“You cannot hold firewalls and Intrusion Detection Systems accountable. You can only hold people accountable.”
– Darryl White
The solid foundation of any robust physical security is always ensured through two things, (1) the presence of “multilayered security” around the asset – also called defense in depth, (2) which is augmented with required security equipment/personnel, while keeping in mind “4D’s” (Deter-Detect-Delay-Deny).
The 4D’s are naturally sequenced as per their placement, for example, some visible cameras are deployed at the outer most layer of security to “deter” the adversaries; locks and barriers are positioned to “delay” the advance of the adversaries, and finally response team engages the adversaries to “deny” them from reaching their desired target/asset. In succeeding paragraphs, we will discuss the “detect” part of 4D’s; which in sequence, comes second after “deter”.
Sensors, Video Surveillance System, Alarms and allied communication system, working in coordination forms Intrusion Detection System (IDS); whereas sensors are considered the most important feature of the system.
Before proceeding further, it is vital to understand certain expressions, which are frequently used in IDS engagements.
Nuisance Alarm is an alarm that is not caused by the intrusion i.e. the alarm is activated because of the environment or any other factor, and not due to the presence of an intruder. Nuisance Alarms can be because of birds, trees, weather, vibration or electromagnetic interference. Nuisance Alarm Rate (NAR) is a calculated number, which tells how often the nuisance alarm occurred in a given time. In ideal conditions, NAR is expected to be zero.
False Alarm is still Nuisance Alarm, which is generated by the equipment itself; and is mostly because of its poor designing, inadequate maintenance or component failure. False Alarms Rate (FAR) is also a calculated number, which tells how often the false alarm occurred in a given time. In ideal conditions, FAR is also expected to be zero, and while designing the system, acceptable FAR should be specified; and on average, FAR should not be more than once per week/sensor.
Probability of Detection (PD) is the effectiveness of a sensor to detect. Universally, the value of perfect PD has been agreed as 1 (one), however, in real life, it always remains less than 1. PD largely depends on installation conditions, sensitivity adjustments and weather conditions. In general, PD of up to 0.90 is considered acceptable.
Vulnerability to Defeat (VD) is any weakness of a sensor, which can be exploited by the adversary. An ideal sensor can not be defeated; however, all existing ones can be. There are two main methods through which a sensor can be defeated; (1) by “bypassing” the extent of the effective detection zone, (2) by “Spoofing” i.e. passing through the detection zone without being spotted while using some technique or equipment.
Classification of Sensors
Sensors are being used worldwide for intrusion detection. The application of sensors is on boundaries, fences, as free-standing and/or indoors. The sensors are classified in many categories, some of which are briefly described below:
Passive or Active – Passive sensors do not emit any energy, rather detect the energy emitted by the object, and activate an alarm when there is a change in a natural field of energy. Detection is based on the difference in temperature between the intruder and the background, this difference is called Minimum Resolvable Temperature (MRT). Normally, humans emit energy which is equal to 50Wt bulb. The energy can be in the shape of vibration, heat or sound.
An adversary will have difficulty finding a passive sensor. A passive device is safe to be deployed in an environment where explosive material is used. Sunlight passing through windows can raise the temperature of the interior surface, which would then generate FAR. Active sensors transmit energy and detect changes in the received energy. They may have both transmitters and receivers. Active sensors include microwave and infrared. These sensors also have fewer NAR, because of their strong signals.
Covert or Visible – Covert sensors are hidden and are difficult for an intruder to locate. These sensors do not affect the appearance of the environment. On the other hand visible sensors are easier to install, repair and maintain.
Line of Sight or Terrain following – Line of sight sensors requires clear LOS between transmitter and receiver; whereas, terrain-following works on flat as well as irregular terrain.
Volumetric or Line detection – Volumetric sensors transmit a wide-angle of energy, and when an intruder enters the detection volume, it activates the alarm. Either entire or portion of the premises can be covered using volumetric sensors. The advantage with these sensors is that they cover a large area for detection. It may be hard for the intruder to make out the extent of the volumetric beam of a sensor. Line detection sense motion along a straight line and it is easier for an intruder to spot these sensors or their effective zone. Line detection sensors can be deployed at doors, windows or walls.
Types of Sensors
Sensor Fence – These sensors are passive, visible and terrain following, and are designed to detect either disturbing or cutting of boundary fence. Taut-wire sensor fence that has many parallel horizontal wires with high tensile strength, is one of the examples. The transducers detect deflection of the wire if it is cut, being climbed, or if an attempt is made to separate the wires. The sensor fence has less NAR, as it requires a force of around 25 lbs to activate the alarm. Most alarms are generated by large animals; as while walking, they push the wires in the detection zone.
Infrared Sensors – These sensors are visible, line-of-sight, and are of two types i.e. active and passive. In active sensors, when continuous beam sent from the transmitter, is disrupted, alarm activates; whereas, passive sensors detect energy generated by the subject. The infrared beam travels in a straight line, and is not visible to human eyes, have a narrow detection zone; and for high-level security, multiple beam sensors are advised, as one beam can be easily defeated.
Microwave Sensors – These sensors are active, visible and volumetric and are of two types i.e. Bistatic, which has separate transmitter and receiver; and Monostatic, in which transmitter and receiver are built together. The microwave sensors activate the alarm if the same amount of released energy from the transmitter is not acknowledged by the receiver. Generally, microwave energy penetrates glass, plaster, gypsum or plywood. If not installed correctly, it will activate a lot of NAR due to any movement out of the desired detection zone. In general, it is used in automatic door openers in supermarkets.
Glass Break Sensors – These sensors are molded directly on the window glass which are to be protected, and are specially designed to generate an alarm when the frequencies associated with glass breaking or vibration exceed a certain threshold, which can be adjusted by the user.
Electromechanical Sensor – The most common sensor in this category is Balance Magnetic Switch (BMS), generally installed on doors and windows. The sensor activates the alarm when the magnetic connection is broken due to the opening of a window or door pane.
Capacitance Sensor – It is a large electrical condenser that radiates energy and detects a change. Normally, the capacitance sensor’s wire is connected to an asset, such as high value safe, locker, or cabinet. An intruder while touching the object absorbs some of the electrical energy, disturbing the circuit and causing an alarm.
Wireless Sensor – Radio Frequency (RF) sensors are the most common type of wireless sensors. RF consists of a transmitter and a sensor, and these are battery-powered; and to conserve battery, remain in sleep mode, until required to generate alarms.
Video Motion Detector (VMD) – In its simplest form, a single-camera viewing the desired scene can be used for detection, if installed with the proper software. For instance, VMD detects changes in the brightness of the video scene and generates an alarm. The camera needs sufficient uniform light for quality operation; moreover, a very slow movement through the detection zone may defeat VMDs. Digital VMDs have fewer NAR; and insects, flickering lights, pets, etc are the main sources of most NAR.
Concepts related to Sensors
Clear Zone – Clear Zone is created in high-security premises; which are two parallel fences around the entire perimeter, and multiple complementary sensors are generally deployed. In two parallel fences, sensors should be placed on the inner fence; and with these settings, PD is increased and NAR is reduced.
Sensor Selection – There are three very important elements which are to be given due consideration before selecting the IDS equipment (1) through Risk Assessment, requirement of sensors should be evaluated first – and then equipment should be purchased accordingly; and not the other way round (2) layout of the building and other related space where sensors are to be placed, should be considered (3) natural and industrial environment affects NAR; Hence, before finalizing, it is better to set up a demonstration related to the effectiveness of recommended sensors.
Complimentary Sensors – The ideal sensors should have low NAR and high PD in that particular environmental condition, and against the required types of intrusions.
No single sensor meets both these requirements. To fill this void, the area should have complementary sensors to supplement each other’s weaknesses. This approach takes advantage of sensors having different technologies, PDs, NAR, and VDs. But before selecting sensors for complementary support, it is important to understand that the combination would not be complementary if the sensors have the same weaknesses and NAR; for example, microwave and PIR sensors is an ideal combination, because of their different defeat methods.
Moreover, sensors should be installed to ensure uniform detection throughout, so that the detection zone of one sensor should partially overlap the detection zone of adjacent sensors. Overlapping the detection volume of different sensors enhances overall detection. The defeat of the sensor pair is less probable because the greater volume and two different technologies must be defeated to succeed. A third sensor can further enhance performance not by overtaking the first two, but by forming a separate line of detection.
Integration of Sensors and Video Assessment – Security system becomes extremely effective when it successfully integrates people, procedures and equipment. If sensors are integrated with a video assessment system, in case of an alarm, it makes the task easier for the monitoring staff to assess the situation and take appropriate decisions – as, without assessment, detection is incomplete. This quick decision making will enable monitoring staff to swiftly dispatch response teams to the trouble spot, as it is not wise to send a response to all alarms without doing an initial assessment.
“AND” & “OR” Techniques – Like many Information Technology (IT) related operations, AND & OR concepts are also used in IDS. In IDS, sensors connected through OR combinations are useful to make up for each other’s deficiencies, but as this system will increase NAR; sensors with low NAR should be applied. In the case of AND combination of sensors, NAR will decrease and PD will be lower than the PD of each sensor; consequently, the intruder has to defeat only one sensor. To optimize the PD for combined sensors, it is safer to use sensors that are separately mounted but logically combined.
Line Supervision – The system can only be effective if the equipment is protected from tampering and damage. All the wires connecting the system should be separate and be placed in a conduit. Line supervision is a way to monitor the communication link between sensors and control system, and further to have protection against intruders. The complete sensor system must be tested regularly for its PD, either manually or through computer-controlled trigger signals. The outcome of all the maintenances, tests and Line Supervision should be recorded and documented.
IDS is quite an important subject, but generally, Security Managers leave this area of expertise to IDS vendors. It is understandable that Security Managers cannot be experts in every security-related subject, but a desirable knowledge of these “untouched areas” will be able to save a lot of money for the organization; and provide for better security solutions with same or even fewer finances. This article is aimed at stimulating the thinking process of security professionals, towards the basic knowledge of Intruder Detection System (IDS).