Risk Assessment Of Security & Protection Systems

The critical infrastructures are the foundation of a country.A critical infrastructure is a sys-tem or facility that has an important role to play in national security and operational systems.They include facilities such as electricity and water treatment plants,as well as a wide range of industries and facilities such as chemical,financial services,and information technology.In recent years,the continuing turbulence of the international community,especially human factors such as terrorism,poses a great threat to the security&protection systems of the critical infrastructure.This forces us to pay more attention to the maintenance and construc-tion of the security&protection systems.To a large,complex security&protection systems,we how to assess its effectiveness;how to estimate whether there are loopholes in the system,which is more critical and so on.This requires us to propose a reasonable and objective way to model a ssecurity&protection system and analyze its effectiveness,vulnerability and risk.In view of the above problems,this paper constructs an evaluation framework to evaluate the risk of security&protection systems based on the failure mode and effects analysis(FMEA).The main process of this framework is to first use an improved multi-target adversary sequence diagram to abstract the security&protection systems of an area into a security network.And then use the risk entropy method to calculate the protection effectiveness of each node in the network,and then transform the protection effectiveness on the node into the weight along the edge of the security network.Then the improved amoeba algorithm is used to calculate the shortest path to each target.Finally,we use the failure mode and effects analysis to calculate the risk value of each path,and ultimately obtain the target and path with highest risk in the system.In this paper,there are three main contributions:(1)In the evaluation of the protection effectiveness of the security node,the weight of each index is determined by using the analytic hierarchy process(AHP)method in most papers.In this paper,an ordered visibility graph weighted averaging(OVGWA)aggregation operator is proposed to calculate the weight of each index.This method overcomes the shortcomings of the AHP method which requires the expert to input the index's weights based on their knowledge,and solves the problem that we can not use the AHP method to get the weights when the experts have no idea about the relative weight of the indexes.Compared with the classical ordered weighted averaging aggregation operator which only considered the order information of the input data,the proposed method also takes the value information of the data into account,which makes the proposed method more reasonable.Relative to the AHP method requires the expert to enter the relative weight of each index,the proposed method is data-driven,nonparametric and the weighted way is more objective.In addition,an application and an example are used to illustrate the effectiveness of the proposed method.(2)In the abstraction of the security&protection systems of an area into a security network,the original adversary sequence diagram(ASD)for only a single target is improved.In real application,there are often a number of targets within a facility that need to be protected.And when the system detects an intruder,sometimes we do not know which target is his destination specificly.Therefore,it is necessary to extend the ASD for only one target to multi-target ASD.At the same time,when the weight along the edge in the security network is calculated,the distance between the two regions is set to the default value in the original ASD.Different from the original ASD,the improved multi-target ASD adds the condition factor.This allows managers to add other factors such as path concealment to make the model more flexible.In addition,because there are multiple targets in the system,the original amoeba algorithm is improved so that it can solve the problem of single source and multi-sink,avoiding repeatedly using the shortest path algorithm for each target,which improves the efficiency.(3)In calculating the risk for each path,we present a method of translating the qualitative assessment of experts into quantitative results.we use the triangular fuzzy number to quantify such qualitative language variables.The distance equation of two triangular fuzzy numbers is used to aggregated all experts' evaluation of a consequence.As a result,we can get an aggregated value in the form of triangular fuzzy number for each consequence.And then the Technique for Order Preference by Similarity to an Ideal Solution((TOPSIS))is used to get the ranking of the severity of the consequences of the failure modes,and get a crisp value.The main step of this method is to first quantify such qualitative linguistic variables with triangular fuzzy numbers.The distance equation of two triangular fuzzy numbers is used to aggregated all experts' evaluation of a consequence.As a result,we can get an aggregated value in the form of triangular fuzzy number for each consequence.And then the Technique for order preference by similarity to an ideal solution(TOPSIS)is used to get the ranking of the severity of the consequences of the failure modes,and get a crisp value.The main advantage of this method is that it is simpler than the existing method.Moreover,an example is also used to illustrate the effectiveness of the method.