JP7431608B2 - Crime risk detection support device and crime risk detection support program - Google Patents

Description

The present invention relates to a crime risk detection support device and a crime risk detection support program.

Conventionally, there have been the following technologies that can be applied to understand crime risk.

That is, Patent Document 1 discloses a risk monitoring device that is connected to a security device and monitors risks within a business office, and includes a first monitoring means that monitors assets located at a predetermined location within the business office; a second monitoring means for monitoring a person at the predetermined location, information about the asset monitored by the first monitoring means, and information about the person monitored by the second monitoring means; A risk monitoring device is disclosed that includes an analysis means for analyzing a risk state, and an output means for outputting an analysis result by the analysis means.

Japanese Patent Application Publication No. 2008-217455

By the way, it is said that more than 91% of perpetrators of fraud exposed had at least one symptom before the fraud was detected, and more than 57% had two or more symptoms. Report to the Nation on Fraud and Abuse” by the Association of Certified Fraud Examiners.

In addition, as a sign of fraud, it is said that behavior that is hidden from the public eye becomes more common, and it appears as a unique behavioral pattern ("Exploring fraud prevention measures and detection methods - From the perspective of an arborist" ``Exploring Observation Points of ``Trees'''' CIA Forum Study Group Report No. a9, Monthly Audit Research 2016.8 (No. 513) Japan Institute of Internal Auditors).

However, the technology described in Patent Document 1 does not take into account the occurrence of abnormal behavior that differs from normal human behavior, so it is not necessarily possible to grasp the crime risk situation with high accuracy. There was a problem.

The present disclosure has been made in view of the above circumstances, and aims to provide a crime risk detection support device and a crime risk detection support program that can grasp the crime risk situation with high accuracy.

The crime risk detection support device according to the present invention according to claim 1 includes: a detection unit that detects abnormal behavior that is different from the usual behavior of a person in a management area; , comprising a derivation unit that probabilistically derives an evaluation value indicating the possibility that a crime will occur in the management area, and a presentation unit that presents information according to the evaluation value derived by the derivation unit , The crime is an internal crime .

According to the crime risk detection support device according to the present invention as set forth in claim 1, an abnormal behavior that is different from the usual behavior of a person in a management area is detected, and based on the detected abnormal behavior, an action is performed in the management area. By probabilistically deriving an evaluation value that indicates the possibility that a crime will occur, and presenting information according to the derived evaluation value, it is possible to grasp the crime risk situation with high precision.
Further, according to the crime risk detection support device according to the present invention as set forth in claim 1, by setting the crime as a crime committed internally, it is possible to grasp the crime risk situation due to internal crimes with high accuracy. .

The crime risk detection support device according to the present invention according to claim 2 includes: a detection unit that detects abnormal behavior that is a behavior different from the usual behavior of a person in a management area; , comprising a derivation unit that probabilistically derives an evaluation value indicating the possibility that a crime will occur in the management area, and a presentation unit that presents information according to the evaluation value derived by the derivation unit, The detection unit detects the abnormal behavior using a recording result by an entrance/exit management system provided in a predetermined detection target area in the management area.

According to the crime risk detection support device according to the present invention as set forth in claim 2, an abnormal behavior that is a behavior different from the usual behavior of a person in a management area is detected, and based on the detected abnormal behavior, an action is performed in the management area. By probabilistically deriving an evaluation value that indicates the possibility that a crime will occur, and presenting information according to the derived evaluation value, it is possible to grasp the crime risk situation with high precision.
Further, according to the crime risk detection support device according to the present invention as set forth in claim 2 , the abnormal behavior is detected using a recording result by an entrance/exit management system provided in a predetermined detection target area in the management area. As a result, the access control system that has been installed for a long time can be used, and as a result, the present invention can be realized at a lower cost.

The crime risk detection support device according to the present invention according to claim 3 is the crime risk detection support device according to claim 2 , wherein the detection unit detects the date and time when the person operated the entry/exit management system. The abnormal behavior is detected using the recording result of at least one of the times.

According to the crime risk detection support device according to the present invention as set forth in claim 3 , by detecting the abnormal behavior using the recorded result of at least one of the date and time when the person operated the entry/exit management system. , it is possible to more easily understand the crime risk situation.

The crime risk detection support device according to the present invention according to claim 4 is the crime risk detection support device according to any one of claims 1 to 3 , in which the derivation unit calculates the Derive the evaluation value.

According to the crime risk detection support device according to the present invention as set forth in claim 4 , by deriving the evaluation value by Bayesian estimation, past behavior patterns can be effectively utilized for deriving the evaluation value of crime risk. can.

The crime risk detection support device according to the present invention according to claim 5 is the crime risk detection support device according to claim 1 , wherein the detection unit further detects the number of people existing in the management area. , the derivation unit derives a value obtained by multiplying the evaluation value by the probability of committing the crime according to the number of people detected by the detection unit as the final evaluation value.

According to the crime risk detection support device according to the present invention as set forth in claim 5 , the number of people existing in the management area is further detected, and the crime risk detection support device according to the number of detected people is determined based on the evaluation value. By deriving the value obtained by multiplying the probability of performing the above as the final evaluation value, it is possible to grasp the crime risk situation with higher accuracy.

The crime risk detection support device according to the present invention according to claim 6 is the crime risk detection support device according to claim 5 , in which the derivation section is arranged such that the number of people detected by the detection section is one. In certain cases, the evaluation value is multiplied by the probability that the crime was committed by a lone offender.

According to the crime risk detection support device according to the present invention as set forth in claim 6 , when the number of detected persons is 1, the evaluation value is multiplied by the probability that the crime is committed by a single offender. By doing so, it is possible to accurately grasp the risk of crimes committed by single offenders, which occur frequently.

The crime risk detection support program according to the present invention according to claim 7 detects an abnormal behavior that is a behavior different from the usual behavior of a person in a management area, and based on the detected abnormal behavior, an internal action is performed in the management area. A computer is made to perform a process of probabilistically deriving an evaluation value that indicates the possibility that a crime will occur due to a crime , and presenting information according to the derived evaluation value.

According to the crime risk detection support program according to the present invention as set forth in claim 7 , an abnormal behavior that is a behavior different from a person's usual behavior in a management area is detected, and based on the detected abnormal behavior, an action is performed in the management area. By probabilistically deriving an evaluation value that indicates the possibility that a crime will occur, and presenting information according to the derived evaluation value, it is possible to grasp the crime risk situation with high precision.
Further, according to the crime risk detection support program according to the present invention as set forth in claim 7, by setting the crime as a crime committed internally, it is possible to grasp the crime risk situation due to internal crimes with high accuracy. .
The crime risk detection support program according to the present invention according to claim 8 is characterized in that an entrance/exit management system provided in a predetermined detection target area in the management area detects abnormal behavior that is a behavior different from the usual behavior of a person in the management area. Based on the detected abnormal behavior, an evaluation value indicating the possibility of a crime being committed in the management area is probabilistically derived, and information is presented according to the derived evaluation value. to have a computer perform a process.
According to the crime risk detection support program according to the present invention as set forth in claim 8, abnormal behavior that is a behavior different from the usual behavior of a person in a management area is detected, and based on the detected abnormal behavior, an action is performed in the management area. By probabilistically deriving an evaluation value that indicates the possibility that a crime will occur, and presenting information according to the derived evaluation value, it is possible to grasp the crime risk situation with high precision.
Further, according to the crime risk detection support program according to the present invention as set forth in claim 8, the abnormal behavior is detected using a recording result by an entrance/exit management system provided in a predetermined detection target area in the management area. As a result, the access control system that has been installed for a long time can be used, and as a result, the present invention can be realized at a lower cost.

As described above, according to the present invention, it is possible to grasp the crime risk situation with high accuracy.

FIG. 1 is a block diagram showing an example of a hardware configuration of a crime risk detection support device according to an embodiment. FIG. 1 is a block diagram showing an example of a functional configuration of a crime risk detection support device according to an embodiment. FIG. 2 is a plan view showing an example of the configuration of a target building (management area) according to the embodiment. FIG. 2 is a schematic diagram showing an example of the configuration of an entry/exit management database according to an embodiment. FIG. 2 is a schematic diagram showing an example of the configuration of a normal operation range database according to the embodiment. 7 is a flowchart illustrating an example of normal operation range setting processing according to the embodiment. It is a graph which shows an example of the card operation histogram at the time of work by time of the whole target area according to the embodiment. It is a graph which shows an example of the card operation histogram at the time of work by day of the week for the entire target area according to the embodiment. It is a graph which shows an example of the card operation histogram at the time of work by device in the whole target area according to the embodiment. It is a graph which shows an example of the card operation histogram at the time of an individual's attendance by time according to an embodiment. It is a graph which shows an example of the card operation histogram at the time of work by day of the week for each individual according to the embodiment. It is a graph which shows an example of the card operation histogram at the time of work by device by individual based on embodiment. It is a flow chart which shows an example of crime risk detection support processing concerning an embodiment. It is a graph showing the relationship between the number of employees and the number of recognized internal crimes. FIG. 3 is a schematic diagram illustrating a method for deriving an evaluation value using entry/exit management data for the entire target area in crime risk detection support processing according to the embodiment. FIG. 2 is a schematic diagram illustrating a method for deriving an evaluation value using individual entry/exit management data in the crime risk detection support process according to the embodiment. FIG. 3 is a schematic diagram showing an example of information presented by crime risk detection support processing according to the embodiment. This is a graph showing the number of recognized cases of "workplace targets" and "business burglaries" by year.

Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings. In addition, in this embodiment, an area of one business office (hereinafter referred to as "target area") provided in a building (hereinafter referred to as "target building") is applied as the management area of the present invention, and the present invention We will explain the case where a crime committed internally is applied as a crime, but it is not limited to this. For example, the present invention may be applied to a partial area or the entire area of a facility that attracts customers such as a theme park, a public facility such as a park, a sales facility such as a convenience store, etc., as the management area. Furthermore, the crime of the present invention may be a crime committed by an unspecified number of outsiders.

First, the configuration of the crime risk detection support device 10 according to the present embodiment will be explained with reference to FIGS. 1 and 2. Note that examples of the crime risk detection support device 10 include information processing devices such as a personal computer and a server computer.

As shown in FIG. 1, the crime risk detection support device 10 according to the present embodiment includes a CPU (Central Processing Unit) 11, a memory 12 as a temporary storage area, a nonvolatile storage unit 13, and input units such as a keyboard and a mouse. 14, a display section 15 such as a liquid crystal display, a medium read/write device (R/W) 16, and a communication interface (I/F) section 18. The CPU 11, memory 12, storage section 13, input section 14, display section 15, medium reading/writing device 16, and communication I/F section 18 are connected to each other via a bus B1. The medium read/write device 16 reads information written in the recording medium 17 and writes information to the recording medium 17 .

The storage unit 13 is realized by an HDD (Hard Disk Drive), an SSD (Solid State Drive), a flash memory, or the like. The storage unit 13 as a storage medium stores a normal operation range setting program 13A and a crime risk detection support program 13B. The normal operation range setting program 13A and the crime risk detection support program 13B are executed when the recording medium 17 on which the normal operation range setting program 13A and the crime risk detection support program 13B are written is set in the medium read/write device 16, and the medium read/write device 16 records the information. By reading the normal operation range setting program 13A and the crime risk detection support program 13B from the medium 17, they are stored in the storage unit 13. The CPU 11 reads the normal operation range setting program 13A and the crime risk detection support program 13B from the storage unit 13, expands them into the memory 12, and sequentially executes the processes included in the normal operation range setting program 13A and the crime risk detection support program 13B.

The storage unit 13 also stores various databases such as an entry/exit management database 13C and a normal operation range database 13D. Details of the entrance/exit management database 13C and the normal operation range database 13D will be described later.

By the way, as shown in FIG. 3, in the target area 92 of the target building 90 according to the present embodiment, doors 94A, 94B, . It is being In the vicinity of the inside and outside of each target area 92 of each door 94A, 94B, . A pair of card readers 20A1, 20A2, 20B1, 20B2, . The ID card according to the present embodiment stores in advance a target person ID that allows the lent worker to be individually identified. Further, an individually identifiable card reader ID is predetermined for each of the card readers 20A1, 20A2, . . . according to the present embodiment. In the following description, the card readers 20A1, 20A2, . . . will be collectively referred to as "card readers 20" when described without distinction. Furthermore, hereinafter, when each door 94A, 94B, . . . is described without distinction, they will simply be collectively referred to as "doors 94."

Note that in the target area 92 according to the present embodiment, each card reader 20 has a function of unlocking a nearby door 94 and is used to record the date and time of entry and exit in the target area 92. A management system has been constructed, and by sharing each card reader 20 of the access management system with the crime risk detection support device 10, new cost increases are suppressed, but this is not limited to this. . For example, each card reader 20 may be newly provided. In this case, although there is a cost associated with the new installation of the card reader 20, it is possible to construct an optimal crime risk detection environment in the target area 92.

Each card reader 20 is connected to the communication I/F unit 18 of the crime risk detection support device 10 according to the present embodiment, and the CPU 11 reads the target person ID read by each card reader 20, It is possible to know the reading time of the subject ID and the card reader ID of the card reader 20 that read the subject ID.

On the other hand, the workers according to this embodiment include bosses for each of the plurality of groups, and each boss has personal computers (hereinafter referred to as "PCs") 22A, 22B, . ...is being lent. In addition, below, when each PC22A, 22B,... is described without distinguishing, it is simply called "PC22" generically.

Each PC 22 is connected to the communication I/F unit 18 of the crime risk detection support device 10 according to the present embodiment, and the CPU 11 can communicate with each PC 22. Note that inside the target area 92, each PC 22, a PC lent to a worker other than the boss, a desk, a chair, etc. are provided, but they are not shown in FIG. 3 to avoid confusion. There is.

Next, with reference to FIG. 2, the functional configuration of the crime risk detection support device 10 according to the present embodiment will be described. As shown in FIG. 2, the crime risk detection support device 10 includes a detection section 11A, a derivation section 11B, and a presentation section 11C. The CPU 11 of the crime risk detection support device 10 functions as a detection unit 11A, a derivation unit 11B, and a presentation unit 11C by executing the normal operation range setting program 13A and the crime risk detection support program 13B.

The detection unit 11A according to the present embodiment detects abnormal behavior that is different from normal behavior of a person (in this embodiment, a worker) in a management area (in this embodiment, target area 92). Here, the detection unit 11A according to the present embodiment detects the abnormal behavior using the recording results from the entry/exit management system provided in the target area 92 of the target building 90. In addition, the detection unit 11A according to the present embodiment uses the recorded results of the date and time when the worker operated the card reader 20 in the entry/exit management system and the card reader ID of the operated card reader 20, Detect abnormal behavior.

On the other hand, the derivation unit 11B according to the present embodiment probabilistically derives an evaluation value indicating the possibility that a crime will occur in the target area 92 based on the abnormal behavior detected by the detection unit 11A. Here, the derivation unit 11B according to the present embodiment derives the evaluation value by Bayesian estimation.

Then, the presentation unit 11C according to the present embodiment presents information according to the evaluation value derived by the derivation unit 11B. Here, the presentation unit 11C according to the present embodiment presents information according to the evaluation value by sending an e-mail to the PC 22 lent to the boss of the corresponding worker, but the present invention is not limited to this. It's not a thing. For example, it may be possible to perform control to display information according to the evaluation value on the display section of a PC lent to a predetermined administrator.

Furthermore, the detection unit 11A according to the present embodiment further detects the number of people existing in the target area 92, and the derivation unit 11B calculates the number of people detected by the detection unit 11A based on the evaluation value. The value obtained by multiplying the above probability by the probability of committing the crime is derived as the final evaluation value. In particular, in the derivation unit 11B according to the present embodiment, when the number of people detected by the detection unit 11A is 1, the evaluation value is multiplied by the probability that the crime is committed by a single offender.

Next, with reference to FIG. 4, the entrance/exit management database 13C according to this embodiment will be explained. As shown in FIG. 4, the entry/exit management database 13C according to the present embodiment includes the above-mentioned subject ID, date, time of entry, card reader ID at the time of entry, time of exit, and card reader ID at the time of exit. Information is stored in association with each other. Of the information included in these entry/exit management databases 13C, all information except the date is obtained in response to an operation by a worker using an ID card on any card reader 20 provided in the target area 92. It is information.

That is, the above date is information indicating the date to be managed, and in this embodiment, it is a date within the range from the start date of work every year (January 6th in the example shown in FIG. 4) to the end date of work. is applied, but is not limited to this. For example, all dates from January 1st to December 31st of each year may be applied.

In addition, the above-mentioned room entry time indicates that the worker specified by the corresponding subject ID (hereinafter referred to as "corresponding worker") is on the corresponding date (in this embodiment, from 0:00 to 24:00). ) is information indicating the time when entering the room of the target area 92 through any door 94. In the access control system according to the present embodiment, when a worker to whom the ID card is lent enters a room in the target area 92 through any door 94, a Hold the ID card up against the card reader 20. In response, the card reader 20 reads the subject ID from the ID card and unlocks the corresponding door 94. The entry time is information indicating the time when the subject ID was read at the time of entering the room.

The card reader ID at the time of room entry is information indicating the card reader ID of the card reader 20 that read the corresponding subject ID at the corresponding room entry time.

On the other hand, the leaving time is information indicating the time when the corresponding worker leaves the room through any door 94 of the target area 92 on the corresponding date. In the entry/exit management system according to the present embodiment, when a worker to whom the ID card is lent exits the target area 92 through any door 94, a Hold the ID card up against the card reader 20. In response, the card reader 20 reads the subject ID from the ID card and unlocks the corresponding door 94. The leaving time is information indicating the time when the subject ID is read at the time of leaving the room.

The exit card reader ID is information indicating the card reader ID of the card reader 20 that read the corresponding subject ID at the corresponding exit time.

Therefore, by referring to each piece of information in the entry/exit management database 13C, it is possible to determine the time each worker entered the target area 92 on each date and the door 94 through which he/she entered, the time of exit from the target area 92, and the door from which he/she left the room. 94.

Next, with reference to FIG. 5, the normal operation range database 13D according to this embodiment will be described. As shown in FIG. 5, in the normal operation range database 13D according to the present embodiment, information on target items and ranges is stored in association with each other.

The above-mentioned target item is information indicating an item to be detected for abnormal behavior, which is behavior different from the usual behavior of the worker. In this embodiment, the target items include "operation time" which is the time when the card reader 20 was operated, "operation day" which is the day of the week when the card reader 20 was operated, and card readers that are frequently used by each worker. Three items of "operation device", which is information indicating the card reader ID of 20, are applied.

In addition, while the above range is information indicating the normal operation range (usual behavior range) of the corresponding target item, in other words, it is information indirectly indicating the range of abnormal behavior, and the normal operation range described later. This is information set by the setting process (see FIG. 6).

The normal operation range database 13D shown in FIG. 5 shows that, for example, when the target item is "operation time", the normal operation range is set from 6:00 to 22:00. That is, in this case, each card reader 20 is normally operated in the range from 6 o'clock to 22 o'clock, in other words, each card reader 20 is operated in the range exceeding 22 o'clock and just before 6 o'clock. This shows that the range of behavior that involves manipulating is the range of abnormal behavior. Further, the normal operation range database 13D shown in FIG. 5 shows that, for example, when the target item is "operation day of the week", Monday to Friday is set as the normal operation range. That is, in this case, each card reader 20 is normally operated from Monday to Friday, and in other words, the range of activity in which each card reader 20 is operated on Saturdays and Sundays is the range of abnormal behavior. It shows.

Next, the operation of the crime risk detection support device 10 according to this embodiment will be explained with reference to FIGS. 6 to 12. In the management area according to the present embodiment (target area 92 in this embodiment), an entrance/exit control system is constructed as described above, and each worker inputs his/her own information to one of the card readers 20. Each time an operation using an ID card (so-called card pass) is performed, corresponding information is registered in the entrance/exit management database 13C. However, since this part is conventionally known, detailed explanation will be omitted here.

First, the operation of the crime risk detection support device 10 when executing the normal operation range setting process will be described with reference to FIGS. 6 to 8C. When the user inputs an instruction to start executing the normal operation range setting program 13A through the input unit 14, the CPU 11 of the crime risk detection support device 10 executes the normal operation range setting program 13A. The normal operation range setting process shown in FIG. 6 is executed. Here, in order to avoid complications, a case will be described in which the entrance/exit management database 13C for the most recent past n months (n=3 in this embodiment) has been constructed.

At step 100 in FIG. 6, the detection unit 11A reads all information for the most recent past n months from the entrance/exit management database 13C. In step 102, the detection unit 11A sets the frequency to a predetermined threshold value for each of the above-mentioned target items (here, three types of items: "operation time", "operation day", and "operation device"). The above range is specified as the normal operating range. Note that in this embodiment, a threshold value within which 2σ (standard deviation) or more of all information of the corresponding target item is within is applied as the threshold value, but the present invention is not limited to this. For example, the user of the crime risk detection support device 10 may input the threshold value via the input unit 14.

FIG. 7A shows an example of a histogram of information corresponding to "operation time" among the information read out by the process of step 100 (hereinafter referred to as "all read information"), when the horizontal axis is time. has been done. Further, FIG. 7B shows an example of a histogram regarding information corresponding to the "operation day of the week" among all the read information, with the horizontal axis representing the day of the week. Furthermore, FIG. 7C shows an example of a histogram regarding information corresponding to "operation device" among all the read information, with the horizontal axis representing the card reader ID. In addition, in FIG. 7C, the card reader IDs are arranged in order from the origin with respect to the horizontal axis in descending order of operation frequency.

In the example of "operation time" shown in FIG. 7A, the frequency (frequency) in the range from 6:00 to 22:00 is 96.73% of the total frequency, so the detection unit 11A detects this time range as normal. Specify as indicating the range of operation. In addition, in the example of "operation days of the week" shown in FIG. 7B, the frequency (frequency) in the range from Monday to Friday is 97.90% of the total frequency, so the detection unit 11A sets the range of this day of the week to the normal frequency. Specify as indicating the range of operation. Furthermore, in the example of the "operation device" shown in FIG. 7C, the detection unit 11A detects "card readers 20 that have been operated 100 times or more in a month", which is 96.91% of all card readers 20, within the normal operation range. be identified as indicating

In step 104, the detection unit 11A registers (updates) information indicating the normal operation range for each target item identified in the process of step 102 in the normal operation range database 13D, and then performs this normal operation range setting process. finish.

In addition, in this normal operation range setting process, the information of all employees was applied as the information used when specifying the information indicating the normal operation range, but it is not limited to this, for example, Information for each worker may be applied individually to specify information indicating the normal operating range for each worker.

In FIG. 8A, the horizontal axis is the time for information corresponding to "operation time" when only the information of one worker (hereinafter referred to as "target worker") is targeted among all the read information. An example of a histogram in the case of . Similarly, FIG. 8B shows an example of a histogram with the horizontal axis representing the day of the week regarding the information corresponding to the "operation day of the week" when only the information of the target worker is targeted among all the read information. has been done. Further, FIG. 8C shows an example of a histogram in which the horizontal axis is the card reader ID regarding the information corresponding to "operating device" when only the information of the target worker is targeted among all the read information. It is shown. Here, in FIG. 8C, the card reader IDs are arranged sequentially from the origin in descending order of operation frequency on the horizontal axis, which is similar to that shown in FIG. 7C.

In the example of "operation time" shown in FIG. 8A, the frequency (frequency) in the range from 7:30 to 19:30 is 94.02% of the total frequency, so the detection unit 11A detects be identified as being indicative of the subject worker's normal range of operation. In addition, in the example of "operation days of the week" shown in FIG. 8B, the frequency (frequency) in the range from Monday to Friday is 100% of the total frequency, so the detection unit 11A defines the range of this day as the normal operation range. be identified as indicating Furthermore, in the example of the "operation device" shown in FIG. 8C, the detection unit 11A detects "card readers 20 that have been operated 10 times or more in a month", which is 97.45% of all card readers 20, within the normal operation range. be identified as indicating

Next, the operation of the crime risk detection support device 10 when executing the crime risk detection support process will be explained with reference to FIGS. 9 to 12. When the user of the crime risk detection support device 10 inputs an instruction to start execution of the crime risk detection support program 13B through the input unit 14, the CPU 11 of the crime risk detection support device 10 executes the crime risk detection support program 13B. By executing step 13B, the crime risk detection support process shown in FIG. 9 is executed. Here, in order to avoid complications, a case will be described in which the entrance/exit management database 13C and the normal operation range database 13D have already been constructed.

In step 200 of FIG. 9, the detection unit 11A reads information on a range corresponding to all target items (hereinafter referred to as "normal operation range") from the normal operation range database 13D. In step 202, the detection unit 11A detects the most recent entry time, card reader ID at the time of entry, exit time, and exit time of any one worker among all the workers (hereinafter referred to as "processing target worker"). Each piece of information about the card reader ID (hereinafter referred to as "processing target entry/exit management data") is read from the entry/exit management database 13C.

In step 204, the detection unit 11A determines whether all of the processing target entry/exit management data falls outside the corresponding normal operation range, and if the determination is negative, the process proceeds to step 220, which will be described later. On the other hand, if the determination is affirmative, the process moves to step 206.

In step 206, the derivation unit 11B uses the entry/exit management data to calculate the probability P(C |different from usual) is derived by Bayesian estimation using the following equation (1). Note that P(U) in equation (1) represents the probability that each target item, obtained in response to the operation of the ID card, is acting as usual, and P(C) represents the probability that it is an internal crime.

P(C | Different from usual) = (P(C)/2)/(1-P(U)) (1)

In other words, as shown in Table 1, by calculating the conditional probability for each target item, we can calculate the probability P (C | ) can be calculated.

Note that when the processing target employee commits an internal crime, the probability P (C|normal) that the most recent action is the usual action can be calculated using the following equation (2).

P(C｜as usual) = (P(C)/2)/P(U) (2)

Here, in Equation (1), Equation (2), and Table 1, in the case of an internal crime, it is assumed that there is a 50/50 split between whether it is ``different than usual'' or ``as usual'', and the probability of each is expressed as ``P(C)''. /2'', but is not limited to this. For example, an appropriate ratio may be set depending on the purpose of the crime risk detection support device 10, the safety required of the crime risk detection support device 10, and the like.

Below, we will explain the probability P when the information applied when setting the normal operation range is the information for the entire target area, and the histogram of the information for each target item is as shown in FIGS. 7A to 7C. A specific calculation example of (C|different from usual) will be described with reference to FIG. 11A.

Regarding the probability P(C) that the crime is an internal crime, as shown in Figure 10, there is a very high correlation between the number of employees in each prefecture and the number of recognized crimes (in this case, "workplace targets"). If the coefficient is set so as not to exceed the estimated value, the formula for estimating the frequency of "workplace targeting (theft inside a business office, etc.)" Therefore, the following estimation formula (3) is obtained.

N (cases/year) = 0.0034 x number of employees (number of employees) (3)

From this estimation formula (3), the probability P(C) that a certain person is the perpetrator of an internal crime is set to 0.3% in this embodiment.

On the other hand, as described above, regarding the "operation time" whose histogram is shown in FIG. 7A, the normal operation range (within working hours) is "6:00 to 22:00", which is 96.73% of all operation records. Furthermore, regarding the "operation days" whose histogram is shown in FIG. 7B, "Monday to Friday", which accounts for 97.90% of all operation records, is the normal operation range (business days). In addition, regarding the "operated devices" whose histogram is shown in Figure 7C, "devices that are operated more than 100 times a month (card reader 20)", which is 96.91% of all devices, are within the normal operating range (frequently used devices). equipment). Furthermore, as described above, when an unusual operation is performed, it is assumed that the probability of whether or not it is an internal crime is 50/50.

In this case, the probability that the crime is an internal crime and the probability that the crime is not an internal crime are as follows when an unusual operation is performed and when the usual operation is performed.

(A) When a different operation than usual is performed - Probability that it is an internal crime = 2.4% (from formula (1))
・Probability that it is not an internal crime = 97.6% (=1 - formula (1))
(B) When operations are performed as usual - Probability that the crime was committed internally = 0.2% (from formula (2))
・Probability that it is not an internal crime = 99.8% (=1 - formula (2))

Therefore, in this case, the probability of an internal crime when an unusual operation is performed is about 12 times (=2.4/0.2) compared to when the usual operation is performed.

Next, in the case where the information applied when setting the normal operation range is information for each worker, the histogram of the information for each target item is as shown in FIGS. 8A to 8C. A specific example of calculating the probability P(C|different from usual) will be described with reference to FIG. 11B.

In this case, as mentioned above, regarding the "operation time" whose histogram is shown in FIG. ). Furthermore, regarding the "operation days" whose histogram is shown in FIG. 8B, "Monday to Friday", which corresponds to 100% of all operation records, is the normal operation range (business days). In addition, regarding the "operated devices" whose histogram is shown in Figure 8C, "devices that are operated more than 10 times a month (card reader 20)", which is 97.45% of all devices, are within the normal operating range (frequently used devices). equipment). Furthermore, in this case as well, it is assumed that when an unusual operation is performed, the probability of whether or not it is an internal crime is 50/50.

In this case, the probability that the crime is an internal crime and the probability that the crime is not an internal crime are as follows when an unusual operation is performed and when the usual operation is performed.

(C) When a different operation than usual is performed - Probability that it is an internal crime = 1.8% (from formula (1))
・Probability that it is not an internal crime = 98.2% (=1 - formula (1))
(D) When operations are performed as usual - Probability that it is an internal crime = 0.2% (from formula (2))
・Probability that it is not an internal crime = 99.8% (=1 - formula (2))

Therefore, in this case, the probability of an internal crime when an unusual operation is performed is about 9 times (=1.8/0.2) compared to when the usual operation is performed.

The "probability that it is an internal crime" in (A) or (C) above corresponds to probability P (C | different from usual), and in step 206, the probability P is calculated as probability P (C | different from usual). .

In step 208, the derivation unit 11B determines whether the calculated probability P (C | different from usual) is greater than or equal to a predetermined value, and if the determination is negative, the process proceeds to step 220, which will be described later. On the other hand, if the determination is affirmative, the process moves to step 210. In this embodiment, the above-mentioned specified value is a situation in which a warning should be issued when the probability P (C | different from usual) is greater than or equal to the value, and the situation in which a crime occurred in the past or the target area 92 is used. A preset value is applied depending on the safety required. However, the present invention is not limited to this, and for example, the user of the crime risk detection support device 10 may be made to input the specified value via the input unit 14.

In step 210, the detection unit 11A reads out all information on entry and exit times of all workers on the day from the entry/exit management database 13C, and in step 212, the detection unit 11A uses the read information to: The number n of people existing in the target area 92 at that time is detected. Note that the number of people n can be obtained by counting the number of people whose entry time is recorded but whose exit time corresponding to the entry time is not recorded.

In step 214, the derivation unit 11B substitutes the probability P(S) of an internal crime according to the number of people n into the following equation (4), and calculates the final probability P('evaluation value ) is derived.

Probability P = P (C | different from usual) × P (S) (4)

In this embodiment, probability P(S) is determined as shown below. In other words, Table 2 shows the number of arrests for "workplace targeting" by number of accomplices for the 10-year period from 2008 to 2017, according to the National Police Agency's crime statistics. According to Table 2, when it comes to internal crimes aimed at the workplace, there are many cases where the perpetrator is alone, and it is very unlikely that the perpetrator is accompanied by four or more people. According to these crime statistics over the past 10 years, for example, the probability P(S) of a lone offender committing a crime aimed at the workplace is about 96 to 98%, with an average of 97.6%.

Therefore, in this embodiment, the probability P(S ) is determined and substituted into equation (4).

As described above, in this embodiment, the final probability P is derived by multiplying P(C | different from usual) by the probability P(S) according to the number of people n, but the present invention is not limited to this. It's not something you can do. For example, as described above, since there is a very high possibility that an internal crime is committed by a lone perpetrator, the probability P(S) may be multiplied only when the number of people n is 1.

Table 3 shows the information when the information applied when setting the normal operation range is the information for the entire target area, that is, when the histogram of the information for each target item is as shown in FIGS. 7A to 7C. The final probability P values are shown for the case where the offender is a lone offender and the case where there is an accomplice.

As shown in Table 3, this case is compared to the case where multiple people are in the target area 92 as usual (on business days and when the card reader 20, which is often used during business hours, is operated). Therefore, if a person performs an unusual operation alone, the possibility that the crime was committed internally is more than 1000 times (≒2.34/0.002).

On the other hand, Table 4 shows the histograms of information for each target item as shown in Figures 8A to 8C when the information applied when setting the normal operation range is information for each worker. The values of the final probability P are shown for the case where the offender is a lone offender and the case where there is an accomplice.

As shown in Table 4, this case is also compared with the case where multiple people are in the target area 92 as usual (on a business day and when the card reader 20, which is often used during business hours, is operated). Therefore, if a person performs an unusual operation alone, the probability that the crime was committed internally is nearly 900 times (≒1.76/0.002).

In step 216, the presentation unit 11C determines whether the probability P obtained through the above processing is equal to or greater than the specified value, and if the determination is negative, the process proceeds to step 220, which will be described later. If so, the process moves to step 218.

In step 218, the presenting unit 11C performs a process of presenting a predetermined warning. In this embodiment, as an example of the process of presenting the above-mentioned warning, a process of transmitting an e-mail with the text shown in FIG. 12 to the PC 22 of the boss of the employee to be processed is applied. The text of the e-mail shown in Figure 12 states that the employee subject to processing has performed an action that has a high possibility of committing an internal crime, that the employee subject to processing is urged to confirm, and that the type of behavior that may be a sign of an internal crime is stated. and the time when the action was performed.

As described above, in this embodiment, as the process of presenting the above-mentioned warning, a process of sending an e-mail with the above-mentioned text to the PC 22 of the boss of the employee to be processed is applied, but the present invention is not limited to this. . For example, as the process of presenting the above-mentioned warning, a process may be applied in which an e-mail message indicating the probability P itself is sent to the PC 22 of the boss of the employee to be processed, or instead of sending an e-mail, the process may be applied to the PC 22 of the boss It is also possible to directly display the contents of the same text on the display section of the crime risk detection support device 10, or to display the contents of the same text on the display section 15 of the crime risk detection support device 10.

In step 220, the detection unit 11A determines whether or not the processing of steps 202 to 218 has been completed for all workers, and if the determination is negative, the process returns to step 202, while if the determination is positive, the detection unit 11A The process moves to step 222. Note that when repeatedly executing the processes from step 202 to step 220, the CPU 11 selects a worker who has not been targeted for processing so far as a worker to be processed.

In step 222, the detection unit 11A determines whether a predetermined end timing has arrived, and if the determination is affirmative, the process returns to step 202, while if the determination is affirmative, this crime risk detection support Finish the process. In this embodiment, the timing at which the user of the crime risk detection support device 10 inputs an instruction to terminate the execution of the crime risk detection support program 13B via the input unit 14 is used as the termination timing. However, it goes without saying that it is not limited to this.

As explained above, according to the present embodiment, the crime risk detection support device 10 detects abnormal behavior that is different from the usual behavior of a person in the management area, and A derivation unit 11B that probabilistically derives an evaluation value indicating the possibility that a crime will occur in the management area based on abnormal behavior, and a presentation that presents information according to the evaluation value derived by the derivation unit 11B. A portion 11C is provided. Therefore, the crime risk situation can be grasped with high precision.

Further, according to the present embodiment, the crime is an internal crime. Therefore, it is possible to grasp the crime risk situation due to internal crimes with high accuracy.

That is, as shown in Figure 13, according to the National Police Agency's statistics, the number of burglaries targeting businesses has been decreasing since 2002, when the number of reported cases reached its maximum, and in recent years, the number of recognized cases has decreased to about one-fifth. This is thought to be due to the spread of anti-burglary measures such as access control systems and surveillance cameras, making it difficult for burglars to commit burglaries. On the other hand, the number of reported cases of internal crimes has remained flat and is not decreasing. This is thought to be because effective measures against internal crimes have not been taken.

According to the present embodiment, it is effective not only for crimes committed by an unspecified number of outsiders, but also for such internal crimes.

Further, according to the present embodiment, the abnormal behavior is detected using the recording result by the entrance/exit management system provided in a predetermined detection target area in the management area. Therefore, the access control system that has been installed for a long time can be used, and as a result, the present invention can be realized at a lower cost.

Furthermore, according to the present embodiment, the abnormal behavior is detected using the recorded results of both the date and time when the person operated the entrance/exit management system. Therefore, the crime risk situation can be more easily grasped.

Further, according to the present embodiment, the evaluation value is derived by Bayesian estimation. Therefore, past behavior patterns can be effectively utilized for deriving the crime risk evaluation value.

Further, according to the present embodiment, the number of people existing in the management area is further detected, and the value obtained by multiplying the evaluation value by the probability of committing the crime according to the number of detected people. is derived as the final evaluation value. Therefore, it is possible to grasp the crime risk situation with higher precision.

Furthermore, according to the present embodiment, when the number of people detected is 1, the evaluation value is multiplied by the probability that the crime is committed by a lone offender. Therefore, it is possible to grasp with high accuracy the risk of crimes committed by single offenders, which occur frequently.

Note that in the above embodiment, a case has been described in which the probability P is calculated when all three types of target items ("operation time", "operation day", "operation device") are outside the normal operation range. , but not limited to. For example, it may be possible to calculate the probability P when a combination of two or only one of the three types of target items is outside the normal operation range.

Furthermore, in the above embodiment, a case has been described in which the final probability P is calculated by multiplying the probability P(S) of committing a crime according to the number of people existing in the management area (target area 92). , but not limited to. For example, the probability P(C|different from usual) may be applied as the final probability P(S) without being multiplied by the probability P(S).

Further, in the above embodiment, a case has been described in which the crime risk detection support process is executed when the user inputs an instruction to start execution of the crime risk detection support program 13B, but the present invention is not limited to this. For example, the crime risk detection support process may be executed every time an ID card operation is performed on any card reader 20. In this case, the processing in steps 220 and 222 in the flowchart shown in FIG. 9 becomes unnecessary, and the worker who performed the operation using the ID card is applied as the processing target worker.

Further, in the above embodiment, a case has been described in which the present invention is applied to detecting signs of crime, but the present invention is not limited thereto. For example, the present invention may be applied to a form in which, after a crime has occurred, it is estimated whether the crime is an internal crime or not.

Further, the configurations of the various databases applied in the above embodiments are merely examples, and it goes without saying that the configurations are not limited to those illustrated.

In the above embodiment, for example, the hardware structure of a processing unit that executes each process of the detection unit 11A, derivation unit 11B, and presentation unit 11C includes the following various processors. can be used. As mentioned above, the various processors mentioned above include the CPU, which is a general-purpose processor that executes software (programs) and functions as a processing unit, as well as circuit configurations such as FPGA (Field-Programmable Gate Array) after manufacturing. A programmable logic device (PLD), which is a processor that can be changed, and a dedicated electric circuit, which is a processor that has a circuit configuration specifically designed to execute a specific process, such as an ASIC (Application Specific Integrated Circuit) etc. are included.

The processing unit may be configured with one of these various processors, or a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs or a combination of a CPU and an FPGA). It may be composed of. Further, the processing section may be configured with one processor.

As an example of configuring the processing unit with one processor, first, as typified by computers such as clients and servers, one processor is configured with a combination of one or more CPUs and software, and this processor is There is a form that functions as a processing section. Second, there is a form of using a processor, such as a system on chip (SoC), in which the functions of the entire system including a processing section are realized by one IC (Integrated Circuit) chip. In this way, the processing section is configured as a hardware structure using one or more of the various processors described above.

Furthermore, as the hardware structure of these various processors, more specifically, an electric circuit (circuitry) that is a combination of circuit elements such as semiconductor elements can be used.

10 Crime risk detection support device 11 CPU
11A Detection section 11B Derivation section 11C Presentation section 12 Memory 13 Storage section 13A Normal operation range setting program 13B Crime risk detection support program 13C Entrance/exit management database 13D Normal operation range database 14 Input section 15 Display section 16 Media read/write device 17 Recording medium 18 Communication I/F section 20 Card reader 22 PC

Claims (8)

a detection unit that detects abnormal behavior that is different from normal human behavior in the management area;
a derivation unit that probabilistically derives an evaluation value indicating the possibility that a crime will occur in the management area based on the abnormal behavior detected by the detection unit;
a presentation unit that presents information according to the evaluation value derived by the derivation unit;
Equipped with
The crime is an internal crime;
Crime risk detection support device. a detection unit that detects abnormal behavior that is different from normal human behavior in the management area;
a derivation unit that probabilistically derives an evaluation value indicating the possibility that a crime will occur in the management area based on the abnormal behavior detected by the detection unit;
a presentation unit that presents information according to the evaluation value derived by the derivation unit;
Equipped with
The detection unit detects the abnormal behavior using a recording result by an entrance/exit management system provided in a predetermined detection target area in the management area.
Crime risk detection support device. The detection unit detects the abnormal behavior using a record of at least one of the date and time when the person operated the entry/exit management system.
The crime risk detection support device according to claim 2 . The derivation unit derives the evaluation value by Bayesian estimation,
The crime risk detection support device according to any one of claims 1 to 3 . The detection unit further detects the number of people existing in the management area,
The derivation unit derives a value obtained by multiplying the evaluation value by a probability of committing the crime according to the number of people detected by the detection unit as the final evaluation value.
The crime risk detection support device according to claim 1 . The derivation unit multiplies the evaluation value by a probability that the crime is committed by a lone offender when the number of people detected by the detection unit is 1.
The crime risk detection support device according to claim 5 . Detect abnormal behavior that is different from normal human behavior in the management area,
Based on the detected abnormal behavior, probabilistically derive an evaluation value indicating the possibility that a crime due to an internal crime will occur in the management area,
Presenting information according to the derived evaluation value,
A crime risk detection support program that allows computers to perform processing. Detecting abnormal behavior that is different from the usual behavior of a person in the management area using the recorded results by an access control system installed in a predetermined detection target area in the management area ,
Based on the detected abnormal behavior, probabilistically derive an evaluation value indicating the possibility that a crime will occur in the management area,
Presenting information according to the derived evaluation value,
A crime risk detection support program that allows computers to perform processing.