Risk mitigation strategies for critical infrastructures based on graph centrality analysis

Dependency risk graphs have been proposed as a tool for analyzing cascading failures due to critical infrastructure dependency chains. However, dependency chain analysis is not by itself adequate to develop an efficient risk mitigation strategy - one that specifies which critical infrastructures should have high priority for applying mitigation controls in order to achieve an optimal reduction in the overall risk. This paper extends previous dependency risk analysis research to implement efficient risk mitigation. This is accomplished by exploring the relation between dependency risk paths and graph centrality characteristics. Graph centrality metrics are applied to design and evaluate the effectiveness of alternative risk mitigation strategies. The experimental evaluations are based on random graphs that simulate common critical infrastructure dependency characteristics as identified by recent empirical studies. The experimental results are used to specify an algorithm that prioritizes critical infrastructure nodes for applying controls in order to achieve efficient risk mitigation.

[1]  Yiming Yang,et al.  A Comparative Study on Feature Selection in Text Categorization , 1997, ICML.

[2]  Panayiotis Kotzanikolaou,et al.  Risk assessment methodology for interdependent critical infrastructures , 2011 .

[3]  Panayiotis Kotzanikolaou,et al.  Assessing n-order dependencies between critical infrastructures , 2013, Int. J. Crit. Infrastructures.

[4]  Salim Jouili,et al.  An Empirical Comparison of Graph Databases , 2013, 2013 International Conference on Social Computing.

[5]  Eric A. M. Luiijf,et al.  Empirical Findings on Critical Infrastructure Dependencies in Europe , 2009, CRITIS.

[6]  William P. Birmingham,et al.  Improving category specific Web search by learning query modifications , 2001, Proceedings 2001 Symposium on Applications and the Internet.

[7]  Haixun Wang,et al.  Managing and mining large graphs: systems and implementations , 2012, SIGMOD Conference.

[8]  Panayiotis Kotzanikolaou,et al.  A multi-layer Criticality Assessment methodology based on interdependencies , 2010, Comput. Secur..

[9]  J G Daugman,et al.  Information Theory and Coding , 2005 .

[10]  A. Karegowda,et al.  COMPARATIVE STUDY OF ATTRIBUTE SELECTION USING GAIN RATIO AND CORRELATION BASED FEATURE SELECTION , 2010 .

[11]  P. Bonacich Power and Centrality: A Family of Measures , 1987, American Journal of Sociology.

[12]  Panayiotis Kotzanikolaou,et al.  Cascading Effects of Common-Cause Failures in Critical Infrastructures , 2013, Critical Infrastructure Protection.

[13]  Panayiotis Kotzanikolaou,et al.  Interdependencies between Critical Infrastructures: Analyzing the Risk of Cascading Effects , 2011, CRITIS.

[14]  C. Lee Giles,et al.  What's the code?: automatic classification of source code archives , 2002, KDD.

[15]  E. Luiijf,et al.  THE STATE AND THE THREAT OF CASCADING FAILURE ACROSS CRITICAL INFRASTRUCTURES: THE IMPLICATIONS OF EMPIRICAL EVIDENCE FROM MEDIA INCIDENT REPORTS , 2011 .