Knowledge and Information Systems

, Volume 52, Issue 1, pp 147–178 | Cite as

Identification of critical situations via Event Processing and Event Trust Analysis

  • Massimiliano L. Itria
  • Melinda Kocsis-Magyar
  • Andrea CeccarelliEmail author
  • Paolo Lollini
  • Gabriele Giunta
  • Andrea Bondavalli
Regular Paper


In crisis management systems, situational awareness is usually at the basis of guiding the intervention process, and it is required to rapidly process data acquired from information sources on the field such as sensors or even humans. Given the variety and heterogeneity of sources and the amount of information that can be collected, together with the urgency of taking decisions, such information needs to be rapidly collected, filtered and aggregated in a form that can be used in subsequent machine-assisted decision support processes. At the same time, uncertainties in the input data or approximations in the processing phase may lead to an incorrect interpretation of the real situation in progress, which may generate mismanagements and severe consequences. This paper presents an event processor for crisis management systems that combines heterogeneous input sources to detect a critical situation. Complex Event Processing technology is applied for correlating data and creating events that describe the critical situation. Anomaly detection techniques are then used to analyze such events and detect possible anomalies, i.e., events not pertaining to the identified critical situation. The devised event processor creates trusted events that describe a critical situation merging inputs from heterogeneous and potentially untrusted sources. A prototype of the solution has been implemented and exercised within the crisis management system developed during the Secure! project. The experimental validation activities performed make use of different input sources, such as Twitter and sensors deployed on field (a Doppler radar for people detection and accelerometers for vibrations detection). The objective of the experimental campaign is to show (i) the adequacy of the solution to rapidly process the information and describe the critical situation, and (ii) its capability in detecting anomalous events that could impair the accuracy of the description of the critical situation.


Crisis management system Complex Event Processing Event correlator Anomaly detection Decision Support System Event Trust Analysis 



This work was partially supported by the research projects POR-CREO 2007-2013 “Secure!” funded by Regione Toscana, PRIN no. 20103P34XC “TENACE-Protecting National Critical Infrastructures from Cyber Threats” funded by the Italian Ministry of Education, University and Research, and the H2020-DRS-700191- STORM “Safeguarding Cultural Heritage through Technical and Organisational Resources Management” funded by the European Community.


  1. 1.
    Vescoukis V, Doulamis N, Karagiorgou S (2012) A service oriented architecture for decision support systems in environmental crisis management. Future Gener Comput Syst 28:593–604CrossRefGoogle Scholar
  2. 2.
    Eriksson M et al (2009) Event detection in crisis management systems. Procedia Chem 1(1):1055–1058CrossRefGoogle Scholar
  3. 3.
    Dietrich C, Pawlak P (2013) Crowd-sourcing—crisis response in the digital age. European Union Institute for Security Studies, No 39 November 2013Google Scholar
  4. 4.
    Ganti RK, Ye F, Lei H (2011) Mobile crowdsensing: current state and future challenges. IEEE Commun Mag 49(11):32–39CrossRefGoogle Scholar
  5. 5.
    Yates D, Paquette S (2011) Emergency knowledge management and social media technologies: a case study of the 2010 Haitian earthquake. Int J Inf Manag 31(1):6–13. ISSN 0268-4012Google Scholar
  6. 6.
    Meier P (2011) New information technologies and their impact on the humanitarian sector. Int Rev Red Cross 93.884:1239–1263CrossRefGoogle Scholar
  7. 7.
    Zoppi T et al (2016) Presenting the proper data to the crisis management operator: a relevance labelling strategy. In: Press at HASE 2016, 7–9 Jan 2016 (see supplemental material)Google Scholar
  8. 8.
    Beringer DB, Hancock PA (1989) Exploring situational awareness: a review and the effects of stress on rectilinear normalisation. In: Proceedings of the fifth international symposium on aviation psycology, vol 2, pp 646–651Google Scholar
  9. 9.
    Bondavalli A, Ceccarelli A, Falai L, Vadursi M (2007) Foundations of measurement theory applied to the evaluation of dependability attributes. In: DSN 2007, pp 522–533Google Scholar
  10. 10.
    Etzion O, Niblett P (2011) Event processing in action. MANNING, Greenwich, pp 68–73Google Scholar
  11. 11.
    Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv CSUR 41(3):15Google Scholar
  12. 12.
    Secure! Project (2013–2015) Regione Toscana POR-CREO 2007–2013.
  13. 13.
    Itria ML, Daidone A, Ceccarelli A (2014) A Complex Event Processing approach for crisis-management systems, BIG4CIP workshop at EDCC2014 .Informal article at
  14. 14.
    DBPedia [online].
  15. 15.
    Secure! Project, Events Taxonomy (2013) Scholar
  16. 16.
  17. 17.
    Abel F et al (2012) Semantics+filtering+search=twitcident. Exploring information in social web streams. In: Proceedings of the 23rd ACM conference on Hypertext and social media. ACMGoogle Scholar
  18. 18.
    Faulkner M et al (2014) Community sense and response systems: your phone as quake detector. Commun ACM 57.7:66–75CrossRefGoogle Scholar
  19. 19.
    Esper Team and EsperTech Inc. (2012) Esper reference version 4.9.0. Last accessed \(24{{\rm th}}\) Nov 2014
  20. 20.
    Peltz C (2003) Web services orchestration and choreography. Computer 36(10):46–52CrossRefGoogle Scholar
  21. 21.
  22. 22.
  23. 23.
    Höhle M (2007) Surveillance: an R package for the monitoring of infectious diseases. Comput Stat 22(4):571–582MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Auslander B, Gupta KM, Aha DW (2011) A comparative evaluation of anomaly detection algorithms for maritime video surveillance. In: SPIE defense, security, and sensing. International Society for Optics and PhotonicsGoogle Scholar
  25. 25.
    Kaufman L, Rousseeuw PJ (1987) Clustering by means of medoids. In: Dodge Y (ed) Statistical data analysis based on the \(\text{ L }_{1}\)-norm and related methods. Elsevier, North-Holland, pp 405–416Google Scholar
  26. 26.
    Amerini I et al (2016) Media trustworthiness verification and event assessment through an integrated framework: a case-study. Multimed Tools Appl 1–16. doi: 10.1007/s11042-016-3303-8
  27. 27.
    R Core Team (2014) R: a language and environment for statistical computing. R Foundation for Statistical Computing, Vienna, Austria.
  28. 28.
  29. 29.
    Maechler M, Rousseeuw P, Struyf A, Hubert M, Hornik K (2014) Cluster: cluster analysis basics and extensions. R package version 1.15.2Google Scholar
  30. 30.
    Wickham H (2009) ggplot2: elegant graphics for data analysis. Springer, New YorkCrossRefzbMATHGoogle Scholar
  31. 31.
    Kahle D, Wickham H (2013) ggmap: a package for spatial visualization with Google Maps and OpenStreetMap. R package version 2.3.
  32. 32.
    Soetaert K (2014) plot3D: plotting multi-dimensional data. R package version 1.0-1.
  33. 33.
    Adler D, Murdoch D et al (2014) rgl: 3D visualization device system (OpenGL). R package version 0.93.996.
  34. 34.
    Il Tirreno (2009) Nei Musei solo otto turisti su cento (in Italian: only 8 tourists out of 100 enter museums), 26 April 2009 [online].
  35. 35.
    Imran M, Castillo C, Diaz F, Vieweg S (2015) Processing social media messages in mass emergency: a survey. ACM Comput Surv 47(4), Article 67Google Scholar
  36. 36.
    Liu S, Shaw D, Brewster C (2013) Ontologies for crisis management: a review of state of the art in ontology design and usability. In: Proceedings of the 10th international conference on information systems for crisis response and management (ISCRAM). Baden-Baden, Germany, May 2013, pp 349–359Google Scholar
  37. 37.
    Bénaben F et al (2008) A metamodel and its ontology to guide crisis characterization and its collaborative management. In: Proceedings of the 5th international conference on information systems for crisis response and management (ISCRAM), Washington, DC, USA, May 2008Google Scholar
  38. 38.
    Babitski G, Probst F, Hoffmann J, Oberle D (2009) Ontology design for information integration in disaster management. In: Proceedings of the 4th international workshop on applications of semantic technologies (AST)Google Scholar
  39. 39.
    Chen-Huei C, Zahedi FM, Huimin Z (2009) Ontology for developing web sites for natural disaster management: methodology and implementation. IEEE Trans Syst Man Cybern Part A Syst Hum 41(1):50–62Google Scholar
  40. 40.
    EM-DAT, The International Disaster Database [online].
  41. 41.
  42. 42.
    Australian AG Disasters Database [online].
  43. 43.
    Humanitarian Exchange Language (HXL) [online].
  44. 44.
    Othman SH, Beydoun G, Sugumaran V (2014) Development and validation of a Disaster Management Metamodel (DMM). Inf Process Manag 50(2):235–271CrossRefGoogle Scholar
  45. 45.
    Olteanu A, Castillo C, Diaz F, Vieweg S (2014) CrisisLex: a lexicon for collecting and filtering microblogged communications in crises. In: Proceedings of the AAAI conference on weblogs and social media (ICWSM’14). AAAI Press, Ann Arbor, MI, USA.
  46. 46.
    Muhammad I et al (2013) Extracting information nuggets from disaster-related messages in social media. In: Proceedings of ISCRAMGoogle Scholar
  47. 47.
    Leavitt A, Clark JA (2014) Upvoting hurricane Sandy:event-based news production processes on a social news site.In: Proceedings of the SIGCHI conference on human factors in computingsystems. ACMGoogle Scholar
  48. 48.
    Caragea C et al (2011) Classifying text messages for the Haiti earthquake. In: Proceedings of of ISCRAMGoogle Scholar
  49. 49.
    Metaxas P, Mustafaraj E (2013) The rise and the fall of a citizen reporter. In: Proceedings of WebSciGoogle Scholar
  50. 50.
    Aslam JA et al (2013) TREC 2014 temporal summarization track overview TRECGoogle Scholar
  51. 51.
    Shou L et al. (2013) Sumblr: continuous summarization of evolving tweet streams. In: Proceedings of the 36th international ACM SIGIR conference on Research and development in information retrieval. ACMGoogle Scholar
  52. 52.
    de la Asunción M et al (2005) SIADEX: an interactive knowledge-based planner for decision support in forest fire fighting. AI Commun 18.4:257–268MathSciNetGoogle Scholar
  53. 53.
    Imran M et al (2014) Aidr: artificial intelligence for disaster response. In: Proceedings of the companion publication of the 23rd international conference on world wide webGoogle Scholar
  54. 54.
    MacEachren AM et al (2011) Senseplace2: geotwitter analytics support for situational awareness. In: 2011 IEEE conference on visual analytics science and technology (VAST). IEEEGoogle Scholar
  55. 55.
    Rogstadius J et al (2013) CrisisTracker: crowdsourced social media curation for disaster awareness. IBM J Res Dev 57(5):4:1–4:13CrossRefGoogle Scholar
  56. 56.
    Liu L, Webster D, Xu J, Wu K (2010) Enabling dynamic workflow for disaster monitoring and relief through service-oriented sensor networks. In: CHINACOM, Beijing, ChinaGoogle Scholar
  57. 57.
    Farshad S, Cerone A, De Nicola R (2015) On integrating social and sensor networks for emergency management, software engineering and formal methods. Springer, BerlinGoogle Scholar
  58. 58.
    Sokat KY et al (2014) Capturing real-time data in disaster response logistics, No. 14-05. Working PaperGoogle Scholar
  59. 59.
    Imran M et al (2014) Coordinating human and machine intelligence to classify microblog communications in crises. In: Proceedings of ISCRAMGoogle Scholar
  60. 60.
    Power R et al (2014) Emergency situation awareness: twitter case studies, information systems for crisis response and management in mediterranean countries. Springer, BerlinGoogle Scholar
  61. 61.
    Fleischer J et al (2010) An integration platform for heterogeneous sensor systems in GITEWS-Tsunami Service Bus. Nat Hazards Earth Syst Sci 10.6:1239–1252CrossRefGoogle Scholar
  62. 62.
    Lorincz K et al (2004) Sensor networks for emergency response: challenges and opportunities. IEEE Pervasive Comput 3(4):16–23CrossRefGoogle Scholar
  63. 63.
    Fawzy D, Sahin Y (2010) RT-HRLE: a system design for real-time hazards reporting and loss estimation using wireless sensors, In: International conference on education and management technology (ICEMT), Cairo, Egypt, Nov 2010Google Scholar
  64. 64.
    Vianello V, Gulisano V, Jmenez-Pers R, Platino-Martinez M, Torres R, Díaz R, Prieto E (2013) A scalable SIEM correlation engine and its application to the olympic games IT infrastructure. In: Proceedings of international conference on availability, reliability and securityGoogle Scholar
  65. 65.
    Paraiso F, Hermosillo G, Rouvoy R, Merle P, Seinturier L (201) A middleware platform to federate Complex Event Processing. In: 2012 IEEE 16th international enterprise distributed object computing conference (EDOC) 10–14 Sept 2012, pp 113, 122Google Scholar
  66. 66.
    Barthe-Delanoë AM et al (2012) Event-driven agility of crisis management collaborative processes. In: Proceedings of the 9th international ISCRAM conference, 2012Google Scholar
  67. 67.
    Gao H, Barbier G, Goolsby R (2011) Harnessing the crowdsourcing power of social media for disaster relief. IEEE Intell Syst 3:10–14CrossRefGoogle Scholar
  68. 68.
    Viswanath B, Bashir MA, Crovella M, Guha S, Gummadi KP, Krishnamurthy B, Mislove A (2014) Towards detecting anomalous user behavior in online social networks. In: 23th USENIX Symposium, August 2014Google Scholar
  69. 69.
    Thom D et al (2012) Spatiotemporal anomaly detection through visual analysis of geolocated twitter messages. In: 2012 IEEE pacific visualization symposium (PacificVis). IEEEGoogle Scholar
  70. 70.
    Pawling A et al (2008) Anomaly detection in streaming sensor data. Intell Tech Warehous Min Sens Netw Data 99–117. doi: 10.4018/978-1-60566-328-9
  71. 71.
    H2020-DRS-700191-STORM Project (2016) Safeguarding cultural heritage through technical and organisational resources management.
  72. 72.
    Cugola G, Margara A (2012) Processing flows of information: from data stream to complex event processing. ACM Comput Surv: CSUR 44(3):15CrossRefGoogle Scholar
  73. 73.
    Willsky AS (1976) A survey of design methods for failure detection in dynamic systems. Automatica 12(6):601–611MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag London 2016

Authors and Affiliations

  • Massimiliano L. Itria
    • 1
  • Melinda Kocsis-Magyar
    • 2
  • Andrea Ceccarelli
    • 3
    • 5
    Email author
  • Paolo Lollini
    • 3
    • 5
  • Gabriele Giunta
    • 4
  • Andrea Bondavalli
    • 3
    • 5
  1. 1.Resiltech SrlPontederaItaly
  2. 2.Quanopt kftBudapestHungary
  3. 3.Mathematics and Computer Science DepartmentUniversity of FlorenceFlorenceItaly
  4. 4.Engineering Ingegneria Informatica S.p.A.PalermoItaly
  5. 5.CINI-Consorzio Interuniversitario Nazionale per l’InformaticaFlorenceItaly

Personalised recommendations