Cover: Using Behavioral Indicators to Help Detect Potential Violent Acts

Using Behavioral Indicators to Help Detect Potential Violent Acts

A Review of the Science Base

Published Jun 11, 2013

by Paul K. Davis, Walter L. Perry, Ryan Andrew Brown, Douglas Yeung, Parisa Roshan, Phoenix Voorhies


Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 1.4 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Summary Only

FormatFile SizeNotes
PDF file 0.3 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback300 pages $32.95

Research Questions

  1. What new or nontraditional technologies and methods for behavioral observation might — especially when used with other information — help detect potential violent attacks?
  2. What sorts of information are useful for this type of detection effort? Where might that information be found, how might it be structured, and what indicators might be involved?
  3. What are the main factors that affect a detection system's overall effectiveness?
  4. What controversies exist about the efficacy and use of the behavioral observations?
  5. How can the negative consequences of such observations (e.g., for civil liberties) be reduced?

Government organizations have put substantial effort into detecting and thwarting terrorist and insurgent attacks by observing suspicious behaviors of individuals at transportation checkpoints and elsewhere. This report reviews the scientific literature relating to observable, individual-level behavioral indicators that might — along with other information — help detect potential violent attacks. The report focuses on new or nontraditional technologies and methods, most of which exploit (1) data on communication patterns, (2) "pattern-of-life" data, and/or (3) data relating to body movement and physiological state. To help officials set priorities for special attention and investment, the report proposes an analytic framework for discussion and evaluation; it also urges investment in cost-effectiveness analysis and more vigorous, routine, and sustained efforts to measure real-world effectiveness of methods. One cross-cutting conclusion is that methods for behavioral observation are typically not reliable enough to stand alone; success in detection will depend on information fusion across types of behaviors and time. How to accomplish such fusion is understudied. Finally, because many aspects of using behavioral observations are highly controversial, both scientifically and because of privacy and civil-liberties concerns, the report sharpens the underlying perspectives and suggests ways to resolve some of the controversy while significantly mitigating problems that definitely exist.

Key Findings

Relevant information may be proximate (e.g., during preparations for or part of an attack) or from previous observations over days, months, or years.

Three Types of Data for Using Behavioral Indicators to Detect Potential Violent Attacks

  • Many detection efforts focus on communication patterns. These include monitoring and analysis of online communications, text analysis and natural language processing, and speech analysis.
  • Another class of detection efforts focus on pattern-of-life data, including data on communication, travel, and purchasing, much of which is held in private-industry databases.
  • A third class of detection efforts focus on individuals' physical movement and physiology. These include monitoring and analysis of kinetics and gross movement (for example, the gait of individuals carrying weighted objects) as well as physiological state and reactions (for example, voice stress and facial expression).

Cross-Cutting Issues

  • There is current value and unrealized potential for using behavioral indicators as part of a system to detect attacks. Unfortunately, analytic quantification of that potential is poorly developed.
  • Ongoing research is a mix of laboratory- and field-based empirical research and modeling. Operators in the field are often well ahead of the science base, which can be either good or bad.
  • Probing to stimulate behavioral responses can sometimes improve detection effectiveness significantly, but such approaches involve significant tradeoffs between detection effectiveness and negative consequences for civil liberties, commerce, and the perceived legitimacy of the security system.
  • Much of the literature and discussion focuses on detecting behavioral responses in the absence of countermeasures, but countermeasures are in fact a big problem.
  • Many of the potentially attractive technologies and methods currently depend on such relatively benign circumstances as close-up observation by humans. Operational value will be much enhanced by improved capabilities to make observations from a distance, automatically, and in some instances without the subjects being aware of the observation.
  • Nothing on the horizon presents a "magic bullet" for threat detection, raising the potential importance of effective information fusion, including networked real-time or near-real-time integration of information.
  • A major challenge in detection systems is the tradeoff between false negatives (failure to detect) and false positives (false alarms).
  • Many of the technologies and methods associated with monitoring behavioral indicators raise profound civil liberties concerns. Many problems and errors can be avoided by up-front review of procedures by experts.


  • New technologies and methods for using behavioral indicators to detect potential violent attacks should be routinely and consistently subject to objective peer review and adequate community scrutiny, although sometimes within a classified domain.
  • Vulnerability to countermeasures should be a prime consideration in evaluating investment programs.
  • Investment decisions about individual technologies and methods should be informed by a structured portfolio-analysis approach.
  • More research should be devoted to mitigating the costs of false alarms — not just by reducing the false-alarm rate, but also by mitigating such bad consequences of false alarms as wasting people's time, raising their fears, insulting their dignity, or invading their privacy.
  • More effort should go toward developing methods for effective information fusion. Making sense of fuzzy, imperfect, heterogeneous information will require automated processing of vast amounts of data combined with human expertise and judgment. The emphasis should be on man-machine cooperation and not just automation.

The research described in this report was prepared for the United States Navy. The research was conducted within the RAND National Defense Research Institute, a federally funded research and development center sponsored by the Office of the Secretary of Defense, the Joint Staff, the Unified Combatant Commands, the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community.

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.