balticwarden

Each indicator $i$ from MILITARY, MARITIME, NATO, and DIPLOMATIC categories:

$$v_i \in \{\text{GREEN}=0,\;\text{YELLOW}=3,\;\text{ORANGE}=7,\;\text{RED}=10\}$$ $$c_i \in \{\text{HIGH}=1.0,\;\text{MEDIUM}=0.7,\;\text{LOW}=0.4\}$$ $$S_{\text{sec}} = \min\!\left(\frac{40}{50}\sum_{i} v_i \cdot c_i ,\; 40\right)$$

The normalisation base of 50 assumes ~5 indicators at mixed severities as a practical ceiling.

Four sub-scores over a 7-day rolling window. Tag count $T$, narrative code distribution $P = \{p_1, \ldots, p_k\}$, 30-day baseline distribution $Q$, campaigns $C$:

a) Volume

$$S_{\text{vol}} = \begin{cases} 0 & T < 100 \\ \min\!\big(3\,\log_2(T/300),\; 8\big) & T \geq 100 \end{cases}$$

b) Entropy concentration — high score when one narrative dominates:

$$H = -\sum_{i=1}^{k} p_i\,\log_2 p_i, \qquad \hat{H} = 1 - \frac{H}{\log_2 k}$$ $$S_{\text{entropy}} = S\!\big(\hat{H};\,8,\,0.5,\,6\big)$$

c) KL-divergence shift — how today differs from 30-day baseline (Laplace-smoothed):

$$D_{\text{KL}}(P\,\|\,Q) = \sum_{i} \tilde{p}_i\,\log_2\frac{\tilde{p}_i}{\tilde{q}_i}$$ $$S_{\text{KL}} = S\!\big(D_{\text{KL}};\,3,\,1.0,\,5\big)$$

d) Campaigns

$$S_{\text{camp}} = \min(1.5\,C,\; 6)$$ $$S_{\text{fimi}} = \min\!\big(S_{\text{vol}} + S_{\text{entropy}} + S_{\text{KL}} + S_{\text{camp}},\; 25\big)$$

Entropy-based scoring separates genuine campaigns (low $H$, high $D_{\text{KL}}$) from organic discussion (high $H$, low $D_{\text{KL}}$). All four components are live.

a) HYBRID category indicators with doubled weight:

$$H_{\text{ind}} = \sum_{i \in \text{HYBRID}} 2\,v_i\,c_i$$

b) Anomaly boost (last 72h). Raw anomaly score is sigmoid-smoothed to prevent saturation:

$$R = \sum_j a_j, \quad a_j \in \{\text{INFO}=1,\;\text{WARNING}=2,\;\text{ALERT}=3,\;\text{CRITICAL}=4\}$$ $$H_{\text{anom}} = \min\!\Big(S(R;\,0.3,\,10,\,5),\; 5\Big)$$

c) Structural signals — sigmoid-smoothed counts from specialised collectors (FIRMS thermal, GPS jamming, satellite IMINT, AIS shadow fleet):

$$H_{\text{struct}} = \min\!\bigg(\underbrace{S(F;\,0.15,\,20,\,3)}_{\text{FIRMS}} + \underbrace{S(G;\,0.5,\,4,\,3)}_{\text{GPS jam}} + \underbrace{S(V;\,0.02,\,100,\,3)}_{\text{shadow fleet}} + \underbrace{S(I;\,0.5,\,3,\,3)}_{\text{satellite}},\; 12\bigg)$$ $$S_{\text{hyb}} = \min\!\big(H_{\text{ind}} + H_{\text{anom}} + H_{\text{struct}},\; 20\big)$$

Each structural sigmoid is calibrated to the sensor's normal range. For example, $S(F;\,0.15,\,20,\,3)$ produces ~0.5 for 10 FIRMS detections (routine) and ~2.9 for 40+ (active burning). Structural signal counts are decay-weighted (see §7 below) — a 1-hour-old FIRMS detection counts more than a 2-day-old one.

Sigmoid-smoothed economic indicators. Currently active: energy prices and supply disruption signals.

$$E_{\text{price}} = S(\overline{P};\,0.03,\,100,\,5) \quad \text{(avg EUR/MWh, 7-day)}$$ $$E_{\text{supply}} = S(D;\,1.0,\,2,\,5) \quad \text{(disruption/outage signal count, 7-day)}$$ $$S_{\text{econ}} = \min\!\Big(E_{\text{price}} + E_{\text{supply}},\; 15\Big)$$

Energy price sigmoid: midpoint at 100 EUR/MWh (crisis threshold), max 5 pts. Normal Baltic prices (~50) score ~1; extreme spikes (~200+) saturate near 5. CPI, unemployment, and consumer confidence planned when data feeds are added.

Final composite:

$$\text{CTI} = \min\!\Big(S_{\text{sec}} + S_{\text{fimi}} + S_{\text{hyb}} + S_{\text{econ}},\; 100\Big)$$

Trend via dual CUSUM + EWMA (up to 30 days of history):

$$Z_t = \lambda\,x_t + (1-\lambda)\,Z_{t-1}, \quad \lambda = 0.2$$ $$S^+_t = \max\!\big(0,\; S^+_{t-1} + x_t - Z_t - k\big), \quad k = \sigma/2$$ $$S^-_t = \max\!\big(0,\; S^-_{t-1} - x_t + Z_t - k\big)$$ $$\text{Trend} = \begin{cases} \blacktriangle\;\text{RISING} & S^+_t > 4\sigma \\ \blacktriangledown\;\text{FALLING} & S^-_t > 4\sigma \\ \rightarrow\;\text{STABLE} & \text{otherwise}\end{cases}$$

EWMA ($\lambda=0.2$) gives a ~5-day effective window for the "normal" level. CUSUM accumulates deviations from normal; the threshold $h=4\sigma$ keeps the false alarm rate at roughly 1 per year. Catches gradual escalation that the old ±8 threshold missed.

Each signal is weighted by polynomial decay based on its age, per the MISP framework (Mokaddem et al., 2019):

$$w(t;\,\tau,\,\delta) = \max\!\Big(0,\; 1 - \Big(\frac{t}{\tau}\Big)^{1/\delta}\Big)$$

Source-specific parameters:

Source	$\tau$ (hours)	$\delta$	Description
ADS-B	24	1.5	Military flights — fast decay
AIS	48	2.0	Vessel tracking — slow initial
FIRMS	72	1.5	Thermal detections
GPSJam	48	1.5	Electronic warfare
Satellite	168	2.5	Imagery — 7 days, very slow
Telegram	72	1.0	Social media — fast
RSS	120	2.0	News — 5 days
OSINT	336	3.0	Perplexity/milbase — 14 days
Sanctions	720	3.0	30 days, very slow decay

Unlike exponential decay, polynomial decay reaches exactly zero at $\tau$ — stale signals produce zero noise. Applied to hybrid structural signal counts.

For each sensor, 7-day rolling statistics detect deviations:

$$z = \frac{x_{\text{today}} - \bar{x}_7}{\sigma_7}$$ $$\text{Severity} = \begin{cases} \text{ALERT} & z \geq 4.0 \\ \text{WARNING} & z \geq 3.0 \\ \text{INFO} & z \geq 2.0 \end{cases}$$

Tracked: narrative tag volume, Telegram messages, satellite HIGH sites, GPS jamming zones, shadow fleet vessels, FIRMS detections. Runs 3×/day.

Each source produces a discounted belief mass assignment (BPA) over $\Theta = \{\text{HIGH, MODERATE, LOW, NONE}\}$:

$$m_\alpha(A) = \alpha \cdot m(A), \qquad m_\alpha(\Theta) = 1 - \alpha$$

Source reliability $\alpha$:

Source	$\alpha$	Rationale
Satellite	0.90	Direct observation, highest confidence
FIRMS	0.80	Thermal is unambiguous when present
ACLED	0.75	Ground truth but delayed reporting
OSINT	0.65	LLM-generated, may hallucinate
GDELT	0.60	Media volume, indirect
Milwatch	0.50	Aggregated news, least specific

Sources combined using Dempster's rule (commutative, associative — order doesn't matter):

$$m_{12}(A) = \frac{1}{1-K}\sum_{B \cap C = A} m_1(B)\,m_2(C)$$ $$K = \sum_{B \cap C = \varnothing} m_1(B)\,m_2(C)$$

The conflict mass $K$ is reported per site. High $K$ means sources disagree — which is itself actionable intelligence ("investigate this site further"). The remaining uncertainty $m(\Theta)$ indicates how much is still unknown. Result: a belief value plus an uncertainty range, not just a point estimate.