovered by the trusted server indirectly (as revealing some noncoordination in the protocol or discovery of the received data value deviation from the specific value expected). We should take into consideration that vulnerabilities of similar kinds could arise from insufficient resistance of a peculiarly entrusting protocol as well as due to some flaws of corresponding lower-layer protocols serving as a basis for the protocol in question. In other words, such attacks can lie in a search of respective network layer protocol vulnerabilities in order to make the entrusting protocol less resistant. Module Tags

Entcomp

Tag generator

Verifier

Intruder Trusted Server

Client

Fig. 1 Intruder’s operating field and realizing the man-in-the-end attack

In particular it could be a possibility of a forced usage of purposely weak crypto primitives, for instance, the use of ciphers and hash functions being not resistant and dependable. Specifically, an intruder can modify the corresponding software client’s component to significantly simplify the crypto analysis of the cipher used in the protocol or to discover the respective hash function collision. On the whole, for an attacker it is better to fulfil any malicious actions against the protocol within man-in-the-middle attacks, since that would be less disclosed by the trusted server (as the actions in the middle cannot be revealed directly by the program’s verifier). Also, a particular case of the above attack is an attack that represents eavesdropping of specific data, for example, secret keys not passed to the network in an explicit form, but formed and used within the respective software component being in charge of the functioning of the entrusting protocol on the client. As an example we could choose the interception of shared key being formed by Diffie–Hellman protocol. The above malicious effects could be realized by a variety of software tools, such as binary code debuggers, dumpers, etc. Within the man-in-the-end model a possible attack on the entrusting protocol is a one that fulfils eavesdropping of the gateway of the client machine used for the protocol functioning in order to analyze both ingoing and outgoing traffic for its malicious modification. However, functionally that

306

V. Desnitsky, I. Kotenko

type of attacks is similar to the man-in-the-middle attack type considered below. Man-in-the-middle attacks are designed to eavesdrop and intercept the network traffic on the path between the client and the trusted server. The role of a subject of these attacks, that produce the malicious actions, could be immediately played both by the end client program user trying to tamper with the protocol’s session and some third party (Fig. 2). The first attack type appears to be the most important; the final malicious goal is to tamper with the functioning of the program executed by the client. In the second case, the third party is able to break only the correct performance of the entrusting protocol without any modification of the client program state. An example of man-in-the-middle attack is an eavesdropping of a communicational channel by a sniffer for the further analysis of intercepted traffic, that could be used as a basis of attacks against the mobile module. Outgoing traffic modification to mislead the trusted server is also a good example. Module Program Tags Trusted Server

Module Client

Intruder (client or a third party)

Fig. 2 Intruder’s operating field and realizing a man-in-the-middle attack

Introduction of the two models above comes from the precise consideration of possibilities and goals of intruders within the scope of the entrusting protocol. One could note the fact that in compliance with an aim posed by the intruder the same attack could be performed in different ways, for instance, as a man-in-the-middle attack or as a combination of a man-in-the-middle and man-in-the-end attacks. Therefore, according to various conditions and situations, the different attack implementations could become preferable. To such conditions the following refers: a complexity of attack disclosure by the trusted server (particularly time complexity or the volume of necessary resources); a complexity of attack realization by the intruder on the client side or in the middle (particularly time complexity or the volume of intruder’s resources enabled); possibilities of attack automation or the volume of enabled intellectual (human) resource and necessary intruder’s qualification.

Design of Entrusting Protocols for Software Protection

307

According to the time complexity, man-in-the-end attack can be the most preferable for the attacker, whereas in compliance with the complexity of its discovery by the trusted server, the most profitable could be a combination of man-in-the-middle and man-in-the-end attacks. Let us describe briefly the activities to be fulfiled for evaluating the time complexity of attacks on the protocol. The need for such assessments is connected first of all with the necessity of determining a reasonable mobile module update period to implement the dynamic replacement within the whole protection mechanism. To estimate an attack it is necessary to determine all actions forming it and all enabled cryptographic algorithms. Then it is necessary to find the formal assessments of these algorithms’ resistances (e.g., the complexity of hash function collision determination, the complexity of crypto analysis in use, etc.). Besides taking into consideration the assessment of complexity of attacker activities accomplished automatically by the specific software tools, the human elements in practice involved in the attack process should also be accounted for. Such intellectual activities comprise certain actions being fulfiled manually (e.g., reverse engineering), including de-obfuscation and the search of specific constructions meeting the specific conditions in the program code. The only practically realizable way to provide the complexity assessments of such attacks seems to be their empirical investigation. The possible method of attack complexity estimation, that could be practically applied, is the use of formal evaluations for resistance of respective cryptographic algorithms and means, which will give some marginal complexity assessment.

3 Entrusting Protocol Requirements The general entrusting protocol requirements, whose implementation allow inferring the entrusting protocol acceptability for investigation goals, are the authentication of protocol parties, authenticity key exchange, the confidentiality and authentication of data being passed, resistance to message loss, and data delivery timeliness. Although these requirements have been illustrated in the literature let us consider them briefly, taking entrusting protocol specificity into account. 1. Protocol parties authentication. This requirement supposes that each protocol party should be sure of the authenticity of the opposite party. The requirement is targeted at counteraction of situations where the intruder pretends to be one of the legal protocol parties. It makes

308

V. Desnitsky, I. Kotenko

sense to implement authentication by application of existing entity authentication protocols. 2. Cryptographic key agreement. For the entrusting protocol to be capable of functioning in a safe manner the specifically introduced cryptographic keys are necessary. These keys are intended to be agreed with the participants in advance. It is reasonable to exploit the agreement where the agreement process occurs without key transmission in unsafe networks. At the same time that key agreement type is subject to man-in-the-middle attacks, when some third entity (an intruder) pretends to be one of the parties participating in the protocol. Thus, for preventing such attacks, a priori authentication should be used. Such keys can be used by protocol parties for implementation of other requirements, for instance, the confidentiality and authenticity of data being transmitted. 3. Confidentiality of data being delivered. The given requirement disclosure of data passed to a protocol participant not supposed to view this data. Having general secret keys shared between legitimate protocol parties and using corresponding encoding algorithms (e.g., 3DES, AES, etc.) the trusted server and the client are able to transmit the data according to this requirement. 4. Authentication of data being delivered. In order to prevent the attacker from message modifying or forging, it is necessary to ensure the messages’ authenticity. For this aim each message should be combined with its message authentication code (MAC) [1], computed by the sender based on the original message. As a result the legal receiver can repeat the procedure of MAC evaluation and match its outcome with the value obtained. So that the attacker cannot change MAC value, the procedure of its receiving should be based on the knowledge of some secret key securely agreed between the trusted server and the client in proper time. In particular the algorithm of MAC creation could be based on the hash functions depending on a secret key. It could be noted that data authenticity also ensures its integrity, i.e., provides protection against deliberate and unpremeditated modifications. 5. Resistance to message loss. An entrusting protocol should pass information in a correct manner, despite possible data packet losses. The significance of this requirement lies in the fact that its failure can possibly lead to a situation when some specific tag sent to the trusted server is lost, and so the server receives incorrect data on the current client’s state and therefore as a result the trusted server decides the client is a subject of tampering. In particular, this requirement could be formulated as a necessity for secure and well-timed data transmission between the client and the trusted server with the loss of no more that

Design of Entrusting Protocols for Software Protection

309

one packet per session or its specific part. In this formulating, in the case of one packet loss, the entrusting protocol is supposed to be able to continue its work without the need for repeated transmission of the packet lost. To provide this requirement, different algorithms based on a redundancy principle (e.g., Hamming code) or a communication channel redundancy principle (parallel data transfer in different ways) could be applied. The requirement could be met on a basis of the rollback recovery approach supposing exploitation of two strategies. According to the first one, called Check-point based strategy, the protocol states are stored periodically on both exchange parties and so in case of packet loss the protocol is able to be returned to a stored state. In compliance with the second strategy, called Log-based, two protocol parties keep message logs, which enables rollbacks and repeated message transfer. 6. Timeliness of data delivery. With the help of entrusting protocol the data being passed should be delivered to the receiver no later than some specific time points. Thus, this requirement assumes the control of message delivery time occurring both on the trusted server party and the client one. Besides the above discussed requirements, determining the protective properties, any possible architectural ones on the protocol should also be taken into account. The architectural requirements imply the requirements concerning the structure of the protocol and its architectural properties. It should be noted that contrary to the general security requirements presented above the architectural requirements depend on a concrete protocol implementation and its environment. These requirements are capable of being essentially changed according to the specific customer’s preferences of the program holder desiring its protection by means of the remote entrusting.

4 Entrusting Protocol Construction One of the goals of the research is to create a generic technique determining the process of constructing the required entrusting protocol as an element of software protection mechanism. For a general case in compliance with the diversity of architectural and protective requirements, the entrusting protocols can be implemented differing from each other both by their properties and implementation specifics. So, for instance, the complete set of entrusting protocols could be divided into two categories: (1) the protocols that assume the compulsory programs’ identification (as different copies)

310

V. Desnitsky, I. Kotenko

being executed by the end users and (2) the protocols for which all end users and corresponding programs are anonymous between their interaction sessions with the trusted server. Thus, the distinction of two situations described above is characterized by a need to apply the authentication method. Thus, a necessity of the end user authentication could impose restrictions and requirements on the protected program development. For example, the password-based authentication of end users [8] requires that the program implements a respective program interface being in charge of the secret keys input by end users and of their handling. The generic technique of entrusting protocol construction consists of the following. First, the protocol goals and assumptions are specified. According to the task purpose the needed protection requirements, that by an appropriate realization would be allowed to secure the protocol against attacks from a potential malefactor, should be formulated. Then, the architectural requirements should be formed both reflecting conditions of the protocol functioning environment and corresponding custom preferences in relation to the structure of the target protocol, particularly the components and blocks composing the protocol. Then, the synthesis and analysis of the protocol being created is carried out (“synthesis through analysis”). The synthesis consists of constructing the protocol by means of simple communication primitives, starting with the requirements forming. The rules of the protocol design are derived from the high-level specifications of protective and architectural requirements. The analysis of the protocol incorporates its verification by a formal proofing [2, 7], the security analysis of the transmitted data packets and the entire protocol, as well as the analysis of time complexity of effective attack on the protocol, needed to support the replacement mechanism of the remote entrusting approach [3]. The final phase supposes a possible feedback, when the data received from the analysis are applied to correct the protocol requirements. As a whole the entrusting protocol construction technique represents a procedure that gets requirements to the protocol at the input and returns a ready protocol as a result of realizing the needed business processes (features) and providing for an appropriate protection level. Generally, that procedure is man-automated. A further research issue is an investigation of automation of the certain distinct phases. While realizing the entrusting protocol, some part of the above presented requirements could be implemented based upon the existing network layer protocols, like IPSec or SSL/TLS. In the general case for more convenient modeling and further analyzing the entrusting protocol, the model of abstract channels could be applied [9]. According to this concept, the protocol is represented as a sequence of embedded channels, where each one implements a specific security requirement. This model is convenient

Design of Entrusting Protocols for Software Protection

311

for the protocol modeling as well as for its analysis. In particular, based on the abstract channel model, one can conduct an analysis of the protocol being constructed to determine the necessary order of security requirements implementation, as well as a primary analysis of attack complexity to determine the requirements needed to be overcome by an attacker engaged in specific attack fulfillment. As a result each requirement can be either implemented directly by the developer of the entrusting protocol or rely upon one (or several) existing internet protocols. When using existing network protocols, the process of entrusting protocol design and its further analysis is simplified significantly. Figure 3 illustrates the general simplified scheme of the proposed entrusting protocol fulfillment. At the first stage the authentication occurs, whereas at the second one the cryptographic key agreement protocols used to establish a secure channel for message exchange between the trusted server and the client are applied. Then both message exchanging parties are able to pass data to each other, ensuring particularly the data channel confidentiality and authenticity. At the final protocol functioning phase the channel is closed – the connection gets closed, and respective crypto keys are destroyed to disable their receiving and further usage by an intruder. To make the entrusting protocol realizable in practice, it is implemented by means of existing internet protocols. At the same time at the conception level for the entrusting protocol construction and further verification it might be convenient to build a specification meeting all the above requirements. Message exchange objects

Time of activities execution

Truster Server

Client

Party authentication

Key agreement and safe channel opening General activities of entrusting protocol Channel closing

Fig. 3 The scheme of entrusting protocol functioning

In the paper, different approaches to entrusting protocol implementation are proposed, particularly the ones based on various combinations of existing security protocols. Let us consider three variants of entrusting protocol implementation (Fig. 4). The entrusting protocol can be based directly upon

312

V. Desnitsky, I. Kotenko

TCP/IP (or UDP) protocols not assuming any embedded protection means. This prototype is convenient for implementation from the theoretic viewpoint, since it comprises actions on providing all producible requirements, allowing carrying out of the comprehensive analysis for total tamper resistance evaluation. Furthermore, the proposed entrusting protocol becomes relatively independent of any concrete implementation, therefore in comparison with the other prototype variants it is more adaptable (portable) to other Internet protocols serving as a basis of the entrusting protocol at the later time. Two other prototypes are founded on existing network security protocols (IPSec, SSL/TLS) being capable of providing for a part of the security requirements and other cryptographic protocols and means facilitating the satisfaction of residual requirements. Additionally, the protocols enabling party authentication, agreement of keys and crypto primitives in use as needed for the protocol functioning can be applied. Authentication protocols Key agreement protocols Entrusting protocol

Entrusting protocol

Entrusting protocol

SSL/TLS TCP/IP / UDP

IPSec

Public Key Infrastructure Timestamp protocols

TCP/IP

Resistent ciphers (3DES, AES), hash functions, etc.

Fig. 4 Entrusting protocol implementations

When constructing the entrusting protocol, some other internet security means and protocols could be used to reinforce the specific properties of the entrusting protocol or provide it with any particular extra ones. In the case of successive integration, an interaction of two or several protocols happens so that the outcome of the work of one protocol session is the input data for the other one. Such kind of integration is quite “weak.” So, implementing the entrusting protocol does not propose any difficulties with regard to incompatibility of the different protocols or with a possible appearance of vulnerabilities allowing an intruder to attack the protocol successively.

Design of Entrusting Protocols for Software Protection

313

In the case of more complicated integration, when one protocol is enclosed into the other one, the more complex analysis of their interaction is necessary, particularly the substantiation of obtained combination is required; even in the case if it has been proved each protocol individually works properly and has no vulnerabilities. The integration of each concrete protocol with the entrusting protocol has individual peculiarities and requires a distinct consideration. One of the examples of a protocol which can be integrated with the entrusting protocol is Time-Stamp Protocol (TSP) based upon PKI (Public Key Infrastructure) and X.509 certificates [6]. The timestamp represents an assertion that the data existed no later than the specific time point and were not modified later. TSP process consists of the following. The client that needs to tie the data with the certain time point sends a request to specifically introduced trusted entity called Time Stamping Authority (TSA) responsible for the timestamp certifying. This client request should contain the hash value of the data and also some other information. In its turn TSA receives this demand, handles it and returns to the client a pair containing the same hash value and information on the current time instant which is signed by a corresponding secret PKI-related key of TSA. In other words, TSA gives out a timestamp certificate corresponding to the client’s data in question. Respectively, to check the correctness of data certified it is needed to verify the validity of timestamp certificate, repeat the procedure of hash value computing and match the two hashes. A possible TSP application is to timestamp entrusting tags sent to the trusted server by the client.

5 Automatic Synthesis of Entrusting Protocols Let us consider the paradigm in the field of security protocol development, where participants agree dynamically and form the protocol according to their needs, i.e., protocol automatic synthesis is realized. When the participants wish to interact, they do not choose some protocol from a fixed list of the known ones, instead they rather synthesize a new protocol specially built with an account for their current security requirements and environment. Such protocols are self-configured, since only a priori principal assumptions and protocol goals are specified. Changes in participants’ environment can lead to the case when the parties have to agree anew and generate a new protocol (survivable protocol). Potentially those protocols are capable of overcoming even some security compromises. So, key compromise or a change of trust relationship between participants could result in the synthesis of a new protocol being capable of getting over the occurred event consequences. One of the most known and perspective approaches to

314

V. Desnitsky, I. Kotenko

implementation of the protocol automatic generators is the one based on use of BAN belief logic [5, 10, 11]. Within the traditional construction technique, at the first stage the protocol is built heuristically, after that it is subjected to formal verification procedure to discover vulnerabilities and, hence, possible attacks aimed at compromising the process of protocol work. In case of such disclosure, the protocol is corrected, after that repeated verification is fulfilled and so on. Nevertheless, existing formal verification means do not ensure the complete discovery of all possible vulnerabilities. In case of automatic synthesis, the obtained protocol should be correct-by-construction that eliminates the need to conduct a lot of check iterations. At the same time it should be noticed that actually there exists not enough guaranties that such a protocols will be entirely correct. Besides the correctness of the specified belief axiomatics, it is important to formulate correctly all required security goals and assumptions on protocol participants and communication medium. In the context of the problem of the entrusting protocol creation, the technique of its construction takes on the following peculiarities. By means of automatic synthesis the entrusting protocol can be given the new (securityrelated) properties by specification of extra goals and assumptions. Such new properties could be related both to setting the new extra qualities to the protocol to reinforce its tamper resistance and to supporting some client program protective techniques, whose elements have been deployed both on the client’s side and on the server, and which should interact. Interest is also taken in the possibilities of applying the protocol automatic generation to introducing some variance into the entrusting protocol, i.e., to getting several entrusting protocol variants possessing the same functionality and somewhat differing from each other. An appearance of that variance (in essence the dynamic change of protocol work rules) facilitates the improvement of its tamper resistance, requiring the potential attacker to spend some extra time to crack every new protocol version. So, within the automatic synthesis technique suggested in [10, 11], at the final stage a set of valid candidate protocols are produced. Each protocol entirely corresponds to the underlying belief logic. In [10] the authors propose to choose the most suitable candidate through any extra ad-hoc properties check. Thus, the possibility underlying this given method to receive a valid protocol bundle could be exploited to implement the dynamically modifiable protocol, thereby making it more tamper resistant. Currently, the methods of automatic synthesis of protocols based on belief logics are being actively investigated. At the same time, one of the main disadvantages here is that the existing proof basis insufficiently sustains the designed protocol correctness. There also exists a deficiency of ready for operation software tools implementing these methods.

Design of Entrusting Protocols for Software Protection

315

6 Conclusion The paper is mainly focused on the analysis and design issues of the message exchange protocol (entrusting protocol) needed for distributed software protection and proposes an approach to the development of the entrusting protocol. The protocol analysis carried out, particularly general types of attacks and intruder models, is examined, main entrusting protocol requirements are determined, and some aspects of implementation of the entrusting protocol are considered. Henceforth, the authors plan to conduct deep analysis of the entrusting protocol, including its verification based on the formal proof methods. It is also proposed to carry out the comprehensive analysis of attack time complexity that can possibly be exploited to reinforce the entire protection mechanism; the investigation and design of automatic protocol synthesis methods will also be continued.

Acknowledgments This research is being supported by grant of the Russian Foundation of Basic Research (Project No. 07-01-00547), Program of fundamental research of the Department for Nanotechnologies and Informational Technologies of the Russian Academy of Sciences (contract No 3.2/03), Russian Science Support Foundation and partly funded by the EU under the RE-TRUST project (contract No. 021186-2).

References 1. Bellare M, Canetti R, and Krawczyk H (1996) Keying hash functions for message authentication, Advances in Cryptology. CRYPTO’96. Lecture Notes in Computer Science, vol 1109, Springer 2. Boichut Y, Heam P-C, and Kouchnarenko O (2005) Automatic Verification of Security Protocols Using Approximations, INRIA Research Report 3. Ceccato M, Ofek Y, and Tonella P (2008) Remote entrusting by run-time software authentication. SOFSEM 2008 – Conference on Current Trends in Theory and Practice of Computer Science, Tatras, Slovakia 4. Cederquist J and Dashti MT (2006) An intruder model for verifying liveness in security protocols. In: Proceedings of the fourth ACM workshop on Formal methods in security, Alexandria, Virginia, USA 5. Chen H (2007) A Search-Based Framework for Security Protocol Synthesis. The University of York, Department of Computer Science

316

V. Desnitsky, I. Kotenko

6. Ellison C and Schneier B (2000) Ten Risks of PKI: What you’re not being told about public key infrastructure. Comput Security J 16(1) 7. Khan AS, Mukund M and Suresh SP (2005) Generic verification of security protocols. In: Proceedings of SPIN 2005, LNCS, vol 3639 8. Lampson B, Abadi M, Burrows M and Wobber E (1992) Authentication in distributed systems: theory and practice. ACM Trans Comput Sys 10(4) 9. Plasto D (2004) Automated analysis of industrial scale security protocols. Bond University, Faculty of Information Technology 10. Zhou H and Foley SN (2003) Fast automatic synthesis of security protocols using backward search. In: Proceedings of the 2003 ACM Workshop on Formal Methods in Security Engineering (FMSE'03). Washington, DC 11. Zhou H and Foley SN (2004) A collaborative approach to autonomic security protocols. In: Proceedings of the 2004 workshop on New Security Paradigms. Canada

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

Nikolay Moldovyan and Andrey Moldovyan Specialized Center of Program System “SPECTR”, Kantemirovskaya str. 10, St. Petersburg 197342, Russia, [email protected]

Abstract. Using digital signature (DS) algorithms to perform electronic messages authentication is an issue of significant importance for geographical information systems. The most computationally efficient DS algorithms are based on elliptic curves (EC) over finite fields. However, for many practical applications more efficient DS algorithms are required. To satisfy such performance requirements a new type of the finite groups is proposed as primitive for DS schemes. The elements of the proposed groups are vectors defined over the ground finite field. The group operation is the vector multiplication defined with some basis vector multiplication tables the characteristic feature of which is the use of expansion coefficients. It has been shown that the vector groups possess the multidimension cyclic structure and in special cases the dimension of the cyclicity is μ = 1 . In such special cases the vector finite fields (VFFs) are formed. The DS algorithms based on EC over VFFs provides performance significantly higher than the performance of the known EC-based algorithms. Fast DS algorithms based on computations in vector finite groups corresponding to the case μ ≥ 2 have also been proposed. Keywords: Digital signature; Vector finite groups; Multidimension cyclicity; Vector finite fields; Elliptic curves

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_22, © Springer-Verlag Berlin Heidelberg 2009

317

318

N. Moldovyan, A. Moldovyan

1 Introduction Electronic documents authentication is an often used procedure in large information systems such as geographical information systems (GIS). The most important methods for information authentication are based on digital signature (DS) schemes with public key. The DS schemes are based on some well-investigated hard computational problems. The upper boundary of the DS scheme security level is defined by the difficulty of the hard problem used. The most efficient known DS algorithms are based on the following two difficult problems [1]: 1. Factorization of a composite number n = qr , where q and r are two unknown large primes. 2. Finding discrete logarithm in a finite cyclic group. The best known algorithms for solving the first hard problem have subexponential complexity [2]. Therefore in the case of the RSA and Rubin’s DS schemes the minimum length of the used value n is 1,024 bits. In these DS schemes the value n is used as modulus while performing computations corresponding to signature generation and verification procedures. The DS size in these schemes is about 1,024 bits. Significantly smaller DS size (320 bits) is provided by the Schnorr’s DS scheme [3], and by standards DSA [4] and GOST R 34.10-94 [5] that are based on computations in multiplicative groups of the ground finite fields (FFs) GF ( p) , where p is a prime. However, the best known algorithms for solving the discrete logarithm problem (DLP) in multiplicative groups of FFs also have subexponential complexity [2]. Therefore the required security is provided by primes p having the size p ≥ 1, 024 bits. Under the circumstances the DS algorithms have sufficiently low performance. To get higher performance of secure DS algorithms, the finite groups of points of the elliptic curves (ECs) over FFs have been proposed as primitives for DS schemes based on the DLP difficulty [6,7]. The best known algorithms for solving the DLP on ECs have exponential complexity (for properly selected ECs) and their hardness is estimated as O q operations of multiplication of points, where q is the largest prime divisor of the group of points of the considered elliptic curve (O(⋅) is the order notation [8]). Operations performed over points include computations modulo prime p such that p ≈ q , where x denotes the bit length of the value x. Due to exponential dependence of the hardness of the DLP in a group of points of ECs, the minimum security level can be provided using the modulus p

( )

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

319

having sufficiently small length ( p bits). Therefore the performance of the DS schemes based on elliptic curves is higher against other mentioned above DS algorithms, though addition of two points requires perfoming several multiplications modulo p and some auxiliary operations. The most prominent examples of the EC-based DS schemese are standards ECDSA [9] and GOST R 34.10-2001 [10]. The algorithms based on these standards possess sufficiently high performance; however in many cases the practice of GIS needs faster DS algorithms. Security of the DS algorithms is usually estimated as the number of the exponentiation operations in the multiplicative groups or as the number of the multiplying point operations in the EC point groups required to forge a signature. In this paper the DLP-based algorithms designed using new primitives are proposed, and the performance is compared for different DS algorithms in the case of the minimum security level that can be estimated at present as 2 80 operations. The new primitives are finite groups of the vectors defined over FFs. The rest of the paper is organised as follows. In Sect. 2 we introduce the finite m-dimension vector spaces over FFs GF( p) , in which the vector multipliction operation is specially defined. It is experimentally established that in the vector space the multiplicative finite groups of vectors are formed, which possess structures with multidimension cyclicity (MDC). The cyclicity dimension μ ranges from 1 to m, depending on the defined multiplication operation. The case μ = 1 corresponds to formation of the extension finite fields GF ( p m ) implemented in special vector form. Section 3 presents DS algorithms based on difficulty of the DLP in the vector groups with parameter μ = m . The vector FFs are proposed to implement EC-based DS algorithms characterized in that the ECs are defined over the vector FFs providing significant performance increase. Section 4 concludes the paper.

2 Finite Groups of Vectors Over Ground Fields 2.1 Multiplication and Addition Operations Finite groups of m-dimension vectors are formed in the finite vector spaces defined over the ground fields GF(p), where p is prime. The group operation represents the multiplication of vectors ae + bi + ... + cz , where e, i , …, z are some formal basis vectors and a, b,..., c ∈GF ( p ) are coordinates. The

320

N. Moldovyan, A. Moldovyan

terms τ v, where τ ∈ GF ( p ) and v ∈{e, i,..., z}, are called components of the vector. The vectors are also denoted as a sequence of their coordinates: ae + bi + ... + cz = (a, b,..., c ) .

The addition of two vectors (a, b,..., c ) and (x, y,..., w) is defined as addition of the coordinates corresponding to the same basis vector:

(a, b,..., c ) + (x, y,..., w) = (a + x, b + y,..., c + w) . The multiplication of two vectors (a, b,..., c ) and (x, y,..., w) is defined as pair-wise multiplication of all components of the vectors in correspondence with the following formula

( ae + bi + ... + cz ) D ( xe + yi + ... + wz ) = ae D xe + bi D xe + ... ... + cz D xe + ae D yi + bi D yi + ... + cz D yi + ae D wz + bi D wz + ... + cz D wz = axe D e + bxi D e + ... + cxz D e + aye D i + byi D i + ... ... + cyz D i + ... + awe D z + bwi D z + ... + cwz D z,

.

where D denotes the vector multiplication operation. In the final expression, each product of two basis vectors is to be replaced by some basis vector v or by a vector τv (τ ∈ GF ( p )) in accordance with some given table called basis-vector multiplication table (BVMT). There are proposed different types of the BVMTs [11], but in this paper use the BVMT of some general type presented by Table 1. For arbitrary values m and τ Table 1 defines the vector multiplication that is a commutative and associative operation.

D G e G Gi j G k G u

… G z

Table 1. The basis-vector multiplication table of the general type G G G G G e u … i k j j e u … i k τk τj τu τz τ… i j τk τu τz τe τ …

k u

… z

τu τ … τz τe

τ … τz τe

τz τe i

τe i

i j

j

i

j

k

k u

G z

z

τe i j

k u

…

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

321

2.2 MultiDimension Cyclicity of Vector Groups In the case m p − 1, while using value τ such that the equation x m = τ has no solution in the field GF(p), the vector FFs [11] is formed. This case corresponds to formation of the cyclic vector groups having the order Ω = p m − 1. Below, there are considered noncyclic vector groups formed in the case m p − 1 , while using the value τ such that the equation x m = τ has a solution in the field GF(p). In the last case for m = 2 and m = 3 the order of the VFGs is expressed by the following formula [11] Ω = ( p − 1)m .

(1)

Our computational experiments have shown that the last formula is correct for all values of m and the structure of such noncyclic groups can be described in terms of multidimension cyclicity (MDC). The cyclicity dimension of vector group is 1 ≤ μ ≤ m . The case μ = m corresponds to formation of the vector fields GF p m with cyclic multiplicative group. Let us consider a hypothetic group Г μ of the order Ω = q μ , where q is a prime, in which there exist μ elements G1 , G2 , …, Gμ possessing the order q, such that any group element G ∈ Г μ can be represented as product μ ∏i =1Gisi for some set of powers (s1, s2 ,..., sμ ) (such set can be called

( )

multidimension logarithm at some μ -dimension basis) and none of these μ elements, for example G j , can be expressed as product ∏ i =1;i ≠ j Gisi . The value μ is called dimension of the MDC of the group structure. Since the element order divides the group order, the minimum order of of elements Gi is value ω (Gi ) = q. It is easy to show that the base {G1, G2 ,..., Gμ } generates ω ( G1 ) ω ( G2 ) ... ω ( Gμ ) ≥ q μ different elements of the group Г μ . The number of different elements in the group Г μ is equal to Ω = q μ , therefore the last inequality holds only if all elements of the basis have the minimum possible order q. The last means that all elements of the group, except the unity element, have the same order q. Suppose the group Г μ contains N Ω* = q different cyclic subgroups. Each of such subgroups contains q – 1 elements, therefore

322

N. Moldovyan, A. Moldovyan

N Ω* = q (q − 1) = q μ − 1 and N Ω* = q =

qμ − 1 . q −1

(2)

Few real examples of such groups exist. Among vector finite groups we have the example relating to selection of the parameters m = 2, p = 3, and τ = 1 that define the fourth order group containing three elements (0,1), (2,0), and (0,2) of the second order and the unity element (1,0). Other examples are provided by some subgroups in the groups considered below. μ

Let us consider a hypothetic group Г of the order Ω = ⎛⎜ ∏i =1 qiti ⎞⎟ , z

⎝

⎠

where qi is a prime for all i ∈ {1,2,..., z} . Suppose for all i = 1,2,..., z the group Г contains μ exponentially independent elements of the order ω = q iti , which comprise the basis G1(i ) , G2(i ) ,..., Gμ(i ) . Such an assumption leads to the following facts.

{

}

1. The group Г contains μ exponentially independent elements of the z order ω = ∏i =1 qiti , that generate all of the group elements. 2. The group Г contains μ exponentially independent elements of the order ω = D , where D is a divisor of the group order. * 3. For each divisor D of the group order such that D = qiti , where i ∈ {1,2,..., z} and 0 ≤ ti* ≤ ti , the group Г contains the number of elements N t i* of the order D, which is equal to ω = qi

N

(

)

= qiμ (t i −1) qiμ − 1 . *

*

ω = qi t i

(3)

4. For each divisor D of the group order such that D = ∏i =1 q iti , where i = 1,2,..., z and 0 ≤ ti* ≤ ti , the group Г contains the number of elements Nω = D of the order D, which is equal to z

Nω = D =

*

qμ −1

∏ qi(μ −1)(t −1) qii − 1 . z

* i

(4)

i =1

5. For each divisor D Ω of the group order such that D =

∏

z i =1

*

qiti ,

where i = 1,2,..., z and 0 ≤ ti* ≤ ti , the group Г contains the number N Ω* = D of cyclic subgroups of the order Ω* = D , which equals to

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

N Ω* = D =

qμ −1

∏ qi(μ −1)(t −1) qii − 1 . z

* i

323

(5)

i =1

This type of groups possessing the MDC structure is typical for VFGs. A number of the performed experiments has confirmed the facts and formulas presented above. In all our experiments relating to the case p and m p − 1, the group order is described with formula (1), if the coefficient τ is the mth power of some element x ∈ GF ( p) . To determine the real structure of the VFGs we have computed the order of all elements in the VFGs involved in experiments (the order ω (G ) has been calculated multiplying the group elements G many times). Some of the experimental results are presented in Table 2. The results are completely described by formulas (3) and (4). Thus, performing many different computational experiments in all cases, when τ can be represented as the mth degree of some element of the ground field GF(p) and m p − 1, we get the vector group structure that is described in terms of the MDC with μ = m. The experiments have also revealed other different conditions under which the VFG structure is described by formula (4). Such examples are given by Table 3. It has been also found that in all cases the VFGs possess the MDC structure, though in some cases its structure is described by particular formulas. In general, the experiments proved that the MDC is a common property of the VFGs. In the next section we show that such groups are attractive as primitives for the DS algorithms design. Table 2. Structure of the VFGs processing the order Ω =( p − 1)m m = 10 ; p = 11; τ = 1

m = 7 ; p = 29 ; τ = 28

m = 6 ; p = 19 ; τ = 1

ω 2 5 10 – –

ω 2 4 7 14 28

ω 2 3 6 9 18

Nω 1023 9765624 9990233352 – –

Nω 127 16256 823542 104589834 13387498752

Nω 63 728 45864 530712 33434856

2.3 Extension Finite Fields in Vector Form Earlier [11] it has been theoretically proved that in the case m = 2 and m = 3, while m p − 1 and using value τ such that the equation x m = τ has no solution in GF(p), vector fields GF ( p m ) are formed. Our computational

324

N. Moldovyan, A. Moldovyan

Table 3. Analytic description of the experimental results on investigation of the structure of some VFGs (cases μ ≤ m ) m, p, τ 49, 29, 5 10, 11, 4 9, 13, 1 8, 17, 4 6, 19, 8

(p (p (p (p (p

Ω

μ

m, p, τ

49

− 1)

1

25, 101, 7

5

− 1)

μ

2

10, 11, 10

3

− 1)

μ

3

9, 19, 1

2

− 1)

μ

2

− 1)

μ

μ

5, 41, 32

( p − 1)

4, 41, 9

(p

2

μ

− 1)

μ

4

8, 5, 4

3

6, 19, 16

5

5, 41, 2

2

4, 41, 7

(p (p

Ω

25

− 1)

2

− 1)

( p − 1)

(p (p (p (p

μ μ

μ

1

μ

5

μ

9

4

− 1)

μ

3

− 1)

μ

6

− 1)

4

− 1)

μ μ

2 2 1 1

experiments have illustrated that this fact holds for arbitrary value m. Table 3 illustrates this fact with examples of the vector groups relating to the case μ = 1 . Each of such groups together with the zero vector (0; 0; : : : ; 0) composes the vector FF GF ( p m ) . The next examples illustrate vector FFs with comparatively a large characteristic of the ground field GF(p). Example of the vector field GF ( p 5 ) . For prime p = 268675256028581 and coefficient τ = 3048145277787 (there exists no element x ∈ GF ( p ) such that x5 = τ ), the vector G Ω = 2e + 5i + 7 j + 11k + 13u is a generator of the multiplicative group of

( )

the vector field GF p 5 . The vector G = 88815218764680e + 238886012231841i + 157317400153847 j + 21593513218048k + 204824491909450u

.

is a generator of the prime-order cyclic subgroup of the order ω (G ) = 1042175072703434265745203478134729214503105234181740193961 . Example of the vector field GF ( p11 ) . For prime p = 57179 and coefficient τ = 257 (there exists no element x ∈ GF ( p ) such that x11 = τ ), the vector GΩ = (1; 35; 7; 23; 5; 13; 2; 7;

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

325

123; 3; 7) is a generator of the multiplicative group of the vector field GF p11 . The vector

( )

GΩ = (43269,41224,29275,46397,13841,35491,13875,4398,39432,24998,30060 )

is a generator of the prime-order cyclic subgroup of the order ω ( G ) = 33960999832010723699867011719682346705077662191.

3 Cryptographic Application of the Vector Finite Groups and Fields 3.1 Use of the Vector Groups with Cyclicity Dimension µ = m Suppose a vector group possessing the MDC structure is defined over the ground field GF(p) with characteristic p = Nq+1, where N is some small number, such that m divides N m N ⇒ m p − 1 , and q ≥ 2160 m is a prime. One can propose the following DS scheme design with the public key Y represented by the set {Y1, Y2 ,..., Ym } of m values computed in accordance with the following formula

(

z

)

z

z

Y j = G1 1 j D G2 2 j D ... D Gmmj ,

where

ω (Gi ) = q∀i ∈ {1,2,..., m},

q ≥ 160 m bits

and

the

set

{x ji },

i, j ∈ {1,2,.., m} is the secret key. For all j ∈ {1, 2,..., m} , the total size of the

secret-key elements subset {x1 j , x2 j ,..., xmj } is

∑i =1 x ji ≥ 160 bits. Computating some of the secret key elements, for example {x1 j , x2 j ,..., xmj }, requires m

finding the multidimension discrete logarithm of Y j to the multidimension base G1, G2 ,..., Gm . To solve this problem one can propose some modifications of the general-purpose methods for finding discrete logarithms in cyclic groups [2]. Our estimation of the computational difficulty of such modified methods is O ⎛⎜ q m ⎞⎟ exponentiation operations, therefore the minimum secu⎝

⎠

rity level (corresponding to difficulty of breaking the DS algorithm, which

326

N. Moldovyan, A. Moldovyan

is that equal to 280 exponentiation operations) can be provided with the condition p ≈ q ≥ 160 m bits. Generation of the DS corresponding to the message M is performed as follows: 1. Select m random values k1, k2 ,..., km such that for all i = 1,2,..., m it holds ki < q . 2. Calculate vector R = G1k1 D G2k 2 D ... D Gmk m . 3. Using some specified hash function Fh (different examples of the secure hash functions see in [2]), calculate the hash value h from the message to which the vector R is concatenated: h = Fh (M , R ) , where h ≥ 160 bits. 4. Represent the value h as some concatenation of μ elements: h = h1 || h2 || ... || hm and compute the second element of the DS as the set of m values {s1, s2 ,..., sm } : m

s i = t i + ∑ x ij h j mod q , i = 1,2,..., m , j =1

where

m

∑ si

= m q ≥ 160 bits.

i =1

Verification of the DS corresponding to the message M is performed as follows: 1. Compute the vector R * = Y1− h1 D Y2− h2 D ... D Ym− hm D G1s1 D G 2s2 D ... D G msm

2. Compute the value h * = Fh (M , R * )

3. Compare the values h* and h. If h* = h , then the DS is valid. It is easy to see that computational difficulty of the DS generation (verification) procedure is approximately equal to difficulty of one (two) modulo p exponentiation operation(s), independently of the value m. As it has been shown above in the case m = μ , the characteristic of the field GF(p) can be selected such that p ≈ q ≥ 160 bits. This provides high performance of the proposed algorithm. Comparison with the performance (in arbitrary unites) of some widely used DS algorithms is presented in Table 4.

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

327

Table 4. Performance comparison of different DS schemes based on difficulty of the DL problem (EC denotes elliptic curve defined over GF(p)) DS scheme

DL problem in… GF(p) GF(p) GF(p) EC EC VFG VFG VFG

GOST 1994 [5] DSA [4] Shnorr [3] GOST 2001 [10] ECDSA [9] Proposed (m = 2) Proposed (m = 3) Proposed (m = 4)

p, bits

Public key size, bits

DS size, bits

Rate, arb. un.

1,024 1,024 1,024 512 320 340 513 688

512 320 320 512 320 320 320 320

1 2.5 2.5 7.5 15 90 90 90

1,024 1,024 1,024 256 160 85 57 43

Table 5. Primes p such that m p − 1 and p = Nq + 1, where q is a prime and m q ≈ 160 bits m 2 3 4 5 6 7

p

p,

N

q

q,

1246928860946337057927541 326209155186695947 266686136477 18343021511 59833843 7465333

bits 81 60 43 36 28 27

2 6 4 10 6 14

623464430473168528963770 54368192531115991 66671534119 1834302151 9972307 533238

80 57 40 32 25 23

Table 5 presents some values of the ground field characteristic, which are required for implementation of the proposed DS algorithms. 3.2 Elliptic Curves Over Vector Finite Fields

Standard GOST R 34.10 2001 specifies the design of the DS algorithms using the ECs defined over the ground field GF(p) with the following equation y 2 = x 3 + ax + b mod p ,

(6)

where a, b ∈ GF ( p) . The EC group operation is the operation of the addit ion of the EC points. The addition of the points A = (x A , y A ) and B = (x B , y B ) , where x A , x B , y A , y B are coordinates of the points, is performed as computing of the abscissa x C and ordinate y C of the point C that is the result of the point addition operation C = A + B :

328

N. Moldovyan, A. Moldovyan

x C = k 2 − x A − x B mod p , yC = k ( x A − xC ) − y A mod p, where k=

yB − yA 3x + a mod p , ifA ≠ B , and k = A mod p , ifA = B . xB − x A 2yA

The point A multiplication operation is defined as repeated addition: nA = A + A + ... + A (n times)

The characteristic p and coefficients a and b are generated in a way such that the EC order contains large prime divisor q. The next parameter of the DS algorithm is a point G of the order q. The secret key is some random value d < q and public key is the EC point Q = dG. The DS generation procedure is as follows: 1. Generate a random value k (0 < k < q). 2. Compute the point C = kG and the value r = x C mod p , where x C is the abscissa of the point C. 3. Compute the value s = (rd+ke) mod q, where e = H mod q and H is the hash function value corresponding to the message to be signed. The pair of values (r; s) is the signature. The signature verification is performed as follows:

1. Compute the point C = ((se −1 mod q )G ((q − r ))e −1 )Q . 2. Compute the value r * = x C mod p and compare r * and r. If r * = r , then the signature is valid.

Performance of the DS algorithm is inversely proportional to the difficulty of the point addition operation that is defined mainly by three multiplication operations in GF(p) and one inversion operation in GF(p). The inversion is the most contributing to the difficulty of the point addition operation. Even though there are some special techniques for computing inverses in GF(p), inversion is still far more expensive than multiplication in GF(p). The inverse operation needed when adding two points can be eliminated by resorting to projective coordinates [12]. In this way adding two points is performed with about ten multiplications in GF(p). Thus, the difficulty of the multiplication in the underlying field defines difficulty of the point addition operation. The vector finite fields GF ( p m ) can be applied to design some GOST– like algorithms providing significantly higher performance. Indeed, for different values m ∈ {1, 2,3, 4,...} , it is easy to generate ECs with parameter

Vector Finite Groups as Primitives for Fast Digital Signature Algorithms

329

q such that q ≈ m p , on which the DL problem has exponential difficulty and minimum security level of the EC-based DS algorithms, are provided with condition q ≥ 160 bits. Let us compare the difficulty of the multiplication operation in the ground field GF(p) and in the vector extension fields GF ( p υm ) for different values m in the case p = m pυ . Multiplication in GF(p) is performed with arithmetic multiplication of two p -bit values and arithmetic division of some 2 p -bit value by some p -bit value. Multiplication in the vector field GF ( p υm ) is performed with m 2 arithmetic multiplications of two pυ -bit values and m arithmetic divisions of some 2 pυ -bit values by some pυ -bit values (because of sufficiently low difficulty we do not take into account the arithmetic additions). Taking into account that difficulty of both the arithmetic multiplication and arithmetic division is proportional to the size of operands one can easily derive the following formula ρ=

WGF( p ) WGF( pm ) υ

=

m (1 + c ) m+c

,

where WGF( p ) , WGF( pυ ) is the computational difficulty of the multiplication m

in GF(p) ( GF( pυm ) ) and c is the ratio of the arithmetic division difficulty

to the arithmetic multiplication difficulty. The value c depends on the hardware used to perform computations. For many types of microcontrollers and microprocessors we have >5. For example, in this case for m = 5 and c = 6 (c = 12) we have ρ ≈ 3.2 ( ρ ≈ 3.8 ). Thus, using elliptic curves over vector finite fields, one can design the DS possessing significantly higher performance. Besides, the multiplication in the vector field GF( pυm ) is well suited to cheap parallelization while being implemented in hardware.

4 Conclusion To satisfy high performance requirements to DS algorithms oriented for the use in GIS the finite vector groups have been proposed as cryptographic primitive. Such groups are formed in finite vector space over the finite fields, while the vector multiplication operation is specially defined. In some particular cases the vector finite fields are formed. The structure of the vector groups is described in terms of the multi-dimension cyclicity.

330

N. Moldovyan, A. Moldovyan

It has been shown that the vector groups possess the multi-dimension cyclic structure and formation of the vector fields corresponds to the case when the dimension of the cyclicity μ is equal to one. Fast digital signature algorithms based on vector groups with multi-dimension cyclicity ( μ = 2,3,4 ) have been proposed. It has been shown that the use of the vector finite groups to define ECs provides increasing performance of the ECbased DS algorithms.

Acknowledgement Paper supported by Russian Foundation for Basic Research grant No. 08-0700096-a

References 1. Pieprzyk J, Hardjono Th, and Seberry J (2003) Fundamentals of Computer Security. Springer, Berlin 2. Menezes AJ, Van Oorschot PC, and Vanstone SA (1997) Handbook of Applied Cryptography. CRC Press, Boca Raton, FL 3. Schnorr CP (1991) Efficient signature generation by smart cards. Cryptology 4:161–174 4. National Institute of Standards and Technology (1994), NIST FIPS PUB 186. Digital Signature Standard, U.S. Department of Commerce 5. GOST R 34.10-94 (1994) Russian Federation Standard. Information Technology. Cryptographic data Security. Produce and check procedures of Electronic Digital Signature based on Asymmetric Cryptographic Algorithm. Government Committee of the Russia for Standards (in Russian) 6. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209 7. Miller V (1986) Use of elliptic curves in cryptography. Advances in cryptology: Proceedings of Crypto’85. LNCS, vol 218, Springer, Heidelberg, pp 417–426 8. Buchmann J (2003) Introduction to Cryptography. Springer, Berlin 9. ANSI X9.62 and FIPS 186-2 (1998). Elliptic curve signature algorithm 10. GOST R 34.10-2001 (2001) Russian Federation Standard. Information Technology. Cryptographic data Security. Produce and check procedures of Electronic Digital Signature. Government Committee of the Russia for Standards (in Russian). 11. Moldovyan NA and Moldovyanu PA (2008) New primitives for digital signature algorithms: Vector finite fields. Comput Sci J Moldova 12. Menezes AJ and Vanstone SA (1993) Elliptic curve cryptosystems and their implementation. J Cryptol 6:209–224

Multisignature Protocols and Problem of Simultaneous Signing a Package of Contracts

P. Moldovyanu, E. Dernova, A. Kostina, and N. Moldovyan Specialized Center of Program System “SPECTR”, Kantemirovskaya str. 10, St. Petersburg 197342, Russia, [email protected]

Abstract. Electronic messages authentication is an issue of significant importance for geographical information systems (GIS). In some cases the multisignature protocols can be effectively applied to solve efficiently special information authentication problems in GIS. New multisignature protocols based on the discrete logarithm problem in finite groups are introduced. The protocols are based on digital signature schemes over multiplicative groups of the ground finite fields, elliptic curves (EC), and vector groups, the last being a new cryptographic primitive. The protocols provide generation of the collective digital signature (DS) possessing internal integrity. Nobody participating in the protocol is able to form a valid collective DS that corresponds to reduced number of the signers. Besides, the collective DS of some special type can prove that a package of documents is signed by different sets of signers, and moreover the collective DS is formed simultaneously by all signers. Therefore the protocols solve the well-known problem of simultaneous signing a contract as well as they solve the more difficult problem of simultaneous signing a package of contracts. The paper considers applicability of the known DS standards to implement the proposed protocols. Keywords: Digital signature; Collective digital signature; Discrete logarithm problem; multisignature schemes; Public key; Finite group

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_23, © Springer-Verlag Berlin Heidelberg 2009

331

332

P. Moldovyanu et al.

1 Introduction One of the important objectives of geographical information systems (GIS) is to produce the electronic reports on the on-line situation according to the data arrays retrieved from geographically remote information collection centers. Note that in most cases such arrays are formed on the basis of readings produced by several centers. As the result the following tasks arise: (1) generation of the collective digital signature (DS) relating to the single message, (2) simultaneous signing an electronic document, and (3) simultaneous signing a packet of electronic messages. The second problem is well known in the area of cryptographic protocols as the problem of simultaneous signing a contract. The third problem can be considered as some advanced variant of the second one. The listed problems can be solved with respectively designed multisignature (MS) protocols. Such protocols appears to be sufficiently useful in solving some types of electronic documents authentication in GIS. There are known different constructions of the MS schemes [1, 2]. However only a few of them provides the property of internal integrity that means no manipulation with the signature is possible during and after the signature generation. The internal integrity property is provided by the approach proposed in [3], which can be applied to develop MS protocols based on different types of the difficult computational problems. That approach is used in this paper to develop some new MS schemes including the schemes providing efficient solution of the problem of simultaneous signing a package of contracts by different sets of signers. The proposed protocols have the prospect for application in GIS and in other different large information systems.

2 Multisignature Protocols with Randomized Signature Algorithms 2.1 Collective Digital Scheme Based on Dificulty of Finding Roots Modulo Prime In this section we surveyed the approach to design the MS schemes based on randomized DS algorithms, which has been proposed in [3]. That approach uses the collective process of the formation of some common random parameter E that depends on the message to be signed and on some set of random values generated by each of the signers participating in the MS protocol. The parameter E is the first part of the DS. Then the parameter E is used individually by each signer to compute his share in

Multisignature Protocols and Problem of Simultaneous Signing a Package

333

the collective DS. The individual actions of the signers are performed in correspondence with some randomized DS algorithm put into the base of the protocol. Then some digest S of all shares of the signers is computed as the second part of the collective DS (E, S ) . The paper [3] proposed the MS scheme based on difficulty of finding the kth roots modulo large prime p such that k 2 p − 1 , where k is a prime having the bit size k ≥ 160 bits. The scheme works as follows. Suppose the jth user owns the private key X j < p and the public key Y j = X kj mod p , where j = 1,2,..., n. Suppose some subset of m users is to sign a message M with some single DS called collective DS. The following protocol solves the problem. 1. Each user generates a random value t i < p (it is a onepad secret key) and calculates the value Ri = t ik mod p , where i = α 1 , α 2 ,..., α m ( α 1 , α 2 ,..., α m ∈ {1,2,..., n} ). 2. The common randomization value R is computed: R = Rα1 Rα 2 ...Rα m mod p.

3. The first part E of the collective DS ( E , S ) is computed using some specified hash function ƒ: E = f (R, M ) . 4. Using the common value R and individual one-pad secret key t i each of the users computes its share in the collective DS: S i = X iE t i mod p , i = α 1 , α 2 ,..., α m .

5. Compute the second part S of the collective DS: S = Sα1 Sα 21 ...Sα m mod p.

The collective DS verification is performed as follows. 1. Compute the collective public key Y: Y = Yα1 Yα 21 ...Yα m mod p.

2. Using the signature (E S) compute value R *: R * = Y E S k mod p.

3. Compute E * = f (R * , M ) .

334

P. Moldovyanu et al.

4. Compare values E * and E. If E * = E, then the signature is valid. Otherwise the signature is rejected. In this protocol none of the signers generates his individual signature; he generates only its share in the collective DS that corresponds exactly to the set of m user presented by numbers {α 1 , α 2 ,..., α m }. Besides it is computationally difficult to manipulate with shares S i , i ∈ {α 1 , α 2 ,..., α m } , and compose another collective DS, relating to some different set of users. This fact imparts on the collective DS the property of the internal integrity, therefore the proposed protocols efficiently solve the problem of signing a contract simultaneously [4]. Note that the MS protocols proposed in [1] are not able to solve this problem without the help of some trusted party participating in the protocol. Collective DS protocols possess the following advantages: 1. The digital signature length is fixed (it does not depend on number of signers and equals the length of individual DS provided by the underlying DS algorithm) 2. The standard public key infrastracture (PKI) is used 3. The protocol can be implemented using DS algorithms specified by some of the existing standards. Among the known protocols should be indicated the group digital signature protocol. It sounds like a collective DS, but it is a different protocol that means that anyone from a group of authorized users can sign a document on behalf of the group and only the leader of the group is able to learn the users that have signed the document. Thus, the collective DS differs from the group DS. It seems that collective DS is significantly more useful for practical informatics. 2.2 Security of the Collective Signature Protocols Security of the collective DS protocols based on randomized DS algorithms has been considered in [3] with the example of the collective DS implementation using the Russian DS standard GOST R 34.10–94 [5] regarding the following two types of general attacks. The attack of the first type corresponds to forgery of the collective DS. The second type of attack corresponds to calculation of the secret key of one of the signers that share a collective DS. In the first attack it is assumed that m − 1 legitimate signers attempt to create a collective DS corresponding to m signers. In the second attack it is assumed that m − 1 signers that share some collective DS (R, S ) with the mth signer are trying to compute the secret key of the

Multisignature Protocols and Problem of Simultaneous Signing a Package

335

mth signer. It has been proved [3] that any successful method to perform any of the attacks can break the underlying DS algorithm. Thus, security of the collective DS protocol has been reduced to security of the underlying algorithm. Such an approach to formal security proof and the technique used is applicable to a variety of the collective DS protocols based on randomized DS algorithms. Due to the possibility to provide the reduction proof of the protocol security one can compose different secure protocols using secure DS algorithms. In this connection it is prospective to implement protocols using DS standards or provably secure DS algorithms. Unfortunately only a few DS standards allow to implement the collective DS protocols on their base. Besides, the example of the GOST R 34.10–94 mentioned above, the GOST R 34.10–2001 [6] is also suitable for such a purpose. The protocol can also be implemented with Schnorr’s DS scheme [7] which is one of provably secure ones. The use of Schnorr's DS algorithms provides construction of the provably secure collective DS protocol. In Schnorr’s DS scheme there is used the prime modulus p such that p − 1 contains a large prime factor q , the element g that is generator of the q order subgroup in Ζ p , and public key y = g x mod p , where x is the secret key. Suppose the m users should sign some message M. The collective DS protocol looks as follows. 1. Each of the users generates his individual random value t i , computes Ri = g ti mod p , and presents the value Ri to each of the users. 2. The common randomization parameter is computed as the product R = R1 R2 ...Rm mod p.

3. The first element of the collective DS E = FH (M || R ) is computed, where M is the message to be signed. 4. Each of the users computes his share in the second element of the collective DS Si = ti + xi E mod q.

5. The second element S of the collective DS (R, S) is computed: S = S1 + S 2 + ... + S m mod q.

The signature verification is performed exactly as in Schnorr’s DS algorithm [7]. This protocol works correctly. Indeed,

336

P. Moldovyanu et al. m

∑ (ti + xi E )

y g ≡ y g i =1 −E

S

−E

m

m

i =1

i =1

m

∑ ti

≡ y g i =1 g −E

m

E

∑ xi i =1

m

∑ ti

≡ y g i =1 y E ≡ −E

≡ ∏ Ri ≡ ∏ Ri mod p = R.

2.3 The Collective DS Protocol Implementation Using GOST R 34.10–2001 Standard GOST R 34.10 2001 [6] specifies the DS algorithms based on the ECs defined over the ground field GP( p ) with the following equation y 2 = x 3 + ax + b mod p , where a, b ∈ GP( p ) and y and x are coordinates of the point of the EC. For details of the EC cryptography see [8, 9]. Using GOST R 34.10 2001 the collective DS generation is performed in the following way. 1. Each ith signer selects at random a value t i and computes the EC point C i = k i P , where P is the q order point of the EC ( q is a prime). 2. The common randomization point C = C1 + C 2 + ... + C m and the randomization value RC = mod x q are computed, where xC is the abscissa of the EC point C. The value R is the first part of the collective DS. 3. Each user computes his share in the composite DS as follows Si = ( Rdi + ki e ) mod q, where d i < q is the secret key of the ith user, e = H mod q , is the hash function value. m

4. The second part of the signature is S = ∑ S i . The full signature is

(R, S ).

i =1

The verification of the signature (R, S ) is performed as follows. m

1. Compute the collective public key as the point Q = ∑ Qi , where the i =1

EC point Qi is the ith signer public key (Qi = d i P ) , i = 1,2,..., m . 2. Compute the EC point C * = ((Se −1 )mod q )P + ((q − R )e −1 mod q )Q .

3. Compute the value R * = xC * mod q and compare R * and R . If R * = R , then the collective DS is valid.

Multisignature Protocols and Problem of Simultaneous Signing a Package

337

3 Multisignature Protocols for Simultaneous Signing a Package of Contracts The protocols presented above can be used to solve efficiently the problem of simultaneous signing a contract. However they do not provide an efficient solution of the problem of simultaneous signing a package of contracts. The last problem considers the cases when the first subset of some signers should sign the first document, the second subset should sign the second document, the third subset should sign the third document, and so on. In addition all documents should be signed simultaneously. Since in such a problem we have different documents and different hash functions corresponding to the respective documents, the described protocols are not applicable to solve the problem. However using the idea of the collective DS protocols it is possible to propose the analogous MS protocols that provide the solution. Two examples of such protocols, called the composite protocols, are described below. In the first protocol the collective public key dependent on the hash function is used. In the second protocol the documents are arranged in a special way with the parameters Ri to form the argument of the hash function. Suppose the parameters p , q , and g as well as secret x and public key y = g x mod p are specified as in Schnorr’s DS scheme (see Sect. 2.2). Suppose the m users should sign m different messages M i , i = 1,2,..., m . The first composite DS protocol looks as follows. 1. Each ith signer selects at random the value t i and computes the randomization factor Ri = g ti mod p , where i = 1,2,..., m. 2. The common randomization factor R is computed: R = R1 ⋅ R2 ⋅ R3 ⋅ ... ⋅ Rm mod p .

3. The first element e of the composite DS is computed using the formula e = f (R ) , where f is some compression function, for example, f (R ) = R mod p . 4. Each of the users computes his share in the composite DS as follows S i = t i − ehi xi mod q ,

where xi is the secret key of the ith user. 5. The second element S of the composite DS is computed as the following sum

P. Moldovyanu et al.

338

S = S1 + S 2 + ... + S m mod q .

The verification procedure of the composite DS is as follows. m

1. Compute the composite public key y : y = ∏ y ihi mod p , where hi is i =1

the hash function value computed from the ith document and y i = g xi is the public key of the ith signer. 2. Compute the value R * = y e g E mod p and e * = f (R * ) .

3. Compare e and e *. If e * = e , then the composite DS is valid. 4. The correctness of the composite DS is proved as follows: m

m

R =y g =y g *

e

S

e

∑ Si i =1

=y g e

∑ (ti −ehi xi ) i =1

⎞ ⎛ m ⎞⎛ = y ⎜⎜ ∏ g ti ⎟⎟⎜⎜ ∏ g hi xi ⎟⎟ ⎝ i =1 ⎠⎝ ⎠ e

−e

=

= y e Ry −e = R(mod p ) ⇒ e * = f (R * ) = f (R ) = e.

The second composite DS protocol is specified as follows. 1. Each i–th signer computes the randomization factor Ri = g ti mod p , where t i a random value, i = 1,2,..., m . m

2. Compute the common randomization factor R = ∏ Rm mod p . i =1

3. The first element e of the composite DS is computed using some specified hash function FH as follows: e = FH ( M 1 || y1 || M 2 || y2 || ... || M m || ym || R ) .

4. Each of the users computes his share in the composite DS using the formula Si = ti + exi mod q,

where xi is the secret key of the ith user. 5. Compute the second element of the composite DS: m

S = ∑ S m mod q . i =1

The composite DS verification is performed as the following steps.

Multisignature Protocols and Problem of Simultaneous Signing a Package

339

m

1. Compute the public key y = ∏ y i mod p , where y i = g xi is the pubi =1

lic key of the ith signer, i = 1,2,..., m. 2. Compute the values R * and e * 3. R * = y − e g S mod p and e * = FH (M 1 || y1 || M 2 || y 2 || ... || M m || Ym || R * ) .

If e * = e , then the composite DS is valid. The correctness of the last composite DS is proved as follows: ∑

⎛ ⎞ ⎜ ⎟ ⎜ t + ex ⎟ ⎜ ⎟ i =1 ⎜ ⎟ ⎜ ⎟ i⎠ ⎝i m

m

∑

⎛ m t = y e ⎜⎜ ∏ g i R* = y e g S = y e g i = y e g ⎜ i =1 ⎝ e −e * = y Ry = R ( mod p ) ⇒ e = e. i =1

S

x ⎞⎛ ⎟⎜ i ⎟⎜ ∏ g ⎟⎜ ⎠⎝

e

⎞ ⎟ = ⎟ ⎟ ⎠

Both of the composite DS protocols described above can be implemented using the finite groups of points of the elliptic curves, but none of the DS algorithms specified by the existing DS standards can be used as the base DS algorithms in the composite DS protocols, since all the standards specify the signature generation and verification procedures accepting one hash function value. However, using the ideas underlying the proposed composite DS protocols, one can propose other different implementation variants. As in the case of collective DS protocols, the last two protocols form the signature possessing the internal integrity. If the process is somehow stopped then no valid signature is formed. If the process is performed completely, then all signers have signed the whole package of documents M 1 , M 2 ,..., M m . Since the composite signature is formed simultaneously, it is possible to apply the protocol for solving the problem of simultaneous signing a package of contracts. Indeed, suppose the signers 1 to α * have to sign the contract M, the signers α * to α ** have to sign the contract M *, and the signers α ** + 1 to m have to sign the contract M **. Assigning in the composite DS protocols H i = FH ( M ) for i = 1,2,..., α * , H = F ( M *) for i = α * + 1, α * + 2,..., α **, and H i = FH ( M ** ) for i = α ** + 1, α ** + 2,..., m , correspondingly, it is possible to sign simultaneously the contracts M , M *, and M ** providing high security of the simultaneous formation of the DS. i

H

340

P. Moldovyanu et al.

4 Conclusion We have presented several new MS schemes providing formation of the collective and composite DS and shown that the protocols solve efficiently the problem of simultaneous signing a contract by an arbitrary number of signers (collective DS), as well as the problem of simultaneous signing a package of contracts by arbitrary subsets of signers assigned to each of the contracts. Some variants of the protocols are implemented using the computations modulo large prime number and some others are implemented using computations on EC. There are no limitations to the implemention of the protocols using any other finite group, provided the group contains a subgroup of the sufficiently large prime order. To satisfy high performance requirements to MS protocols oriented for the use in GIS the finite vector groups [10] are prospective. The use of the finite groups of the vectors defined over the finite fields ( GF ( p ) or GF ( p n ) ) allows to implement fast DS algorithms based on two difficult problems: finding discrete logarithm and finding large prime roots [10]. The vector finite groups (VFG) are very interesting for such implementations due to the following two facts: (1) for the given group order the group operation of the VFG is computationally less expensive that in other groups used in cryptographic algorithms; and (2) the group operation of the VFG allows efficient parallelization.

Acknowledgement Paper supported by Russian Foundation for Basic Research grant No. 08–07–90100–Mola.

References 1. Boldyreva A (2003) Efficient Threshold Signature, Multisignature and Blind Signature Shemes Based on the Gap–Diffi–Hellman–Group Signature Sheme. vol 2139, Springer, Heidelberg, pp 31–46 2. Min-Shiang Hwang and Cheng-Chi Lee (2005) Research issues and challenges for multiple digital signatures. Int J of Network Security 1:1–7 3. Minh NH, Moldovyan NA, and Minh NL (2008) New multisignature protocol based on randomized signature algorithms. In: 2008 IEEE International Conference on Research, Innovation and Vision for the Future in computing & Communication Technologies. University of Science. Vietnam National University, Ho Chi Minh City 4. Schneier B (1996) Applied Cryptography, 2nd Edition. Wiley, New York

Multisignature Protocols and Problem of Simultaneous Signing a Package

341

5. GOST R 34.10–94 (1994) Russian Federation Standard. Information Technology. Cryptographic data Security. Produce and check procedures of Electronic Digital Signature based on Asymmetric Cryptographic Algorithm. Government Committee of the Russia for Standards (in Russian) 6. GOST R 34.10–2001 (2001) Russian Federation Standard. Information Technology. Cryptographic data Security. Produce and check procedures of Electronic Digital Signature. Government Committee of the Russia for Standards (in Russian) 7. Schnorr CP (1991) Efficient signature generation by smart cards. Cryptology 4:161–174 8. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput Adv 48:203–209 9. Miller V (1986) Use of elliptic curves in cryptography, Advances in cryptology. In: Proceedings of Crypto’85, vol 218, Springer, Heidelberg, pp 417–426 10. Moldovyan NA and Moldovyan AA (2009) Vector Finite Groups as Primitives for Fast Digital Signature Algorithms Springer. In: 4th Int. Workshop IF&GIS’09 Russia, St. Petersburg, Springer, Heidelberg

Integrated Usage of Data Mining Methods for Malware Detection

Dmitriy Komashinskiy and Igor Kotenko St. Petersburg Institute for Informatics and Automation (SPIIRAS), 39, 14 Linia, St. Petersburg, Russia, [email protected]

Abstract. The problem of counteracting malicious software (malware) remains a real one in all computer systems, including Geographical Information Systems (GIS), despite the obv ious successes of antivirus vendors in technologies aimed at early recognition of malware propagation, code analysis, and malware rapid updating of databases. The basic issue of that problem is the quality of heuristic detection methods. The goal of these methods is to provide recognition of unknown malware samples; therefore heuristic detection is the last defense line of any critical object in IT infrastructure. The paper is devoted to the application of data mining methods to heuristic detector development. The offered approach differs from existing ones by cyclic interactive covert processing of behavioral information, and integrated use of different methods of data mining for various classes of malware. The paper discusses research into how a family of different data mining methods based on Bayes approach, decision trees and neural networks were implemented and investigated. The paper proposes a general integrated approach to realization of malware detection methods. Keywords: Data mining; Malware; Behavior-based malware detection

V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_24, © Springer-Verlag Berlin Heidelberg 2009

343

344

D. Komashinskiy, I. Kotenko

1 Introduction In spite of great efforts made by research and development community and commercial organizations, the defense problem of personal and business resources information against malware persists. It is important to note that the problem of malware protection is extremely prevalent in distributed GIS. Mechanisms of malware protection in GIS should be a part of the common security services and provide protection of the information and GIS functioning processes. In accordance with the estimation of some researchers, by the middle of 2008 about 90% of personal computers, regularly used to access the internet, were exposed to malware impact. That is a real challenge, so there exists a need to further develope the technical decisions directed to the malware recognition in its active phase – when it is run on an attacked host. The topicality of recognition of malware running on the host is determined by the following facts: the malicious functionality focus is moving towards speeding-up and hiding; the invariance of its penetration types is growing (penetration invariance); the duration of its hidden phase is extending; static detection techniques are not sufficient to provide for a reliable defense against new malicious examples. Propriety of the detection of running malware (in its active phase) is obvious, because the malware is more understandable – it must perform its own main malicious functions. Moreover, it should be taken into account that, from the technical point of view, the realization of behavior polymorphism is a significantly more complex task than the realization of the structural one. However, this aspect should also be accounted for in the prospective antimalware techniques. The paper outlines an approach to detection of malicious software based on hidden gathering of information about running applications and their processing via data mining-based techniques. The approach proposed differs from the existing techniques by cyclic interactive hidden processing of behavior data as well as by flexible integrated usage of data mining techniques for each malware type taking into account the admissible compromise between the main requirements for the malware detection process. The paper is structured as follows. Second section is dedicated to related work. Third section describes the malware detection task, its main typical requirements and restrictions as well as recites some peculiarities related to the malware detection based on data mining methods. Fourth section introduces behavior-based detection approach investigated in our research. Fifth section specifies the implementation details of the detection simulation software used and describes the performed experiments and current research results. Conclusion generalizes the main results of our work and indicates the prospective research directions.

Integrated Usage of Data Mining Methods for Malware Detection

345

2 Related Work The question about applicability of data mining (DM) techniques to malware detection arose when the research community understood the need to reinforce, by heuristic methods, the existed malware detection techniques. DM is not a panacea, but these methods bring systematic character into the process of malicious software detection in accordance with experts-defined rules. By now a great number of works related to malware detection have been published. Let us analyze some more interesting ones. The paper considers a detection model as one or several learned classifiers that work together to get the optimal result in accordance with determined requirements for the malware detection process. M. Schultz et al. [6] presented one of the first published research results devoted to usage of classifiers (as a part of DM knowledge area) for malware detection. The paper [6] considered issues no longer current due to serious progress in binary protection tools based on static analysis. However, it provided a good foundation for DM-based detection for many researchers and demonstrated all the power of the DM-based approach. This paper is dedicated to the detection of new (unknown) malicious programs propagated via e-mail logical channels in Portable Executable 32-bit (PE32) attachments [3]. The basic assumption used is that the structure of PE32 files and the contained code were not subjected to intentional distortion to make their analysis difficult. Learning and test sets include executable binaries of two predefined classes: benign and malicious. Thus, a dichotomy task is investigated. To compare the effectiveness of the proposed DM-based detection approach with a traditional signature-based one, a specially developed automatic signature generator is used. It fills the storage of designed known binary signatures with ones from a malicious initial file subset. The quality of the formed detection models was estimated as the traditional calculation of false positives and false negatives. The feature extraction process for instantiation of the DM-based detection models was organized as follows: • From each binary file of learning/test collection a binary profile (a set of extracted features) was extracted with specially chosen tools – parser of 32-bit portable executable format, null-terminated string-extraction tool and transformation tool of binary content to visible symbol sequence. Thus, at least three types of features have been used: some signs of PE32 file (for example, GUI type), strings (which are usually used for imports/exports descriptions), and code fragments. These sets are typical for the static DM-analysis of PE32 binaries, but any packer/protector

346

•

• • •

D. Komashinskiy, I. Kotenko

tool can hide this information layer by changing it to the specific values of these features. Data from binary profiles were used for the feature selection process, and each implemented type of the DM-detector applied its own data subset (for example, RIPPER-based classifier used PE32-specific data, statistic-based classifiers used string and binary features). The following classifiers were used for DM-based detectors: RIPPER classifier is rule-oriented and its output decision-making model appears to be a rule that sets well-defined result of classification in accordance with the values of features used during classifier learning; Statistical naive Bayes (NB) classifier calculates a probability of a file virulence rating for each class predefined at the learning stage; Multiplicative NB classifier is an artificial construction based on the combination of detection models using the separated feature groups. This approach was directed to investigate the necessary resource minimization at the expense of separating the global classification task into the simpler subtasks with further results combining.

J. Wang, et al. [8] suggested the DM-based detection model, also using the features generated by the PE32 executable binaries. The process of the detection model design, instantiation, and validation can be represented as follows: preparation of two file sets with intentional malware and benign binaries; separation of the whole available file sets into two parts: an initial subset (for the classifier learning and cross-tests) and a test subset (for the validation phase); extraction from each file of an initial binary profile (content of code section from file); feature extraction (any feature is just a byte sequence consisting of CPU instruction opcode and some following bytes); feature selection; classifier learning; detection model evaluation. Selection of the features valuable for the learning task was provided by the information gain function calculation for each extracted feature. After prioritizing the feature list the valuable signs are at the top. Validation phase of the constructed malware detectors was carried out through calculation of FP and FN for initial (cross-check) and test (model evaluation) file sets. Detection models were constructed by the naive Bayes and decision tree classifiers. Decision tree exceeded NB according to FP and FN parameters. The most important fact not related to the results of a comparison between the methods used is that the extension of the feature size (the usage of a byte sequence instead of 1-byte opcode) has a positive influence on the detection accuracy. B. Zhang, et al. [9] considered the design of the DM-based detection model based on support vector machine (SVM) classifier. They proposed

Integrated Usage of Data Mining Methods for Malware Detection

347

to use the behavior-based features collected during the execution of the analyzed binary files. The issue related to protecting against the security threats caused by the real malware samples executing on a victim host was solved by the network environment isolation. On the whole, as the authors showed, a practical usage of environment isolation may be organized by the specially prepared analysis infrastructure with wide involvement of virtualization technologies and additional security policies. The application of such a non-trivial approach was caused by the above mentioned difficulties in analyzing the specially obfuscated structure and code being a typical countermeasure against static analysis. Some special assumptions were marked before the start of experiment: • All malicious programs function via Win32 API calls; in accordance with the current development practice this assumption is pretty correct for the user-level applications and components; • When a malicious application is running, it captures the attacked host and prevents the running of any other malicious example. That is a basic item that provides the clarity of experimentally gathered data; • Win32 API may be effectively intercepted. That is indeed true, and the main message of that point is a need to somehow intercept the program actions to organize a behavior-based analysis. Each intercepted function had its own personal identifier. The input operands and the returned values of these functions were not taken into account. Thus, processed execution trace could be considered as a chronological list of the called function identifiers. Feature extraction process was organized as a gathering of all those existing in the execution trace chains with fixed length. To select the most valuable features from the extracted one, the authors calculated the Hamming distance between the malicious trace fragments (features) and intentionally benign ones.

3 Peculiarities of DM-Based Malware Detection Ultimately, the result of malware detection function can be considered as the Boolean positive (1/true/malicious) or negative (0/false/benign) variable. It is evident that the restricted isolated database about malicious examples (signature base or some type of heuristic detector initialization data) does not provide the successful detection of new malicious examples. Therefore, it is necessary to find more effective and flexible detection techniques.

348

D. Komashinskiy, I. Kotenko

Apparently, a more effective way from the security point of view is the detection of a code sample without its execution, because in such a situation the hosts with antivirus software cannot be infected (exposed to another malicious influence). Such type of detection is known as static. There exist powerful means to hide the original code or make it unreadable (for instance, binary packers and protectors, script code obfuscators, etc.). And, as a result, these techniques make the static analysis difficult. The proper answer to these difficulties is the “on-fly” detection techniques with this simple rule: make checks when the application is running. There are many different examples of this kind: memory scan of the running processes, behaviorbased detectors, some kinds of emulators, etc. Of course, that way is more dangerous because a host used for analysis may be infected. This approach in general is only applicable to the environment restricted and isolated by technical or organizational means. The typical antivirus software has three basic functions [1]: malware detection, malware identification, and host disinfection. Detection function is responsible for making the decision about the threat of the analyzed object. In the general case, it just finds an answer to the question “Is the code (code container) malicious?” There is no detection approach granting an absolutely correct result for all existing and future malware examples. The reason lies in the active role of the IT criminal agents who try to use novel technologies and software environments in order to carry out their business. Usually the identification function takes into its own input the results of the detection function and is responsible for exposing the precise type/name of the detected malicious program. Output results of that function are used for disinfection. It realizes actions on detected malware removal and cleans all side-effects. Disinfection function cannot organize its own work correctly if identification fails due to the impossibility of removing all detected malware-specific effects from the attacked host. The detection and disinfection functions are realized in deterministic as well as in more generalized (heuristic) ways. As a rule, deterministic approaches are directed to counteract against the known malware examples (signature scanning). Opposed to this, the heuristic techniques allow the detection and removal of new malicious programs and are based on the generalization of the experts’/analysts’ experience. Any malware detection approach must satisfy the following main general requirements: detection accuracy, efficiency (productivity, performance), and host resources consumption (Fig. 1). As one can see, any attempt to enhance one of these parameters leads to decrease of the other two.

Integrated Usage of Data Mining Methods for Malware Detection

Initial State: S0 = {A0, R0, P0}; Optimization attempt: O target: A to max; keep P. S1 = O(S0) = {A1, R1, P1}; As result: A1 better than A0; P1 is close to P0; R1 worse than R0.

Accuracy

A1 A0 R1

S1 O

S0 R0

Resources

349

P1 P0 Performance

Fig. 1 Quality triangle of malware detection function

The detection accuracy requirement is determined as a conformity of the detection model with the predefined error indicators of false positives (FP, detection of benign object as malicious) and false negatives (FN, detection of malicious object as benign). Basically, DM is applicable to heuristic malware detection approaches, so values of FP/FN rates may be less strict in comparison with other approaches (for example, ideally the case signaturebased detection should have the following numbers: FP = 0, FN = 0). Using the related works [1, 6, 8, 9] and the initial results obtained here, the following potentially reachable values FP = 0.15, FN = 0.05 may be indicated. In other words, the target detection model can make mistakes due to its specificity. However, within certain limits, the FP detection error is more preferable (as minimal evil). So, the DM-based detection model should be “paranoiac” to a certain degree. The performance requirement sets the allowable time of decision-making. In respect of techniques to be used in the proposed approach, it should be noted that the dynamical detection model using the behavior-based information can have no precise performance indicators. Due to its specificity, the positive result of detection is possible only when the analyzed object (code container) has performed some set of the operations (in our case it is a set of malicious functional blocks specific for the detection model). Certainly, if the DM-based detection model uses features that can be extracted and selected without running the analyzed object (static approach), the performance requirements may be set accurately, without taking into account the restrictions mentioned above. The common target of the performance requirement is to make the DM-based detection as fast as possible. The requirement of host resources consumption determines the amount of random access memory (RAM) and the memory access quantity needed to perform calculations related to the detection model. That requirement depends on the calculation complexity and data volume used. Usually, the

350

D. Komashinskiy, I. Kotenko

attempt to improve the indicator of resources consumption stipulates the performance decrease. Taking into account the characteristics of modern computers and high resources consumption by the DM-based detection models, let us note that this requirement is secondary and bring into focus the minimization of resources consumption by the search for local optimal detection models for particular types of malicious objects. In other words, the search for abstract ineffective universal detection models will be omitted, and major effort will be concentrated on finding the practice-oriented particular effective models that may be combined in one theoretical basis. The malware detection result is an object class, the detection model refers the target object on the basis of the processing rules used on the computing infrastructure (simulation testbed) used. These processing rules include the rules of feature extraction, feature selection, and processing (classification) of significant features. The task of satisfaction of the common requirements described above can be expressed by the requirements for data processing rules used by the detection models to be constructed on the basis of the DM methods. When forming the detection model it is important to perform the theoretical justification and practical evaluation of possible variants of processing rules. With a glance at a strong dependency of the common requirements on the quality of processing rules, it is suggested to fulfill the additional estimation of those rules using the following factors: computational complexity of feature extraction rules; number of extracted features; computational complexity of feature selection rules; number of selected features; memory volume needed to store features; computational complexity of classification rules (in the common case of chosen DM technique). Taking into account these values at early stages of model preparation, it seems possible to minimize the time of the detection model development and to optimize a degree of conformity in the common requirements.

4 Investigated Behavior-Based Malware Detection Approach The offered approach is based on integrated combined use of the DM techniques. It is obvious that the detection of malicious software can be based on two main approaches: misuse detection – revealing the obviously dangerous static and dynamical behavioral signs (as a rule, they vary for different malware classes), and anomaly detection – searching the differences from

Integrated Usage of Data Mining Methods for Malware Detection

351

typical signs of obviously secure applications. The peculiarities of these approaches stipulate the need to do the research devoted to integration of different detection methods that use a reasonable compromise between the common requirements: (1) detection accuracy – minimal errors in false positives and false negatives; (2) efficiency (productivity, performance); (3) effective host resources consumption. Moreover, it is necessary to have the accurate estimations of applicability of the rules of feature extraction, feature selection, and processing (classification). In addition, it is necessary to consider two specific requirements: the stability of detection functionality and the secrecy of data gathering. The second requirement is necessary as there exist many anti-monitoring and anti-emulation techniques [4] allowing the malware to recognize the fact of being monitored. Use of the classification methods assumes carrying out the supervised learning of the chosen classifier with the subsequent use of adjusted parameters (weights). Features are picked out in the process of the classifier training by the example containing the applications carried to target classes (for example, malware/benign). The space of features is multidimensional and is defined by the selected features quantity. The detection model represents the function, defined on the space of features, optimally relating the investigated object to one of target classes. The classification models used in the considered approach are based on the following groups of methods [2]: statistical group – the NB classifier (assumes the independence of selected features) and its specializations (decrease the assumption about independence of selected features) are used; inductive group – decision tree technique is used; the classifiers based on the sets separation; in the current research phase, the multilayer perceptron classifier was chosen. The gathering of initial data in our approach is based on the low-level operating system functions (native API) monitoring. It allows getting the chronologically correct sequence of events on the usage of the critical system resources by the analyzed applications. The monitoring secrecy is based on the intended modification of operating system kernel structures that are inaccessible for the applications functioning in the user mode. Thereby, the running applications are deprived of an opportunity to determine that they are being monitored using evident signs. Requirements related to the performance and resources usage generally depend on the quality of event interception and analysis modules (absence of bugs, usage of optimal algorithms). Moreover, the performance requirement is indirectly defined by peculiarities of the classifiers used (for example, by possibility of fast re-learning).

352

D. Komashinskiy, I. Kotenko

5 Experiments 5.1 Tools Used The tools used for data gathering and the results evaluation were constructed on the basis of Windows XP (NT5.1), being now one of the most popular from the point of view of typical users and, as a consequence, from the point of view of malefactors. Gathering of behavioral information is based on the usage of program interceptors of native API functions [5]. To form the initial dataset and test data for validation of the models generated by classifiers, we used the set of malware from [7] and typical benign applications from the operating system and commonly used distributives. For learning, cross-checking, control checking, and results visualization the Weka Classifier software tool was used. Input data for that tool are presented in ARFF (attribute-relation file format). The typical data description contains two main parts: (1) definitions, where all used features are described and typified (Fig. 2); and (2) input data, represented as 2D array with features’ values for each input sample (Fig. 3). For validation checking of the prepared detection models, at least two such input data blocks should be prepared: for learning file set and for test file set. The applications necessary to get the call traces were executed in an isolated computing environment under maximally privileged credentials (local administrator). To carry out experiments the special malware set was used, including malicious applications with evident functionality containing file search/read hierarchical cycle (for example, e-mail worms collect the list of possible recipients of new malware copies via text files), file infection, and automatic start after reboot/user logon.

Fig. 2 Input data description, definition part

Integrated Usage of Data Mining Methods for Malware Detection

353

Fig. 3 Input data description, input data set

5.2 Feature Extraction and Selection The base data for feature extraction/selection process is a collected call trace of the analyzed application. Below is the typical example of the raw trace for malicious sample run on isolated host (it is the creation of functional copy in the user directory): NtCreateFile(+24C.6C,n40110080,o"\??\C:\DOCUMENTS AND SETTINGS\ALL USERS\...\EQYY.EXE",i0.2,l,n20,n0,n5,n64,p,n0) NtQueryVolumeInformationFile(!24C.68="\??\C:\SAMPLE\TANATOS.EXE",i0.8,p12E88C ,n8,n4) NtQueryVolumeInformationFile(!24C.6C="\??\C:\DOCUMENTS AND SETTINGS\ALLUSERS\...\EQYY.EXE",i0.8,p12E88C,n8,n4) NtSetInformationFile(!24C.6C="\??\C:\DOCUMENTS AND SETTINGS\ALL USERS\...\EQYY.EXE",i0.0,p12ED2C,n8,n14) NtWriteFile(!24C.6C="\??\C:\DOCUMENTS AND SETTINGS\ALL USERS\...\EQYY.EXE",p,p,p,i0.10000,p930000,n10000,l,d ) NtWriteFile(!24C.6C="\??\C:\DOCUMENTS AND SETTINGS\ALL USERS\...EQYY.EXE",p,p,p,i0.1A00,p940000,n1A00,l,d) NtSetInformationFile(!24C.6C="\??\C:\DOCUMENTS AND SETTINGS\ALL USERS\...\EQYY.EXE",i0.0,p12F0B4,n28,n4) NtClose(-24C.68="\??\C:\SAMPLE\TANATOS.EXE")

354

D. Komashinskiy, I. Kotenko

The minimal indivisible information unit used during the feature set formation is a terminal incident (event). The description of terminal incident (event) includes the following sets (Table 1): identifier (name) of the called function; values of operands transferred on the input of the function (input operands); values of results returned by the function. The process of feature extraction is carried out taking into account the last two sets. That fact favorably distinguishes the approach offered from that described in [9]. The process of feature extraction also considers (Table 2): amount of each function calls; amount of accesses to resources with identical importance rank; usage of specific resources (attempts of access to some specific keys of the system registry, to some system-related file folders, etc.); presence and quantity of specific chains of calls. Table 1. Intercepted Native API functions and theirs identifiers Id 037 116 183 274 179 248 139 149 151

a

Function name ZwCreateFile a ZwOpenFile a ZwReadFile a ZwWriteFile a ZwQueryVolumeInformationFile ZwSetVolumeInformationFile ZwQueryAttributesFile ZwQueryFullAttributesFile ZwQueryInformationFile

Id 224 145 047 048 041 063 065 119 247

Function name ZwSetInformationFile ZwQueryDirectoryFile ZwCreateProcess ZwCreateProcessEx ZwCreateKey a ZwDeleteKey a ZwDeleteValueKey ZwOpenKey ZwSetValueKey a

Input operands were taken into account

Table 2. Chosen features groups Id s_* r_[f|p|r]*

b_f*

Group name Samples Amounts of @ATTRIBUTE s_037 called functions NUMERIC (ZwCreateFile calls amount) Summary @ATTRIBUTE r_f1 amount of NUMERIC used resources (number of requests to critical file resources) Chains of @ATTRIBUTE b_f1 function calls NUMERIC (ZwOpenFile->ZwWriteFile) chains amount

Power of group 18 features for each intercepted function 7 features which specify amount of accesses to the system registry, files and process subsystem 5 features which specify the amount of typical malware/benign call chains

Integrated Usage of Data Mining Methods for Malware Detection

355

As a part of the feature selection process, the search of call chains specific for the malware was provided by the Hamming distance formula. In further experiments the use of the Levenshtein distance formula is proposed. It is a measure of difference in two symbol sequences, defined as the minimum quantity of such operations as insert, remove, and replace, necessary to transform one line to another. 5.3 Learning and Test Results The results of our research (see Fig. 4 and Table 3), including the analysis of intermediate results, have clarified the issues of the efficiency evaluation of the proposed DM-based detection approach, and the directions of further development of the malware detection simulation tool so far used.

Fig. 4 Results of cross-validation for NB-based detection model Table 3 Summary results Classifier Decision Tree Naive Bayes Multilayer perceptron

Class Malicious Benign Malicious Benign Malicious Benign

TP rate 0.857 0.8 0.857 0.8 0.429 0.8

FP rate 0.2 0.143 0.2 0.143 0.2 0.571

These issues are as follows: the accessible malware sets have low quality not allowing the generating, without additional efforts, of the relevant training/test samples which can give accurate and well-founded results; the

356

D. Komashinskiy, I. Kotenko

collected and analyzed malware call traces confirm the applicability of the simplified detection technologies focused on the malware classes chosen for the experiments, i.e., checking the selected keys of the system registry, the interprocess interaction mechanisms, and the file system events; using the generated feature and file test sets, the implemented classifiers showed the possibility of detection up to 80% of unknown malicious programs with mixed functionality classes “trojan/file worm/e-male worm” (for Win32 platform), where false positives indicator was about 15%; the statistical classifier group used satisfied the performance requirement better due to a good possibility of incremental re-learning.

6 Conclusion In the paper, the common DM-based approach to proactive malware detection was proposed. The specified approach allows the detection of the malware during its execution by classification methods using some specific features of the malware behavior. The DM-based behavior analysis is used as an interactive secretive process, trying to keep the requirements of detection accuracy, productivity, effective host resources consumption, the stability of detection functionality, and monitoring secrecy. The offered approach differs from the existing ones by cyclic interactive covert processing of behavioral information, and integrated use of different DM methods. A family of different data mining methods based on Bayes approach, decision trees, and neural networks was implemented and investigated. At the same time, the current results of experiments have shown the necessity to develop more careful procedures of extraction and selection of the behavioral features related to each malware class, as well as to expand the malware detection simulation tool used and improve it at the expense of applying the additional data.

Acknowledgments This research is supported by grant of the Russian Foundation of Basic Research (Project No. 07-01-00547), Program of fundamental research of the Department for Nanotechnologies and Informational Technologies of the Russian Academy of Sciences and partly funded by the EU as part of the RE-TRUST project.

Integrated Usage of Data Mining Methods for Malware Detection

357

References 1. Aycock J (2006) Computer Viruses and Malware, Advances in Information Security, vol 22, Springer 2. Cios KJ, Pedrycz W, Swiniarski RW, and Kurgan LA (2007) Data Mining. A Knowledge Discovery Approach. Springer Science & Business Media 3. Pietrek M (2002) An In-Depth Look into the Win32 Portable Executable File Format. MSDN Magazine 4. Raffetseder T, Krugel C, and Kirda E (2007) Detecting System Emulators. LNCS, Springer, vol 4779 5. Schreiber SB (2002) Undocumented Windows 2000 secrets. A programming cookbook. Addison-Wesley 6. Schultz MG, Eskin E, Zadok E, and Stolfo SJ (2005) Data mining methods for detection of new malicious executables. Inform Comput Sci 172(1–2) 7. VX Heavens Site, http://vx.netlux.org/ 8. Wang J-H, Deng PS, Fan Y-S, Jaw L-J, and Liu Y-C (2003) Virus Detection using Data Mining Techniques. IEEE 37th Annual International Carnahan Confe-rence 9. Zhang B-Y, Yin J-P, Hao J-B, Zhang D-X, and Wang S-L (2006) Using support vector machine to detect unknown computer viruses. Inte J of Comput Intell Res 2(1)

Schemes for Data and User Authentication in Distributed GIS

Sergey Shtanko and Andrey Pankin St. Petersburg Institute for Informatics and Automation of the RAS, 39, 14 Liniya, St. Petersburg, 199178, Russia, [email protected]

Abstract. The paper specifies approaches to the realization of data and user authentication functions in distributed GIS, allowing for avoiding the existing protocols’ disadvantages, and thus accounting for the requirements for the geographical information system (GIS) safety. The authors propose the method of user’s private key storing at the server for the cases when the private key storing cannot be realized at the user’s end. A method binding the user’s identification process to the geographical location is proposed. Keywords: Distributed GIS; Electronic digital signature; Authentication

1 Introduction At deployment of distributed geographical information system (GIS) protection for different functions of geoinformation data including the cryptographic protection is often required. Depending on the GIS type and purpose, a demand for the data and user authentication as well as for the data encryption can arise. Therefore, the emerging problem springs from the requirement that a security system has to serve a large number of users while exchanging with them large amounts of heterogeneous information. In this regard, situations often occur when the users cannot store the key information at their ends, so the server would be the only repository available for the key information storing; the above assumes that the safety V.V. Popovich et al. (eds.), Information Fusion and Geographic Information Systems, Lecture Notes in Geoinformation and Cartography. DOI: 10.1007/978-3-642-00304-2_25, © Springer-Verlag Berlin Heidelberg 2009

359

360

S. Shtanko, A. Pankin

level to be provided for the key storing should ensure the exclusive access of the key owner to the respectively assigned private key.

2 Existing Approaches to User Authentication Problems in Distributed GIS Consider the distributed GIS with a large number of work stations and one server. The users’ access to the system is not limited by some specified work station and could be executed from different work stations (terminals). There can be more servers, e.g., one for the ontology (may also be several of them), one for the cartographic information, etc. The ontology will be understood as the detailed formalization of a certain area by a conceptual scheme consisting of the data hierarchical structure, incorporating all relevant object classes, their relations, and rules (theorems, constraints) adopted for this area. At this point, one server for the objects’ ontology as used in GIS will be considered, e.g., the marine application both for displayable and nondisplayable objects (ships, ports, marches, missions, etc.). Such GIS can provide different data for different users. In this case, it is necessary to realize the function of users’ authentication and access sharing. For this purpose, procedures of the users’ identification and authentication at the system input [1, 2] will be used. To identify user A , let use some unique user A match information that is an identifier Id A , being the user’s code name in the simplest case (also called “login”). The server, as well as other users, identifies the user based on this unique information. The authentication procedure should be performed to prevent an intruder from the illegal use of the above specified identifier. This procedure can be performed using certain unique user inherent data. Such data can include biometric data of the user or some secret information known only to the user. In the simplest case such information can include password PASS A – some secret word; or set of characters known only to the user and stored in the database (DB) of the system users. To carry out the authentication procedure the user should enter the identifier and password. The identifiers’ validation system finds the user’s password and compares it with the entered one. If they coincide the user A will be authorized to access the system, otherwise the access will be denied. In order to prevent an intruder from access to the user’s password even when the intruder somehow manages to access the users’ DB or intercept the authentication information, the database stores instead of the user’s

Schemes for Data and User Authentication in Distributed GIS

361

password its hash function hA = hash ( PASS A ) . Upon the user’s entering the password from the terminal, the password is hashed, and the hash function hA is transmitted to the server for authentication; thus, the password in the public form PASS A is not stored in the memory. In the simplest case a standard procedure of authentication applied in one form or another in existing systems has the following sequence (Fig. 1).

Fig. 1 User authentication

The described scheme is subject to intercepting attacks [1, 3]. The intruder can intercept the hashed password hA and use it even without knowing password PASS A . To prevent an attack of this type it is necessary to introduce some variable data into the hash function. At each authentication process it will allow the sending of different information to the server. For example, current time can be used as such information. Under this condition the hash function hA = hash ( PASS A + t ) will be different each time and useless for the interceptor, since the function argument will be varying. Nevertheless, this scheme will have the following disadvantage – the client

362

S. Shtanko, A. Pankin

terminal and the server have to be synchronized with accuracy equal to a single time count, which is really hard to do in practice. The other approach allowing for avoiding the strict requirements for synchronization is a usage of a random number r as an argument of the hash function instead of time marker t . In this case the algorithm can be as follows: the server upon the client A request generates a number r, transmits it to the client A , the client calculates hA = hash ( PASS A + r ) and transmits it to the server for the authentication. The latter two schemes have the following disadvantage: the client password PASS A has been stored at the server in the public form so that the server could perform the operation ( PASS A + r ) aimed at validating the received authentication data. The upgraded user authentication scheme can possibly eliminate the above disadvantage. Two latest schemes in various modifications are used in almost all protocols realizing the authentication procedures in computer networks. The authors have analyzed different symmetric and asymmetric protocols [1–3], including the particular one (Diffie–Hellman, Schnorr, Fiat–Shamir), and specified realizations, used in computer networks (IPSec, SSL/TLS), based on X.509 standard. None of the considered protocols simultaneously meets the entire set of requirements’ for the authentication procedures for the distributed GIS. 1. The information transmitted during the authentication procedure should be different at each session; thus preventing the intruder from using the intercepted data for the authentication. 2. The passwords in the public form should not be stored in the database; however, their storing in the hashed form should also prevent the intruder from their use even if the intruder managed to access the database. The system has to support storing the personal users’ keys on its server 3. The system should provide for the user’s binding to geographic co-ordinates. On the other hand, most of the considered protocols that are currently realized in the computer networks (based on X.509 standard) possess a large number of services not needed for the distributed GIS applications. So, many of them provide for using the servers’ certifiers that are excessive for the approach under consideration; to meet the above mentioned requirements and to eliminate the existing protocols’ disadvantages this upgraded authentication scheme has been developed.

Schemes for Data and User Authentication in Distributed GIS

363

3 Upgraded Scheme of User Authentication for Distributed GIS The upgraded scheme for user authentication is the development of the above discussed schemes; it allows for eliminating the disadvantages of the authentication process. While developing a client, his Id A and hash ( PASS A + Id A ) value are put into the database. The server S possesses a pair of keys for asymmetric cryptosystem: the private key S and public key kpublic . To enter the system (Fig. 2), the client A calculates hash ( PASS A + Id A ) , generates a random number r , requests the public key from the server S and encrypts it ticket = encrypt ( ( hash ( PASS A + Id A ) + r ) ; kpublic ) (hereinafter encrypt (m; k ) – process of message m encryption with k key, decrypt (c; k ) – process of cryptogram c decryption with k key; s = sign(m; k ) – process of signature s generation for message m with k key; m = signver ( s; k ) – process of verification of signature s under message m with k key). The server after receipt of ticket’ decrypts it by its private S S key kprivate : hash ′ ( PASS A + Id A ) + r ′ = decrypt ( ticket, kprivate ) . Then the server validates hash ( PASS A + Id A ) = hash ′ ( PASS A + Id A ) and in the case of their matching grants the client A an access. The system described allows for storing the passwords in DB in the hashed form, thus protecting them against the intruder in case of the hackers’ attack against DB and theft, and transmitting the authenticating data in the form of encrypted tickets, which are changed at each authentication session, thus preventing the ticket intercepting intruder from using it. ?

4 Upgraded Scheme of User Authentication for Distributed GIS with Possibility of Private Keys for Authentication Data Storage at the Server To implement in GIS the functions of data authentication and encryption it is also reasonable to apply asymmetric cryptosystems. However, for the direct data encryption it is expedient to use symmetric cryptosystems as they are faster; therefore, the asymmetric systems are used for generating the keys for symmetric systems and data authentication (realizing the electronic digital signature (EDS)). To develop such a system it is necessary that every system’s user has a pair of keys – the private and public ones.

364

S. Shtanko, A. Pankin

S k public

S k private

S k public

S k public

Fig. 2 Upgraded user authentication

One of the approaches includes the use of different electronic media (similar to bank cards) where the user’s private key would be stored in encrypted form. During the authentication process the user enters the password, which serves as the key for the private key decryption for its further use in the processes of data authentication and encryption. In some cases the application of the scheme with electronic media cannot be realized. Then the private key cannot be stored at the user’s PC. The only solution in this case is storing the users’ keys pairs in DB at the server. The following scheme for the users’ authentication and use of asymmetric cryptosystems is proposed for the case when the key information can be stored only at the server. In this case the record of the user А will include identifier (login) Id A , hashed password in the form of hash ( PASS A + Id A ) , А A public key kpublic , encrypted private key kprivate . The private key is encrypted

Schemes for Data and User Authentication in Distributed GIS

365

by the symmetric algorithm, whose key is generated based on the password and transmitted to the user on request in the encrypted form. The user using his private password can decrypt the private key to perform different cryptographic operations, e.g., for EDS generation. 4.1 Example of Authentication Scheme Realization and User’s Keys Storage in Distributed GIS Creation of the user’s record: 1. User A generates identifier (login) Id A and password PASS A . A 2. User A generates a secret key ksecret for symmetric system for the A purpose of private key kprivate encryption. 3. User A calculates hA = hash ( PASS A + Id A ) . A = f ( hA ) . In the simplest case 4. User A calculates an auxiliary key k temp hash function hA or its part can be used as such key. 5. User A calculates cryptogram

((

)

)

A A CRYPTPASS A = encrypt hA ksecret ; ktemp through the symmetric algorithm. 6. User A generates a pair of keys for symmetric algorithm: public key А A kpublic and private key kprivate . 7. User A encrypts the private key by symmetric algorithm with secret A A A A key ksecret : ekprivate = encrypt ( kprivate ; ksecret ). А A , ekprivate to the server. 8. User A transmits Id A , CRYPTPASS A , kpublic 9. The server stores receives information about a new user in DB in the form (Table 1).

Table 1. Example of the user’s record storage in DB

Index …

Password … CRYPTPASS A

Privatekey … A ekprivate

Publickey …

iA

Login … Id A

…

…

…

…

…

А kpublic

The user authentication scheme for this case will acquire a form represented in Fig. 3. Actions performed by the client do not differ from actions described in the previous scheme (Fig. 2). Nevertheless, CRYPTPASS A , and not hA , will be stored on the servers in the users’ DB. To receive hA the server has to perform an operation inverse to the operation performed

366

S. Shtanko, A. Pankin

S k public

S k private

S k public

A k temp

А ksec ret

k

S public

A k temp

Fig. 3 Upgraded user authentication for the case when the private key is stored in DB at the server A A when creating a user hA ksecret = decrypt ( CRYPTPASS A , k temp ) . Thus, the key A k temp is calculated from hA transmitted by the client in the similar way as

A when creating the user: ktemp = f ( hA′ ) . The same authentication procedure is also performed at the user’s private key request for different purposes (e.g., for EDS realization). Upon

Schemes for Data and User Authentication in Distributed GIS

367

A the successful authentication of values, CRYPTPASS A and ekprivate are transmitted to the user. To receive his own private key and to generate a signature the user will perform the following operations: Generation of EDS: 1. User A calculates hA′ = hash ( PASS A + Id A ) . A 2. User A calculates auxiliary key k temp = f ( hA′ ) . A A = decrypt ( CRYPTPASS A , k temp 3. User A calculates hA ksecret ). A A A 4. User A calculates kprivate = decrypt ( ekprivate ; ksecret ).

A 5. User A signs the message m : s A = sign ( m; kprivate ).

Now, the signature of user A can be validated both by the server and A any other user using the public key of user A kpublic . EDS validation: 1. The server (User B ) receives the signed message m s . A 2. The server (User B ) calculates m′ = signver ( s; kpublic ). ? 3. The server (User B ) validates signature m′ = m (in practice

?

h′(m) = h (m). Thus, the above system allows construction of sufficiently protected, and at the same time undemanding for resources, systems of the user authentication.

5 Binding the Distributed GIS User to Geographic Coordinates In some cases in distributed GIS a function of the user fixation to a certain position (region) can be required, i.e., in other words the user is entitled to be connected to the system only in a certain geographic zone. In this case geographic coordinates received from the navigation sensor become auxiliary arguments of hash function. In this case the table of the user account in DB will have the form (Table 2). Table 2 Example of the user’s record with coordinates fixation in DB

Index …

Login …

Password …

Privatekey …

Publickey …

Lat …

iA

Id A

CRYPTPASS A

A ek private

А k public

lat A

…

…

…

…

…

…

Lon …

lon A …

368

S. Shtanko, A. Pankin

While creating the user’s record the coordinates of the user lat A , lon A are added to the hash function arguments; they are received from the navigation system and approximated to a certain value, so that the discreteness of approximated coordinates does not exceed the error of position determining: hA = hash ( PASS A + Id A + lat A + lon A ) . Further, in each process of authentication at entering the identifier and password by the user into the terminal, the coordinates of this terminal are added automatically to them. Thus, if the user tries to enter the system from another position, and value hA received from the user and value h′A received from DB do not match, the user will be denied access.

6 Conclusion The proposed approaches and schemes allow the effective protection of information circulating in distributed GIS with consideration of the imposed constraints. In particular, the scheme is suggested for using the asymmetric cryptosystems for the case when users cannot store key information and it must be stored at the server. Also, the approach is proposed allowing for binding the user to a certain geographic position. The paper provides schemes not binding to specific cryptographic algorithms. Any algorithms depending on the specified requirements and legal issues can be used in the described schemes as symmetric and asymmetric algorithms. Thus, this scheme has been realized in GIS developed using J2EE platform based upon the embedded JCA and JASS tools with the use of symmetric AES and asymmetric RSA algorithms. It is worth noting that the considered standard X.509 is not associated with certain algorithms; however, it is suggested to use Diffie-Hellman and RSA algorithms as the asymmetric ones. Using algorithms based on elliptic curves seems the most preferable due to their better robustness and encrypting performance [4, 5]. For instance, the elliptic curves algorithms at the key size (capacity of the module p binary representation) of 220–260 bit provide for higher robustness and encrypting performance than RSA algorithms at the key size of 2,048 bit. The study of the elliptic curves-based asymmetric algorithms to be realized in Java and intended for implementing in the above schemes also lies within the scope of the authors’ research interests.

Schemes for Data and User Authentication in Distributed GIS

369

References 1. Zima VM, Moldovyan AA, and Moldovyan NA (2003) The Global Network Technologies Safety (in Russian). BHV–Petersburg, St. Petersburg, Russia 2. Stallings W (2001) Cryptography and Network Security: Principles and Practice (in Russian). Williams Publishing House, Moscow, Russia 3. Ivanov MA (2001) Cryptographic Methods of Information Protection in Computer Systems and Networks (in Russian). KUDITS–OBRAS, Moscow, Russia 4. Moldovyan NA and Moldovyan AA (2005) Introduction in Cryptosystems with Public Key (in Russian). BHV–Petersburg, St. Petersburg, Russia 5. Rostovtsev AG and Makhovenko EB (2001) Introduction in Cryptography with Public Key (in Russian). Mir i Semya, St. Petersburg, Russia 6. Schneier B (1996) Applied Cryptography: Protocols, Algorithms, and Source Code in C. Willey, New York, USA 7. Barker E, Barker W, Burr W, Polk W, and Smid M (2006) NIST Special Publication 800-57, Recommendation for Key Management. http://csrc.nist.gov/ publications/nistpubs/800-57/SP800-57-Part1.pdf 8. Frankel S, Hoffman P, Orebaugh A, and Park R (2008) NIST Special Publication 800-113, Guide to SSL VPNs, http://csrc.nist.gov/publications/nistpubs/ 800-113/SP800-113.pdf 9. Hankerson D, Menezes A, and Vanstone SA (2004) Guide to Elliptic Curve Cryptography. Springer, Berlin Heidelberg New York 10. Anoop MS (2007) Elliptic Curve Cryptography – An Implementation Tutorial. Tata Elxsi, India 11. The Case for Elliptic Curve Cryptography. National Security Agency. http:// www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm 12. JavaTM Cryptography Architecture. API Specification & Reference. http:// java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html

Author Index

Andrienko, G. 3 Andrienko, N. 3 Angelaccio, M. 137

Levachkine, S. 77, 149, 165, 177 Levashova, T. 113 Lobo, V. 19 Lopez-Pellicer, F. J. 193 Lubniewski, Z. 251

Bikonis, K. 251 Bosse, E. 209 Bruniecki, K. 277

Makshanov, A. 265, 289 Martinez, M. 165 Mata, F. 77 Moldovyan, A. 317 Moldovyan, N. 317, 331 Moldovyanu, P. 331 Moreno, M. 149, 177 Moszynski, M. 277

Chen, S. 95 Chybicki, A. 263 Claramunt, C. 95 Corcho, O. 193 D’Ambrogio, A. 137 Dabrowski, J. 277 Dernova, E. 331 Desnitsky, V. 301 Duclos–Hindie, N. 209 Ermolaev, V.

265, 289

Florea, M. C.

209

Nogueras-Iso, J. Osipov, V.

241

Pankin, A. 63, 359 Popovich, V. 39, 227

Galjano, P. 227 Guzman, G. 149, 177 Ivakin, Y.

193

Quintero, R.

149, 177

Ramos, J. A. Ray, C. 95

193

241 Shilov, N. 113 Shtanko, S. 359 Smirnov, A. 113 Stepnowski, A. 251, 277

Kaminski, L. 277 Kashevnik, A. 113 Komashinskiy, D. 343 Kostina, A. 331 Kotenko, I. 301, 343 Kozlovskiy, S. 265 Krek, A. 137 Kulawiak, M. 251, 277 Kuzenny, V. 63

Tan, J. 95 Tarakanov, A. 125 Torres, M. 149, 177 Valin, P. 209 Vilches-Blazquez, L. M. 371

193