Vrlo Vazno 1

An AHP-Based Risk-Assessment Model of Expressway Network

1Kun Xu, 2Wei Li, 3Dangfang Zhang 1, First AuthorSchool of Information Science and Engineering, Hunan University,

[email protected] 2,Corresponding AuthorSchool of Information Science and Engineering, Hunan University,

[email protected] 3School of Information Science and Engineering, Hunan University, [email protected]

Abstract

After analyzing of the relationship between risk and the assets, threats, vulnerability of Expressway Network, the paper brings out a Risk-Assessment Model of Expressway Network based AHP. In the end, it works out the problem within the risk of the system and its each factor. And the paper tries to improve the Analytic Hierarchy Process and put forward the 1~10 five-scale method which makes it convenient for designing questionnaires and increasing experts acceptance. Meanwhile this method can avoid contradiction and confusion when experts try to make a judgment by comparison. Therefore, it can make a much more consistent judgment matrix, and the Analytic Hierarchy Process can work more effectively in the risk assessment test on electro-mechanical systems.

Key words: AHP Analytic Hierarchy Process, 1~10 Five-Scale Method, Expressway Network, Risk

Assessment Model 1. Introduction

The connected Expressway Electro-mechanical Systems have made such a large scale wide-area information network. And it is the only platform applied to the process in the transaction information of billions of expressway toll-booths, the monitoring information of roads and tunnels, the information exchange of communication systems, information services and value-added services, and so on. Thus obviously it concerns nearly every aspect in expressway services, generates vast network nodes, and further more, connects a great number of operators. But there comes a fatal weak point, too. Supposed the network were maliciously attacked, it might lose tremendous data and become paralyzed or even out of control, which might cause heavy economic losses[1-2]. Therefore, a mastering current safety condition of the system plays the key role in system constructing and running. And to grasp the current condition, a risk assessment test must be carried out on the system[3]. In the test, assets vulnerability and potential threats shall be analyzed. Then there comes out the possibility and consequence of an accident. And finally the risk of the system will be calculated. This analysis provides an important reference to develop the strategy for controlling the system safety[4].

Among recent studies of the risk assessment of information system, researchers mostly take the perspective of improving Analytic Hierarchy Process (AHP)[5-6] or Fuzzy Set and Entropy-Weight, and they aims at having it done more scientifically in the risk assessment and reducing experts subjectivity and haphazardness when they take the assessment[7-8]. That is, these studies focus on improving AHP arithmetic, which more reasonably quantifies the weighted value of each factor in the assessment[9]. However, these studies do not make it clear how to scientifically connect the factors to the current safety condition of the system. When a risk assessment test is undertaking, not only shall the arithmetic be improved, but factors of the test on the entire systems, in other words, the model for the test be thoroughly studied[10]. In detail, the relationship between risks and factors shall be studied, problems aroused shall be settled, and finally the data shall serve the foundation in bringing out the safety condition of information system[11].

This paper firstly tries to analyze the relationship between the possible risks and the asset, threat, and vulnerability of the expressway network. Then it puts forward a risk assessment model named A Comparison of the Asset and Vulnerability in the Environment of Threat (CAVET), which consists of two parts. First, a survey of the expressway network is conducted, based on which the index system structure will be constructed for the risk assessment. The system is so huge that the division of system structure has to be done by different levels with reference to the frame protection of system domain.

An AHP-Based Risk-Assessment Model of Expressway Network Kun Xu, Wei Li, Dangfang Zhang

International Journal of Digital Content Technology and its Applications(JDCTA) Volume6,Number21,November 2012 doi:10.4156/jdcta.vol6.issue21.44

390

And based on previous studies, it tries to improve the Analytic Hierarchy Process and put forward the 1~10 Five-scale Method that makes it convenient for designing questionnaires and increasing experts acceptance. Meanwhile this method can avoid any contradiction or confusion when these experts try to make a judgment by comparison. Thus, it makes the judgment matrix much more consistent, and the Analytic Hierarchy Process can work more effectively in the risk assessment test on the electro-mechanical system.

2. Construction of CAVET

As mentioned, the risk assessment model CAVET shall be brought out in this paper, i.e. to make a comparison of the asset and vulnerability among threats. Its main idea is to compare the security levels and to check whether they reach the security standards or not, through Gaussian Function comparison

)int(:)int( VA . An integral parts comparison between assets and vulnerability aims to investigate whether a system has met the basic requirement[12], and the result coming out shows the value-at-risk of the system, marked by R. Here, CAVET is showed in the graph below:

Current Conditi

on

Assets Identification

Vulnerability Identification

Threats Identification

AHP Model of Assets

AHP Model of Vulnerability

AHP Model of Threats

Total Assets Total Vulnerability Total Threats

Risk

Actual RiskSuitable Control Regulations to Risk-managing

Maintaining the Current Safety Protection

Weights Weights Weights

Current Conditi

on

Gaussian Function Comparison

Decimal Function Comparisonthe Same GradeDifferent

Grades Different Grades

the Same Grade

Re-assessing

Structure of Risk Assessment System

Current Conditi

on

Figure 1. The CAVET Assessment Model

The model above shows, that once the structure of a risk assessment is made, the data firstly be

numerated is the total amount of assets, vulnerability, and threats. The computational process for these data is illustrated in the following paragraphs.

1. Assessed-value of total assets:

ii AaAaAaA 2211 1 Here, A1 to Ai is calculated on lower factors (if there is one).

ijkijkijijijijij

ijijiiiii

AaAaAaAAaAaAaA

2211

2211

2


391

When there is no lower factor, the assessed value )50( ii AA will be made from questionnaires of the current condition of assets, among which all weighted value ai is calculated by AHP. And the particular arithmetic and process will be introduced in detail in later paragraphs.

2. Assessed-value of total vulnerability:

ii VvVvVvV 2211 3

Here, V1 to Vi is calculated on lower factors (if there is one).

ijkijkijijijijij

ijijiiiii

VvVvVvVVvVvVvV

2211

2211

4

When there is no lower factor, the assessed value )50( ii VV will be made from questionnaires

of the current condition of vulnerability, among which all weighted value vi is calculated by AHP. And the particular arithmetic and process will be introduced in detail in later paragraphs.

3. Assessed-value of total threats:

ii TtTtTtT 2211 5

Here, T1 to Ti is calculated on lower factors (if there is one).

ijkijkijijijijij

ijijiiiii

TtTtTtTTtTtTtT

2211

2211

6

When there is no lower factor, the assessed value )50( ii TT will be made from questionnaires of the current situation of threats, among which all weighted value vi is calculated by AHP. And the particular arithmetic and process will be introduced in detail in later paragraphs.

When the total amount of assets, vulnerability, and threats are calculated, a risk assessment test is taken on the expressway network by CAVET, which leads to the data of its risk and its actual risk. The particular steps shall be taken according to the following instructions.

The system safety shall firstly be determined, and its value-at-risk shall be calculated then, specifically, to make a comparison between the levels of assets and that of vulnerability.

)int(:)int( VAR 7

While that both sides are on the same level means that the system basically reaches the mark, that

the level of vulnerability is higher shows that the system is over-secured. But if the level of vulnerability appears below that of assets, the system is in danger because of insufficient safe protection.

On comparison, if both assets and vulnerability are on the same level, the difference values following the decimal point shall be further compared. And the difference values correspond to the five levels of threats. The higher the threats level goes, the lower should the assets level be than that of vulnerability. Here is the specific arithmetic formula:

0}{}{ and }{}{-T51 AVAVAR 8


392

In particular applied environments, if AR (actual risk) is above zero, the system is at risk and, it has not reached the security standard because threats actually exist; if AR is below or equal to zero, the security has met the requirement of threats; but if AR is far too below zero, the safety protection has gone too far.

3. Studies and Improvement of AHP

With less quantitative information, AHP is able to formulize thinking process when a decision is made. Its solution is to construct judgment matrices. In constructing judgment matrices, while determining the relative importance of every two factors by comparing one factor with another, it is the key point to make sure that experts can accurately comprehend and make a clear judgment and, even design a scale model that agrees with reality and their thinking process. The scale for judgment matrices has always been the focus of experts research in the world. However, when a risk assessment test on expressway network is being undertaken based on AHP, the key point lies in choosing a suitable scale model from current methods and modifying it to the specific applied circumstance. So this paper aims to put forward the 1~10 five-scale method much suitable for the risk assessment of expressway network on the basis of the current 1~9 scale and 0~2 scale. Then integrating with the indirect method of judgment matrix mentioned in references[13], the five-scale comparison matrix is translated into indirect judgment matrix through mathematical transform. So weights of assets, vulnerability, and threats of electro-mechanical systems can be calculated according to the indirect method as ai,ti,vi.

To compare the relative importance of every two factors in the risk assessment of expressway network, an n comparison matrix can be constructed, consuming that there are n factors

namely 1w , 2w nw .

n

nnn

n

n

ww

ww

ww

ww

ww

ww

ww

ww

ww

A

21

2

2

2

1

2

1

2

1

1

1

9

In this comparison matrix:

jFactor following iFactor important less

jFactor toequal iFactor important more

jFactor by followed iFactor

1259

10

j

iij w

wa 10

(i,j=1,2,,n) The order exponent of importance of each factor can be calculated in this way:

n

jiji ap

1 11 (i=1,2,,n)

While maxp stands for the maximum order exponent, minp for the minimum. Similarly, maxA represents the factor of maximum order exponent and minA for the minimum. And these two factors


393

are treated as the basic comparative factors. Simultaneously, the relative importance )1(mb shall be calculated by experts. Also, with the accordance to the scale of basic comparative factors the order exponent difference of each factor shall be translated from )(,0 minmax pp to 1/1or ~1 mm bb which can show the relative importance between factors:

0)1(1)1(1

minmax jimijji

ppbpp

bpp

12

0)11(1)11(1

minmax jimijji

ppbppbpp

13 The following formula can be achieved after collocation and translation. According to the formula,

the relative importance between factors can be calculated. In this way, ijb can construct an indirect judgment matrix:

01)1(/1

01)1(

minmax

minmax

jimij

jimji

ijppb

pppp

ppbpppp

b 14

ij=12n

4. Comparison of Evaluation Cases and Assessment Analysis 4.1 Constructing the AHP Hierarchy

In this paper, a risk assessment of some provincial expressway network is taken as a typical case. And the following paragraphs indicate the AHP hierarchy of the assets, threats, and vulnerability assessment indicator system:

1. Assets Hierarchy Assets={the provincial monitoring center, sub-centers of sections; toll-booths}; the Provincial

Monitoring Center={the Internet Assess Subsystems, subsystems of secret-associated network and subsystems of private network}; Section Sub-center ={the Internet Assess Subsystems, subsystems of secret-associated network and subsystems of private network }; Toll Booth={subsystem of private network}; the Internet Assess Subsystem={communication sub-area}; Subsystem of Secret-associated Network={communication sub-area, monitoring, fee charging}; Subsystems of Private Network={communication sub-area, monitoring, fee}; Communication Sub-area=Fee Charging=Monitoring={physical environment; network layer, system layer, data layer, application layer}.

2. Threats Hierarchy Threats={human factors, natural factors}; Human factors={unintended damage, intended damage};

Unintended damage={technicians, business staff}; Intended damage={vindictive staff, intruders or hackers}; Technicians=Business Staff={technical failure threats; staffs mistaken threats; communication threats; logical threats}; Vindictive staff=intruders or hackers={technical failure threats; communication threats; logical threats}; Natural factors={physical and environmental threats, technical failure threats}.

3. Vulnerability Hierarchy Vulnerability={physical layer, network layer, system layer, application layer, management layer};

Physical Layer={environment security, media security, equipment security, electromagnetic leak, electromagnetic compatibility}; Network Layer={ security between private network and VLAN, assess


394

control of private network, private network shunt solution, network performance detecting measures, dynamic network monitoring measures, dial-up networking measures, network transmission measures}; System layer={precautions against computer virus, server security, client leaking security}; Application Layer={desktop and data security, data integrity security, data backup and recovery security, non-repudiation security, system security auditing measures, auditing measures of network information real-time monitoring, database security}; Management Layer={organizations of network security management, network security control system, security measures}.

4.2 Comparison of AHP Arithmetic Matrix Consistency Check Based on Different Scales

According to the AHP structure and Formula 9~14 of Diagram 1 (the Assessment Model), an indirect judgment matrix of two layers is created respectively for 1~10 five-scale method and 0~2 scale with scale transformed, and a judgment matrix of two layers for 1~9 scale as well. The related statistical data of consistency check are listed as follows:

Table 1. Statistics of AHP Arithmetic Matrix Consistency Based on 1~10 Five-scale Method

NO.

Names of (indirect)

judgment matrix

Pass or fail in the consistency

check (110 five-scale)


check (02 scale)


check (19 scale)

1 assets matrix (layer 1)

pass fail fail

2 the provincial center matrix (layer 2)

pass fail fail

3 the sub-centers matrix (layer 2)

pass pass fail

4 vulnerability matrix (layer 1)

pass pass pass

5 application layer matrix (layer 2)

pass pass fail

6 network layer matrix (layer 2)

pass pass fail

7 physical layer matrix (layer 2)

pass pass fail

8 management layer matrix (layer 2)

pass fail fail

9 system layer matrix (layer 2)

pass fail fail

10 threats matrix (layer 1)

pass pass pass

11 human factors matrix (layer 2)

pass pass pass

4.3 Calculations of AHP Arithmetic Value Based on Different Scales

According to Formula 1~6 and the model of layer structure, the calculations of values of three type of scale are illustrated as follows:

1. Calculations of values of 1~10 five-scale method

Table 2. Values of assets (described by two layers)

assets the provincial center sub-centers of

sections 0.743111 0.193591 0.063299

0.063299 0.743111 0.193591

0.066575 0.684845 0.24858


395

Table 3. Values of threats (described by two layers)

vulnerability application layer network layer physical layer management layer system layer0.479466 0.074637 0.258474 0.038638 0.148784

0.071575 0.340544 0.164287 0.105716 0.018108 0.048582 0.031959 0.219229

0.107357 0.04255 0.348312 0.069548 0.225015 0.158605 0.018672 0.029942

0.131118 0.246895 0.508733 0.040867 0.072388

0.700736 0.239802 0.059462

0.059462 0.239802 0.700736

Table 4. Values of vulnerability (described by two layers)

threat human factors0.166667 0.833333

0.142857 0.857143

2. Calculations of values of 0~2 three-scale method



sections 0.723054 0.215722 0.061223

0.061223 0.723054 0.215722

0.068564 0.707089 0.224346



0.066935 0.352481 0.15452 0.102139 0.019054 0.043394 0.02815 0.233327

0.102139 0.043394 0.352481 0.066935 0.233327 0.15452 0.019054 0.02815

0.139571 0.261711 0.486304 0.039292 0.073121

0.723054 0.215722 0.061223

0.061223 0.215722 0.723054

Table 7. Values of vulnerability (described by two layers) threat human factors

0.166667 0.833333

0.142857 0.857143

3. Calculations of values of 1~9 scale method



sections 0.739055 0.191552 0.069393

0.065327 0.726318 0.208355

0.06828 0.685164 0.246557


396



0.124804 0.241403 0.145837 0.122996 0.017999 0.087058 0.053637 0.206266

0.12324 0.055502 0.367229 0.078357 0.200639 0.129266 0.015128 0.03064

0.136132 0.214434 0.511597 0.040713 0.097125

0.678267 0.258456 0.063278

0.063278 0.258456 0.678267

Table 10. Values of vulnerability (described by two layers)

threat human factors0.2 0.8

0.166667 0.833333

4.3.1 Analysis and Comparison of Results

In this paper, the risk assessment of expressway network has been discussed respectively by 1~10

five-scale method, 0~2 three-scale method, and 1~9 scale, constructing a judgment matrix. With accordance to the above discussion, the judgment matrix cannot pass the consistency check when it is constructed in the risk assessment by 1~9 scale, while by 0~2 three-scale method it shows much better with only 4 matrices failing in the check and slight deviation. Surprisingly, the result by 1~10 five-scale method comes out the best among the three methods, which has smoothly passed the consistency check. The analysis of results is showed in detail as follows:

1) The main reason 1~9 scale making severe deviation lies in its much too complicated scales. It can hardly avoid any conflicts within the comparison of factors of a matrix as they increase. Besides, the complication even raises a much higher fuzzy barrier for experts when they try to judge, which demands much more techniques in evaluation and lowers the credibility of the evaluation in the assessment.

2) The 0~2 three-scale method shows much better but there appears some inconsistency, mainly because of the decrease of assessment accuracy as too much information is lost. The experts agree with this method but also point out that the insufficiency of scales sometimes leads to less precise judgment during the assessment evaluation.

3) The 1~10 five-scale method has integrated the strengths of the previous two, which can provide sufficient information and bring down the complication as well. That is, it avoids the weakness of the previous two methods. As its strengths outstand in the consistency check, it also better increases experts acceptance of questionnaires, than that of 0~2 three-scale method.

4.4 Values of Risk Based on AHP Arithmetic of Different Scales

Table 11. Calculations of Value-at-risk Based on 1~10 Five-scale Method Value of total system

assets (A) 3.3808662211 ii AaAaAa

Value of total system threats (T)

1.7142862211 ii TtTtTt Value of total system

vulnerability (V) 3.6874822211 ii VvVvVv

R )t requiremensecurity basic thesatisfying (3:3)3.687482int(:)3.380866int( AR

0}3.380866{-}3.687482{}{-}{ and 0036241.0}{-}{-T51 AVAV

The above calculations indicate that risk still exists in the expressway network as its security level

fails to reach threats level.


397

Table 12. Calculations of Value-at-risk Based on 0~2 Three-scale Method

Value of total system assets (A)

3.3541292211 ii AaAaAa Value of total system

threats (T) 1.7142862211 ii TtTtTt

Value of total system vulnerability (V)

3.7162152211 ii VvVvVv R )t requiremensecurity basic thesatisfying (3:3)3.716215int(:)3.354129int(

AR 0}3.354129{-}3.716215{}{-}{ and 0019229.0}{-}{-T

51 AVAV

The above calculations indicate that no risk still exists in the expressway network as its security

level is much higher threats level.

Table 13. Calculations of Value-at-risk Based on 1~9 scale Method Value of total system

assets (A) 3.3588082211 ii AaAaAa

Value of total system threats (T)

1.6666672211 ii TtTtTt Value of total system

vulnerability (V) 3.7001712211 ii TtTtTt

R )t requiremensecurity basic thesatisfying (3:3)3.700171int(:)3.358808int( AR

0}3.358808{-}3.700171{}{-}{ and 000803.0}{-}{-T51 AVAV

The above calculations indicate that no risk still exists in the expressway network as its security

level is much higher than threats level.

4.5 Analysis Comparison of Value-in-risk

Questionnaires and experts assessment show that expressway network in general has reached the security requirement. However, there is still some deficiency in technologies or measures, such as technology of safety & secrecy, intranet shunt solution, auditing measures of network information real-time monitoring, and so on. Besides, the deficiency is prone to be maliciously used by some staff, which can pose a great risk. Thus, in fact, some potential risk still remains in the expressway network and, practical value-at-risk ought to be above zero. The AR, from the comparison of previous three types of scales, proves that only the 1~10 five-scale method complies with the practical situation while the 0~2 three-scale method causes the worst deviation.

5. Conclusion

To summarize, with AHP, this paper has studied and improved the main structure of the current electro-mechanical systems, based on the integration of some outstanding research achievements in the area of risk assessment of information systems and the summary of some problems within these research results. Then it tries to promote the CAVET and do some relative case studies as the key argument. In a word, 1~10 five-scale method, 0~2 three-scale method, and 1~9 scale are respectively adopted in the risk assessment of electro-mechanical systems, and then a comparison and analysis is taken on the values achieved by the three scales. Finally, in the relative case studies, the 1~10 five-scale method has shown much superiority in the consistency check and the accuracy of calculations.


398

6.ACKNOWLEGEMENTS

The authors acknowledge the support of Fundamental Research Funds for the Central Universities in Hunan University.

7.References [1] Zhang Cai-jiang,Wang Chun-sheng,Shen Qi-ping. Evaluation on Expressway Construction Project

Management Effectiveness Based on G-AHP Model: Cases in Guangdong Province of China, International Conference on Management Science and Engineering, pp.2068-2074, 2006.

[2] Xueyan Cao, Fayun Deng, Liang Liu, Xiaolin Li, Shiming Li, "Information Pretreatment and Multi-criteria Decision Making in Fast Disaster Assessment", JDCTA: International Journal of Digital Content Technology and its Applications, Vol. 5, No. 10, pp. 20 ~ 30, 2011

[3] Chen Yun, Tang Wei. The Model of Risk Allocation in BOT Expressway Project, International Conference on Information Management, Innovation Management and Industrial Engineering, pp.283-286, 2008.

[4] Feng, D. G., Zhang, Y. & Zhang, Y. Q. . Survey of information security risk assessment, Journal of China Institute of Communications, vol.25,no.7, pp.10-18, 2004.

[5] Niu, H. H. & Liu, L. X.. Research on Risk Assessment of Information Security Based on Improved Neural Network, Computer Simulation, vol.28,no.6, pp.117-120, 160,2011.

[6] Zhang, R. L. & Wu, S. N. & Zhou, S. Y. . A Trust Model Based on Behaviors Risk Evaluation, Chinese Journal of Computers, vol.32,no.4, pp.688-698, 2009.

[7] Fu, Y., Wu, X. P., Ye, Q. & Peng, X. An Approach for Information Systems Security Risk Assessment on Fuzzy Set and Entropy-Weight, Acta Electronica Sinica, vol.38, no.7, pp.1489-1494,2010.

[8] Shin-ichi Ohnishi,Takahiro Yamanoi,Hideyuki Imai. Developing a fuzzy AHP model for risk assessment in educational administration information system, International Conference on Artificial Intelligence, Management Science and Electronic Commerce, pp.2047-2050, 2011 2nd.

[9] Liang Ding-Xiang, Chen Xi, Safety assessment model of electric power information system based on fuzzing synthetical theory and its application, Power System Protection and Control, vol.37,no.5, pp.61-64, 2009.

[10] Hu, Y., Ren, D. B. & Wu, S. H.. Study and Application of Evaluation Index System for Telecommunication Network Risk, Telecommunications Science, vol.24, no.5, pp.50-54, 2008.

[11] Xi Li, Xiaoning Zhu, Guoqiang Cai, "Research on System Integration Alliance of Urban Rail Transit Safety Monitoring", JCIT: Journal of Convergence Information Technology, Vol. 5, No. 7, pp. 36 ~ 41, 2010

[12] GB/T 22239-2008Information Security Technology-Baseline for Classified Protection of Information System Security. Information Technology & Standardization, vol.11, pp.36-38, 2009..

[13] Zuo, J.. The Indirect Method to Judgment Matrix of Analytical Hierarchy Process. Systems Engineering, no.6, 56-63, 1988.


399

Documents

Vrlo Vazno 1