S. Meng,W. Schmitz,Bo Hu,F. Schultmann,S. Pickl,M. Wiens

Abstract:study RiKoV deals with mitigating risks of a terrorist attack against the German public railway system. The research method and first results will be presented and discussed in this paper. In the project, a scenario-based risk assessment method was developed tailored to intelligent, rationally acting attackers. We consider risk as a function of the system’s vulnerability, the threat to the system, and the consequences of an attack. In particular, we apply three complementary ways to deal with the problem of fundamental uncertainty with respect to the terrorists’ motivation. In a first approach, the input parameters “intention” and “capability” are regarded as fuzzy parameters which are measured in qualitative categories. The second approach is the derivation of optimal rules in a multi-criteria framework for decisions under uncertainty. Finally, we complement our elaborated risk analysis with game-theoretic arguments.

Political Science,Business,Engineering

XiaoLin Cui,Xiaobin Tan,Yong Zhang,Hongsheng Xi

DOI: https://doi.org/10.1109/CSSE.2008.949

2008-01-01

Abstract:Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model. © 2008 IEEE.

Zhen Zhou,Ada Che,Feng Chu,Chengbin Chu

DOI: https://doi.org/10.1155/2014/832814

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:In most of the hazardous material transportation problems, risk factors are assumed to be constant, which ignores the fact that they can vary with time throughout the day. In this paper, we deal with a novel time-dependent hazardous material transportation problem via lane reservation, in which the dynamic nature of transportation risk in the real-life traffic environment is taken into account. We first develop a multiobjective mixed integer programming (MIP) model with two conflicting objectives: minimizing the impact on the normal traffic resulting from lane reservation and minimizing the total transportation risk. We then present a cut-and-solve based ε-constraint method to solve this model. Computational results indicate that our method outperforms the ε-constraint method based on optimization software package CPLEX.

Yancui Duan,Yonghua Cai,Zhikang Wang,Xinyang Deng

DOI: https://doi.org/10.3390/app8030428

2018-01-01

Abstract:Nowadays, computer networks are playing a more and more important role in people’s daily lives. Meanwhile, the security of computer networks has also attracted widespread concern. However, up to now, there is no universal and effective assessment approach for computer network security. Therefore, a novel network security risk assessment approach by combining subjective and objective weights under uncertainty is proposed. In the proposed evaluation approach, the uncertainty of evaluation data is taken into account, which is translated into objective weights through an uncertainty measure. By combining the subjective weights of evaluation criteria and the objective weights of evaluation data, the final weights can be obtained. Then, Dempster–Shafer (D-S) evidence theory and pignistic probability transformation (PPT) are employed to derive a consensus decision for the degree of the network security risk. Two illustrative examples are given to show the efficiency of the proposed approach. This approach of risk assessment, which combines subjective and objective weights, can not only effectively evaluate computer network security, but also be widely used in decision-making.

Shuqi Wan

DOI: https://doi.org/10.4018/jitr.299950

2022-01-01

Journal of Information Technology Research

Abstract:Aiming at the problems existing in the optimal allocation of financial resources, this paper establishes an optimization model and calculates the optimal allocation coefficient. With the help of Markowitz's investment theory, two indicators, which are investment risk and return rate, are analyzed quantitatively. Firstly, by analyzing the allocation efficiency and risk of financial resources, the allocation efficiency model is established, and the problem is decomposed into a finite 0-1 programming problem, which is solved by Hungarian Method. Secondly, considering the minimum allocation risk and the expected maximum return, the multi-objective model is solved by progressive optimal algorithm. The model reflects both unsatisfaction and risk avoidance which are the two characteristics of rational investment behavior. The analysis shows that the model has strong applicability and can be expected to improve the allocation efficiency of financial resources and reduce the allocation risk.

Noura Metawa,Nahia Mourad,,

DOI: https://doi.org/10.54216/ijns.190114

2022-01-01

International Journal of Neutrosophic Science

Abstract:Financial organizations can no longer ignore the problem of managing risk. As a component of the financial system, efficient Financial Risk Management (FRM) may significantly affect business results. These findings show that the triangular neutrosophic numbers simulate capital asset key metrics. Performance metrics for capital assets may be modeled using this kind of value by accounting for all conceivable outcomes for their attainment. The profit on capital instruments, the risk of financial investments, and the covariance of capital instruments are the Key Performance Metrics (KPIs) modeled using triangular neutrosophic values. Specifically, this research employs two techniques. Prioritizing parameters for financial risk management dimensions using the Analytic Hierarchy Process (AHP). Second, the performance evaluation of financial risk management was evaluated from the perspective of several groups of specialists by the COCOSO method to assess the ranking of possible replies further. By using the presented method, we may better identify where to put our efforts and how to allocate our resources for greater effectiveness in managing financial risks.

MingChu Li,Wanyu Dong,Xiao Zheng,Anil Carie,Yuan Tian

DOI: https://doi.org/10.1007/978-981-19-0604-6_49

2022-01-01

Abstract:This paper proposes a method to enable a risk-averse and resource-constrained network defender to deploy security countermeasures in an optimal way to prevent multiple potential attackers with uncertain budgets. To solve the problem of information asymmetry between the attacker and the defender, a fake countermeasure (FC) is placed on the arc, and the situation of multiple attackers is also taken into consideration. This method is based on the risk aversion bi-level stochastic network interdiction model on the attack graph, which can easily map the path of attackers. Meanwhile, our method can minimize the weighted sum of all losses and minimize the risk of the defender's key nodes being destroyed. At the same time, in order to prevent the key node of the defender from being destroyed, the risk condition value measurement is taken into account in the stochastic programming model. We design a SA-CPLEX algorithm to provide a high-quality approximate optimal solution. And computational results suggest that our method provides better network interdiction decisions than traditional deterministic and risk-neutral models.

Yang Sun,Wei Xiong,Zhonghua Yao,Krishna Moniz,Ahmed Zahir

DOI: https://doi.org/10.3390/electronics7030036

IF: 2.9

2018-01-01

Electronics

Abstract:Improving network security is a difficult problem that requires balancing several goals, such as defense cost and need for network efficiency, to achieve proper results. Modeling the network as a game and using optimization problems to select the best move in such a game can assist network administrators in determining an ideal defense strategy. However, most approaches for determining optimal game solutions tend to focus on either single objective games or merely scalarize the multiple objectives to a single of objective. In this paper, we devise a method for modeling network attacks in a zero-sum multi-objective game without scalarizing the objectives. We use Pareto Fronts to determine the most harmful attacks and Pareto Optimization to find the best defense against those attacks. By determining the optimal solutions through those means, we allow network administrators to make the final defense decision from a much smaller set of defense options. The included experiment uses minimum distance as selection method and compares the results with a minimax algorithm for the determination of the Nash Equilibrium. The proposed algorithm should help network administrators in search of a hands-on method of improving network security.

Orly Stan,Ron Bitton,Michal Ezrets,Moran Dadon,Masaki Inokuchi,Yoshinobu Ohta,Tomohiko Yagyu,Yuval Elovici,Asaf Shabtai

DOI: https://doi.org/10.48550/arXiv.1906.10943

2019-06-26

Abstract:Selecting the optimal set of countermeasures is a challenging task that involves various considerations and tradeoffs such as prioritizing the risks to mitigate and costs. The vast majority of studies for selecting a countermeasure deployment are based on a limited risk assessment procedure that utilizes the common vulnerability scoring system (CVSS). Such a risk assessment procedure does not necessarily consider the prerequisites and exploitability of a specific asset, cannot distinguish insider from outsider threat actor, and does not express the consequences of exploiting a vulnerability as well as the attacker's lateral movements. Other studies applied a more extensive risk assessment procedure that relies on manual work and repeated assessment. These solutions however, do not consider the network topology and do not specify the optimal position for deploying the countermeasures, and therefore are less practical. In this paper we suggest a heuristic search approach for selecting the optimal countermeasure deployment under a given budget limitation. The proposed method expresses the risk of the system using an extended attack graph modeling, which considers the prerequisites and consequences of exploiting a vulnerability, examines the attacker's potential lateral movements, and express the physical network topology as well as vulnerabilities in network protocols. In addition, unlike previous studies which utilizes attack graph for countermeasure planning, the proposed methods does not require re-generating the attack graph at each stage of the procedure, which is computationally heavy, and therefore it provides a more accurate and practical countermeasure deployment planning process.

Cryptography and Security

Hua Zhi,Guidong Zhang,Yiqun Liu,Yongjun Shen

DOI: https://doi.org/10.1109/icsess.2017.8342953

2017-01-01

Abstract:There are many risks in software system throughout development and operation. If we can do some qualitative and quantitative analysis about the risk assessment indicators, and take steps to perform risk assessment, the loss of the risks will be obviously reduced. Analytic Hierarchy Process and modified fuzzy entropy weight are combined here, in this article, since the output of Analytic Hierarchy Process has subjective tendency, we need to use an optimized fuzzy entropy-weight to get a comprehensive weight to lower subjectivity and strengthen objectivity. In the end, We do an experiment to verify validity and applicability.

Bo Wang,You Li,Junzo Watada

DOI: https://doi.org/10.1007/978-3-642-23854-3_23

2011-01-01

Abstract:This study proposes an novel fuzzy multi-objective model that can evaluate the invest risk properly and increase the probability of obtaining the expected return. In building the model, fuzzy Value-at-Risk is used to evaluate the exact future risk, in term of loss. And, variance is utilized to make the selection more stable. This model can provide investors with more significant information in decision-making. To solve this model, a new Pareto-optimal set based multiobjective particle swarm optimization algorithm is designed to obtain better solutions among the Pareto-front. At the end of this study, the proposed model and algorithm are exemplified by one numerical example. Experiment results show that the model and algorithm are effective in solving the multi-objective portfolio selection problem.

DOI: https://doi.org/10.46632/cset/1/3/1

2023-09-03

3

Abstract:Cyber security has become a critical concern in today's interconnected world, with the escalating frequency and sophistication of cyber threats. To effectively protect digital assets and sensitive information, organizations must adopt robust cybersecurity systems. The Multi-Objective Optimization on the basis of Ratio Analysis (MOORA) method has emerged as a promising approach for evaluating and improving cybersecurity systems.This research presents an innovative application of the MOORA method to enhance cybersecurity systems. The MOORA method is a Multi-Criteria Decision Analysis (MCDA) technique that enables decision-makers to rank alternatives based on multiple criteria, ultimately aiding in selecting the most suitable solution. In the context of cybersecurity, various evaluation criteria are considered, such as threat detection accuracy, incident response time, scalability, resource utilization, and cost-effectiveness.Through the integration of the MOORA method, this study offers a systematic and quantitative assessment of cybersecurity systems, addressing the limitations of traditional evaluation techniques that often overlook the complexity of cyber threats. By prioritizing the criteria most relevant to an organization's specific needs and risk profile, decision-makers can make informed choices about investing in the right cybersecurity measures.The practical implementation of the proposed MOORA-based cybersecurity system is demonstrated using real-world data from a diverse set of organizations. The results showcase the effectiveness of the method in guiding cybersecurity decision-making, leading to the identification of optimal solutions that strike the best balance between performance, cost, and resource allocation.The alternatives are A1 is Providing only essential information and continuing to use the service or product, A2 is Giving wrong or partially wrong information as personal data (misinformation), A3 is Closing the account, disposing of, or deactivating the smart device or application and A4 limiting the use of the application, financial institution, or device. The Evaluation parameters are C1 is Low trust in the firm, device, or application, C2 is Poor referrals or negative word-of-mouth from previous users about the service or app, C3 is Negative previous online experience, C4 is Being tech-savvy, experienced, and knowledgeable about recent trends in data privacy and cybersecurity, C5 is The firm or institution not meeting essential privacy and security expectations, such as privacy policies, notices (cookies), seals, etc and C6 is Perceiving that the benefits outweigh the risks of disclosing information.The final result is Limit the use of application, financial institution or device, etc (A4) is got first rank and Provision of strictly necessary Information and continue the use of service or product (A1) is got lowest rank.

Xiaoxue Guo,Long Ding,Jie Ji,Valerio Cozzani

DOI: https://doi.org/10.1016/j.ress.2022.108584

IF: 7.247

2022-01-01

Reliability Engineering & System Safety

Abstract:In general, the allocation strategy of safety measures in the domino effect is based on technical standards or simplistic rules of thumb, often leading to a subjective and uncertain decision-making process. In this work, a cost-effective risk reduction optimization model is proposed to objectively allocate the safety investment concerning domino effects in view of the risk and economic cost. Different from previous safety barrier performance assessments, we directly relate risk to economic cost through mathematical functions to trade off the economic effectiveness and domino effect risk under lower uncertainty. Not only mitigating measures, but also preventive measures are considered for domino risk reduction in the decision-making process of safety investment allocation in practical applications. The results from the case study demonstrate that the proposed model can help decision makers to identify the optimal safety investment among different investments and find the optimal investment allocation strategy given a specific economic investment in the worst-case domino scenario.

Fu-Hong Yang,Chi-Hung Chi,Lin Liu

DOI: https://doi.org/10.1007/11839569_28

2006-01-01

Abstract:A formal model of security risk assessment for an enterprise information security is developed. The model, called the Graph Model, is constructed based on the mapping of an enterprise IT infrastructure and networks/systems onto a graph. Components of the model include the nodes which represent hosts in enterprise network and their weights of importance and security, the connections of the nodes, and the safeguards used with their costs and effectiveness. The model can assist to identify inappropriate, insufficient or waste protector resources like safeguards that are relative to the needs of the protected resources, and then reallocates the funds or protector resources to minimize security risk. An example is provided to represent the optimization method and process. The goal of using Graph Model is to help enterprise decision makers decide whether their security investment is consistent with the expected risks and how to allocate the funds or protector resources.

Cheng Yexia,Jiang Wen,Xue Zhi,Cheng Yejian

2012-01-01

Journal of Computer Research and Development

Abstract:In order to improve network security and take evaluation to give security solution, a novel method of network security evaluation based on attack graph model is proposed. Using attack graph model and combining with characteristics of Markov Chain and Bayesian Network, we propose four security evaluation metrics and the method to compute them, including attack probability parameter, attack realization parameter, vulnerability level parameter and criticality parameter of vulnerability. Based on this, we research on a model of multi-objective security evaluation method, which can help security administrators control the global network more effectively with security enhancement suggestions. Simulation results show that the method is well in expansibility and practicality.

Oluwatoyin Esther Akinbowale,Heinz Eckart Klingelhöfer,Mulatu Fekadu Zerihun

DOI: https://doi.org/10.1108/jfc-10-2022-0245

2022-12-20

Journal of Financial Crime

Abstract:Purpose This study aims to investigate the feasibility of employing a multi-objectives integer-programming model for effective allocation of resources for cyberfraud mitigation. The formulated objectives are the minimisation of the total allocation cost of the anti-fraud capacities and the maximisation of the forensic accounting capacities in all cyberfraud incident prone spots. Design/methodology/approach From the literature survey conducted and primary qualitative data gathered from the 17 licenced banks in South Africa on fraud investigators, the suggested fraud investigators are the organisation's finance department, the internal audit committee, the external risk manager, accountants and forensic accountants. These five human resource capacities were considered for the formulation of the multi-objectives integer programming (MOIP) model. The MOIP model is employed for the optimisation of the employed capacities for cyberfraud mitigation to ensure the effective allocation and utilisation of human resources. Thus, the MOIP model is validated by a genetic algorithm (GA) solver to obtain the Pareto-optimum solution without the violation of the identified constraints. Findings The formulated objective functions are optimised simultaneously. The Pareto front for the two objectives of the MOIP model comprises the set of optimal solutions, which are not dominated by any other feasible solution. These are the feasible choices, which indicate the suitability of the MOIP to achieve the set objectives. Practical implications The results obtained indicate the feasibility of simultaneously achieving the minimisation of the total allocation cost of the anti-fraud capacities, or the maximisation of the forensic accounting capacities in all cyberfraud incident prone spots – or the trade-off between them, if they cannot be reached simultaneously. This study recommends the use of an iterative MOIP framework for decision-makers which may aid decision-making with respect to the allocation and utilisation of human resources. Originality/value The originality of this work lies in the development of multi-objectives integer-programming model for effective allocation of resources for cyberfraud mitigation.

Junjun Xu,Han Miao,Tengfei Zhang,Qinran Hu,Zaijun Wu

DOI: https://doi.org/10.1109/TIA.2024.3399690

IF: 4.079

2024-01-01

IEEE Transactions on Industry Applications

Abstract:Owing to the advancements in industry information technology, the traditional distribution network has evolved into a cyber-physical distribution system (CPDS), thereby introducing new challenges in quantifying the vulnerability of the system to cyber attacks. In addressing this issue, this paper proposes a novel risk assessment model with the example of cyber attacks on SCADA systems. To begin with, a risk propagation model is employed to construct a node network diagram for the SCADA system, facilitating the analysis of attack pathways and probabilities. Subsequently, physical metrics on the power side of the distribution network are established to quantify the physical consequences. Furthermore, defense costs against cyber attacks are computed, forming the basis for the development of a multi-objective optimization model for defense resources tailored to measurement devices, in conjunction with the proposed risk assessment model. Case studies and results demonstrate the performance of the proposed risk assessment model and defense resource optimization approach by contrast with existing ones.

Yang Sun,Yun Li,Wei Xiong,Zhonghua Yao,Krishna Moniz,Ahmed Zahir

DOI: https://doi.org/10.3390/app8010136

2018-01-01

Abstract:Using Pareto optimization in Multi-Objective Reinforcement Learning (MORL) leads to better learning results for network defense games. This is particularly useful for network security agents, who must often balance several goals when choosing what action to take in defense of a network. If the defender knows his preferred reward distribution, the advantages of Pareto optimization can be retained by using a scalarization algorithm prior to the implementation of the MORL. In this paper, we simulate a network defense scenario by creating a multi-objective zero-sum game and using Pareto optimization and MORL to determine optimal solutions and compare those solutions to different scalarization approaches. We build a Pareto Defense Strategy Selection Simulator (PDSSS) system for assisting network administrators on decision-making, specifically, on defense strategy selection, and the experiment results show that the Satisficing Trade-Off Method (STOM) scalarization approach performs better than linear scalarization or GUESS method. The results of this paper can aid network security agents attempting to find an optimal defense policy for network security games.

Jinkun Men,Guohua Chen,Lixing Zhou,Peizhu Chen

DOI: https://doi.org/10.1016/j.psep.2022.03.048

2022-01-01

Abstract:Hazardous materials (HazMat) transportation is one of the indispensable links in the chemical process industry and is closely related to safety, security, and environmental concerns. HazMat transportation routing is a major proactive risk management measure. Most related studies focus on diminishing the transportation risk for one single HazMat shipment. This work addresses a global perspective on the problem where the correlations of multiple simultaneous HazMat shipments are considered. A multi-objective transportation network design model is defined to optimize the objectives of the transportation risk and the transportation cost. A well-designed Pareto-based hybrid heuristic algorithm is proposed for model solving, which integrates a linear decomposition procedure for initial population construction, a Pareto-based scatter search procedure for population evolution, and a variable neighborhood search procedure for solution improvement. Computational results indicate that the proposed algorithm is competitive in solving large-scale instances since it is able to strike a great balance between effectiveness and efficiency. The detailed solution analysis shows that the proposed approach can effectively coordinate multiple simultaneous HazMat transportation processes. Moreover, we find that performing multiple short-distance shipments would significantly reduce the total transportation risk, but results in the higher transportation cost. This work can provide a set of Pareto optimal transportation networks for different industrial application scenarios to achieve the trade-off between economic and safety.

Gao-Feng Yu

DOI: https://doi.org/10.1016/j.inffus.2023.102066

IF: 18.6

2023-10-08

Information Fusion

Abstract:Grade assessment of network security situation is summarized as a typical multi-index grade assessment problem. However, the existed methods for grade assessment of network security situation do not consider multi-source information such as the trust information among experts, the preference information among companies and heterogeneous information of companies. The above problems are unable to be solved through traditional assessment methods. The aim of this paper is to establish a novel multi-objective decision model for the grade assessment of network security situation under multi-source information. On the basis of describing the grade assessment problem of network security situation, the membership functions of four-type thresholds for the grades on attribute eigenvalue are put forward. Two trust information uncertainty degrees in social network are defined, and the trust transfer operator based on trust information uncertainty degree and multi-path trust integration method based on the variable weight function is proposed. Afterwards, a new method to generate the incomplete social network is used to identify the weights of experts. Then, a multi-objective decision grade assessment optimization model is further established to obtain the network security situation grades and grade discrimination based on the two-tuple linguistic operator. The proposed method provides a theoretical basis for constructing and testing the grade assessment of network security situation. Meanwhile, it develops the grade assessment system of advanced network security situation and improves the ability to protect network security.

computer science, artificial intelligence, theory & methods