Advertisement

Applied Intelligence

, Volume 49, Issue 3, pp 1063–1077 | Cite as

Improving awareness in early stages of security analysis: A zone partition method based on GrC

  • Hamido FujitaEmail author
  • Angelo Gaeta
  • Vincenzo Loia
  • Francesco Orciuoli
Article
  • 67 Downloads

Abstract

We present a method based on granular computing to support decision makers in analysing and protecting large-scale infrastructures or urban areas from external attacks by identifying a suitable partition of the infrastructure or the area under analysis. The method works on a very limited set of information relating to the vulnerabilities of components, and probability information regarding how vulnerabilities can impact meaningful partitions. These aspects make the method very useful as a reasoning mechanism to improve awareness and support rapid decision making at early stages of intelligence analysis, when information is scarce and contains a high degree of uncertainty. The results of the case study, which are based on the hypothesis of a terrorist attack on a subway, show that the method provides approximate solutions with the advantages of supporting reasoning at different levels of abstraction and providing simplicity of threat scenario analysis. We also discuss the limitations of the applicability of our approach.

Keywords

Security Situation awareness Granular computing 

References

  1. 1.
    Anagnostopoulos C, Kolomvatsos K (2018) Predictive intelligence to the edge through approximate collaborative context reasoning. Appl Intell 48(4):966–991CrossRefGoogle Scholar
  2. 2.
    Bier V, Oliveros S, Samuelson L (2007) Choosing what to protect: strategic defensive allocation against an unknown attacker. Journal of Public Economic Theory 9(4):563–587CrossRefGoogle Scholar
  3. 3.
    Brown G, Carlyle M, Salmerón J, Wood K (2006) Defending critical infrastructure. Interfaces 36 (6):530–544CrossRefGoogle Scholar
  4. 4.
    Cherdantseva Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for scada systems. Comput Secur 56:1–27CrossRefGoogle Scholar
  5. 5.
    D’Aniello G, Gaeta A, Gaeta M, Loia V, Reformat MZ (2016) Application of granular computing and three-way decisions to analysis of competing hypotheses. In: 2016 IEEE international conference on systems, man, and cybernetics (SMC). IEEE, pp 001650–001655Google Scholar
  6. 6.
    D’Aniello G, Gaeta A, Loia V, Orciuoli F (2017) A granular computing framework for approximate reasoning in situation awareness. Granular Comput 2(3):141–158CrossRefGoogle Scholar
  7. 7.
    Fishburn PC (1988) Nonlinear preference and utility theory, vol 5. Johns Hopkins University Press, BaltimorezbMATHGoogle Scholar
  8. 8.
    Fujita H, Gaeta A, Loia V, Orciuoli F (2018) Resilience analysis of critical infrastructures: a cognitive approach based on granular computing. IEEE Trans Cybern PP(99):1–14.  https://doi.org/10.1109/TCYB.2018.2815178  https://doi.org/10.1109/TCYB.2018.2815178 CrossRefGoogle Scholar
  9. 9.
    Fujita H, Li T, Yao Y (2016) Advances in three-way decisions and granular computing. Knowl-Based Syst 91:1–3. Three-way Decisions and Granular ComputingCrossRefGoogle Scholar
  10. 10.
    Gao C, Yao Y (2017) Actionable strategies in three-way decisions. Knowl-Based Syst 133:141–155CrossRefGoogle Scholar
  11. 11.
    Ghosh N, Ghosh SK (2012) A planner-based approach to generate and analyze minimal attack graph. Appl Intell 36(2):369– 390CrossRefGoogle Scholar
  12. 12.
    Greco S, Matarazzo B, Slowinski R (1999) Rough approximation of a preference relation by dominance relations. Eur J Oper Res 117(1):63–83CrossRefzbMATHGoogle Scholar
  13. 13.
    Greco S, Matarazzo B, Słowiński R (2010) Dominance-based rough set approach to decision under uncertainty and time preference. Ann Oper Res 176(1):41–75MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Hausken K, Levitin G (2012) Review of systems defense and attack models. Int J Performability Eng 8 (4):355–366Google Scholar
  15. 15.
    Jenelius E, Westin J, Holmgren ÅJ (2010) Critical infrastructure protection under imperfect attacker perception. Int J Crit Infrastruct Prot 3(1):16–26CrossRefGoogle Scholar
  16. 16.
    Kahneman D, Tversky A (2013) Prospect theory: an analysis of decision under risk. In: Handbook of the fundamentals of financial decision making: Part I. World Scientific, pp. 99–127Google Scholar
  17. 17.
    Karbalaei F, Shahbazi H (2018) Determining an appropriate partitioning method to reduce the power system dimensions for real time voltage control. Int J Electr Power Energy Syst 100:58–68.  https://doi.org/10.1016/j.ijepes.2018.02.025 CrossRefGoogle Scholar
  18. 18.
    Levy H (1992) Stochastic dominance and expected utility: survey and analysis. Manag Sci 38(4):555–593CrossRefzbMATHGoogle Scholar
  19. 19.
    Lieberman CA, Bucht R (2009) Rail transport security. In: A new understanding of terrorism. Springer, pp. 189–204Google Scholar
  20. 20.
    Luo C, Li T, Chen H, Fujita H, Yi Z (2018) Incremental rough set approach for hierarchical multicriteria classification. Inf Sci 429:72–87MathSciNetCrossRefGoogle Scholar
  21. 21.
    McBride M, Mitchell R (2017) A zoning algorithm for dynamic cyber zone defense. In: 2017 IEEE 7th annual computing and communication workshop and conference (CCWC). IEEE, pp 1–6Google Scholar
  22. 22.
    McGill WL, Ayyub BM, Kaminskiy M (2007) Risk analysis for critical asset protection. Risk Anal 27 (5):1265–1281CrossRefGoogle Scholar
  23. 23.
    Ortiz DS, Weatherford BA, Greenberg MD, Ecola L (2008) Improving the safety and security of freight and passenger rail in PennsylvaniaGoogle Scholar
  24. 24.
    Parasuraman R, Sheridan TB, Wickens CD (2000) A model for types and levels of human interaction with automation. IEEE Trans Syst Man Cybern Syst Hum 30(3):286–297CrossRefGoogle Scholar
  25. 25.
    Pawlak Z (1982) Rough sets. Int J Comput Inform Sci 11(5):341–356CrossRefzbMATHGoogle Scholar
  26. 26.
    Payappalli VM, Zhuang J, Jose VRR (2017) Deterrence and risk preferences in sequential attacker–defender games with continuous efforts. Risk AnalGoogle Scholar
  27. 27.
    Powell R (2007) Defending against terrorist attacks with limited resources. Am Polit Sci Rev 101(3):527–541CrossRefGoogle Scholar
  28. 28.
    Richards HJ, Pherson RH (2010) Structured analytic techniques for intelligence analysis. Cq PressGoogle Scholar
  29. 29.
    Rios Insua D, Rios J, Banks D (2009) Adversarial risk analysis. J Am Stat Assoc 104(486):841–854MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Savage LJ (1972) The foundations of statistics. Courier CorporationGoogle Scholar
  31. 31.
    Von Neumann J, Morgenstern O (2007) Theory of games and economic behavior (commemorative edition). Princeton University Press, PrincetonzbMATHGoogle Scholar
  32. 32.
    Wu D, Xiao H, Peng R (2018) Object defense with preventive strike and false targets. Reliab Eng Syst Saf 169:76–80CrossRefGoogle Scholar
  33. 33.
    Yang J, Zhou C, Yang S, Xu H, Hu B (2018) Anomaly detection based on zone partition for security protection of industrial cyber-physical systems. IEEE Trans Ind Electron 65(5):4257– 4267CrossRefGoogle Scholar
  34. 34.
    Yao JT, Vasilakos AV, Pedrycz W (2013) Granular computing: Perspectives and challenges. IEEE Trans Cybern 43(6):1977–1989CrossRefGoogle Scholar
  35. 35.
    Yao Y Yao J, Lingras P, Wu WZ, Szczuka M, Cercone NJ, Ślzak D (eds) (2007) Decision-theoretic rough set models. Springer, BerlinGoogle Scholar
  36. 36.
    Yao Y (2016) Three-way decisions and cognitive computing. Cogn Comput 8(4):543–554CrossRefGoogle Scholar
  37. 37.
    Zadeh LA (1997) Toward a theory of fuzzy information granulation and its centrality in human reasoning and fuzzy logic. Fuzzy Sets Syst 90(2):111–127MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    Zhang C, Ramirez-Marquez JE (2013) Protecting critical infrastructures against intentional attacks: a two-stage game with incomplete information. IIE Trans 45(3):244–258CrossRefGoogle Scholar
  39. 39.
    Zhang L, Reniers G (2018) Applying a bayesian stackelberg game for securing a chemical plant. J Loss Prev Process Ind 51:72–83.  https://doi.org/10.1016/j.jlp.2017.11.010. http://www.sciencedirect.com/science/article/pii/S0950423017310239 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Hamido Fujita
    • 1
    Email author
  • Angelo Gaeta
    • 2
  • Vincenzo Loia
    • 3
  • Francesco Orciuoli
    • 3
  1. 1.Faculty of Software and Information ScienceIwate Prefectural UniversityIwateJapan
  2. 2.Department of Information, Electric Engineering and Applied Mathematics and Department of Management and Innovation SystemsUniversity of SalernoFiscianoItaly
  3. 3.Department of Management and Innovation SystemsUniversity of SalernoFiscianoItaly

Personalised recommendations