Improving awareness in early stages of security analysis: A zone partition method based on GrC

We present a method based on granular computing to support decision makers in analysing and protecting large-scale infrastructures or urban areas from external attacks by identifying a suitable partition of the infrastructure or the area under analysis. The method works on a very limited set of information relating to the vulnerabilities of components, and probability information regarding how vulnerabilities can impact meaningful partitions. These aspects make the method very useful as a reasoning mechanism to improve awareness and support rapid decision making at early stages of intelligence analysis, when information is scarce and contains a high degree of uncertainty. The results of the case study, which are based on the hypothesis of a terrorist attack on a subway, show that the method provides approximate solutions with the advantages of supporting reasoning at different levels of abstraction and providing simplicity of threat scenario analysis. We also discuss the limitations of the applicability of our approach.

[1]  Charles Andrew Lieberman,et al.  Rail Transport Security , 2009 .

[2]  W. Ziemba,et al.  Growth-optimal investments and numeraire portfolios under transactions costs , 2013 .

[3]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[4]  Yiyu Yao,et al.  Decision-Theoretic Rough Set Models , 2007, RSKT.

[5]  Bilal M Ayyub,et al.  Risk analysis for critical asset protection. , 2007, Risk analysis : an official publication of the Society for Risk Analysis.

[6]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[7]  Angelo Gaeta,et al.  Resilience Analysis of Critical Infrastructures: A Cognitive Approach Based on Granular Computing , 2019, IEEE Transactions on Cybernetics.

[8]  Zhang Yi,et al.  Incremental rough set approach for hierarchical multicriteria classification , 2018, Inf. Sci..

[9]  Vineet M. Payyappalli,et al.  Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts , 2017, Risk analysis : an official publication of the Society for Risk Analysis.

[10]  Lotfi A. Zadeh,et al.  Toward a theory of fuzzy information granulation and its centrality in human reasoning and fuzzy logic , 1997, Fuzzy Sets Syst..

[11]  David Banks,et al.  Adversarial Risk Analysis , 2015, IWSPA@CODASPY.

[12]  Salvatore Greco,et al.  Dominance-based Rough Set Approach to decision under uncertainty and time preference , 2010, Ann. Oper. Res..

[13]  Salvatore Greco,et al.  Rough approximation of a preference relation by dominance relations , 1999, Eur. J. Oper. Res..

[14]  J. Neumann,et al.  Theory of games and economic behavior , 1945, 100 Years of Math Milestones.

[15]  Jerzy W. Grzymala-Busse,et al.  Rough Sets , 1995, Commun. ACM.

[16]  J. Schreiber Foundations Of Statistics , 2016 .

[17]  Yiyu Yao,et al.  Actionable strategies in three-way decisions , 2017, Knowl. Based Syst..

[18]  Kjell Hausken and Gregory Levitin Review of Systems Defense and Attack Models , 2012, International Journal of Performability Engineering.

[19]  R. Powell Defending against Terrorist Attacks with Limited Resources , 2007, American Political Science Review.

[20]  Peter C. Fishburn,et al.  Nonlinear preference and utility theory , 1988 .

[21]  Giuseppe D’Aniello,et al.  A granular computing framework for approximate reasoning in situation awareness , 2017, GRC 2017.

[22]  Michael D. Greenberg,et al.  Improving the Safety and Security of Freight and Passenger Rail in Pennsylvania , 2008 .

[23]  Jose Emmanuel Ramirez-Marquez,et al.  Protecting critical infrastructures against intentional attacks: a two-stage game with incomplete information , 2013 .

[24]  Richards J. Heuer,et al.  Structured Analytic Techniques for Intelligence Analysis , 2014 .

[25]  Farid Karbalaei,et al.  Determining an appropriate partitioning method to reduce the power system dimensions for real time voltage control , 2018 .

[26]  Genserik Reniers,et al.  Applying a Bayesian Stackelberg game for securing a chemical plant , 2018 .

[27]  Larry Samuelson,et al.  Choosing What to Protect: Strategic Defensive Allocation Against an Unknown Attacker , 2005 .

[28]  H. Levy Stochastic dominance and expected utility: survey and analysis , 1992 .

[29]  Yiyu Yao,et al.  Three-Way Decisions and Cognitive Computing , 2016, Cognitive Computation.

[30]  Hui Xiao,et al.  Object defense with preventive strike and false targets , 2018, Reliab. Eng. Syst. Saf..

[31]  Yiyu Yao,et al.  Advances in three-way decisions and granular computing , 2016, Knowl. Based Syst..

[32]  Kostas Kolomvatsos,et al.  Predictive intelligence to the edge through approximate collaborative context reasoning , 2017, Applied Intelligence.

[33]  Marci McBride,et al.  A zoning algorithm for dynamic cyber zone defense , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[34]  Christopher D. Wickens,et al.  A model for types and levels of human interaction with automation , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[35]  Matteo Gaeta,et al.  Application of Granular Computing and Three-way decisions to Analysis of Competing Hypotheses , 2016, 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC).

[36]  J. Neumann,et al.  Theory of Games and Economic Behavior: 60th Anniversary Commemorative Edition , 2020 .

[37]  Gerald G. Brown,et al.  Defending Critical Infrastructure , 2006, Interfaces.

[38]  Witold Pedrycz,et al.  Granular Computing: Perspectives and Challenges , 2013, IEEE Transactions on Cybernetics.

[39]  Chunjie Zhou,et al.  Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Electronics.

[40]  L. J. Savage,et al.  The Foundations of Statistics , 1955 .

[41]  Erik Jenelius,et al.  Critical infrastructure protection under imperfect attacker perception , 2010, Int. J. Crit. Infrastructure Prot..

[42]  Theresa Beaubouef,et al.  Rough Sets , 2019, Lecture Notes in Computer Science.

[43]  Soumya K. Ghosh,et al.  A planner-based approach to generate and analyze minimal attack graph , 2010, Applied Intelligence.