Modelling Cyber-Security Experts' Decision Making Processes using Aggregation Operators
An important role carried out by cyber-security experts is the assessment of proposed computer systems, during their design stage. This task is fraught with difficulties and uncertainty, making the knowledge provided by human experts essential for successful assessment. Today, the increasing number...
Saved in:
| Main Authors | , , , |
|---|---|
| Format | Journal Article |
| Language | English |
| Published |
30.08.2016
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.48550/arxiv.1608.08497 |
Cover
| Abstract | An important role carried out by cyber-security experts is the assessment of
proposed computer systems, during their design stage. This task is fraught with
difficulties and uncertainty, making the knowledge provided by human experts
essential for successful assessment. Today, the increasing number of
progressively complex systems has led to an urgent need to produce tools that
support the expert-led process of system-security assessment. In this research,
we use weighted averages (WAs) and ordered weighted averages (OWAs) with
evolutionary algorithms (EAs) to create aggregation operators that model parts
of the assessment process. We show how individual overall ratings for security
components can be produced from ratings of their characteristics, and how these
individual overall ratings can be aggregated to produce overall rankings of
potential attacks on a system. As well as the identification of salient attacks
and weak points in a prospective system, the proposed method also highlights
which factors and security components contribute most to a component's
difficulty and attack ranking respectively. A real world scenario is used in
which experts were asked to rank a set of technical attacks, and to answer a
series of questions about the security components that are the subject of the
attacks. The work shows how finding good aggregation operators, and identifying
important components and factors of a cyber-security problem can be automated.
The resulting operators have the potential for use as decision aids for systems
designers and cyber-security experts, increasing the amount of assessment that
can be achieved with the limited resources available. |
|---|---|
| AbstractList | An important role carried out by cyber-security experts is the assessment of
proposed computer systems, during their design stage. This task is fraught with
difficulties and uncertainty, making the knowledge provided by human experts
essential for successful assessment. Today, the increasing number of
progressively complex systems has led to an urgent need to produce tools that
support the expert-led process of system-security assessment. In this research,
we use weighted averages (WAs) and ordered weighted averages (OWAs) with
evolutionary algorithms (EAs) to create aggregation operators that model parts
of the assessment process. We show how individual overall ratings for security
components can be produced from ratings of their characteristics, and how these
individual overall ratings can be aggregated to produce overall rankings of
potential attacks on a system. As well as the identification of salient attacks
and weak points in a prospective system, the proposed method also highlights
which factors and security components contribute most to a component's
difficulty and attack ranking respectively. A real world scenario is used in
which experts were asked to rank a set of technical attacks, and to answer a
series of questions about the security components that are the subject of the
attacks. The work shows how finding good aggregation operators, and identifying
important components and factors of a cyber-security problem can be automated.
The resulting operators have the potential for use as decision aids for systems
designers and cyber-security experts, increasing the amount of assessment that
can be achieved with the limited resources available. |
| Author | Aickelin, Uwe Garibaldi, Jonathan M Wagner, Christian Miller, Simon |
| Author_xml | – sequence: 1 givenname: Simon surname: Miller fullname: Miller, Simon – sequence: 2 givenname: Christian surname: Wagner fullname: Wagner, Christian – sequence: 3 givenname: Uwe surname: Aickelin fullname: Aickelin, Uwe – sequence: 4 givenname: Jonathan M surname: Garibaldi fullname: Garibaldi, Jonathan M |
| BackLink | https://doi.org/10.48550/arXiv.1608.08497$$DView paper in arXiv |
| BookMark | eNrjYmDJy89LZWCQNDTQM7EwNTXQTyyqyCzTMzQzsNAzsDCxNOdkCPfNT0nNycnMS1dwrkxKLdINTk0uLcosqVRwrShILSopVldwSU3OLM7Mz1PwTcwGqQsoyk9OLS5OLVYoLQbxHdPTi1LTE0tASvyBehJL8ouKeRhY0xJzilN5oTQ3g7yba4izhy7YCfEFRZm5iUWV8SCnxIOdYkxYBQBzM0F6 |
| ContentType | Journal Article |
| Copyright | http://arxiv.org/licenses/nonexclusive-distrib/1.0 |
| Copyright_xml | – notice: http://arxiv.org/licenses/nonexclusive-distrib/1.0 |
| DBID | AKY GOX |
| DOI | 10.48550/arxiv.1608.08497 |
| DatabaseName | arXiv Computer Science arXiv.org |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: GOX name: arXiv.org url: http://arxiv.org/find sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| ExternalDocumentID | 1608_08497 |
| GroupedDBID | AKY GOX |
| ID | FETCH-arxiv_primary_1608_084973 |
| IEDL.DBID | GOX |
| IngestDate | Wed Jul 23 00:23:45 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-arxiv_primary_1608_084973 |
| OpenAccessLink | https://arxiv.org/abs/1608.08497 |
| ParticipantIDs | arxiv_primary_1608_08497 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-08-30 |
| PublicationDateYYYYMMDD | 2016-08-30 |
| PublicationDate_xml | – month: 08 year: 2016 text: 2016-08-30 day: 30 |
| PublicationDecade | 2010 |
| PublicationYear | 2016 |
| Score | 3.205043 |
| SecondaryResourceType | preprint |
| Snippet | An important role carried out by cyber-security experts is the assessment of
proposed computer systems, during their design stage. This task is fraught with... |
| SourceID | arxiv |
| SourceType | Open Access Repository |
| SubjectTerms | Computer Science - Artificial Intelligence Computer Science - Cryptography and Security |
| Title | Modelling Cyber-Security Experts' Decision Making Processes using Aggregation Operators |
| URI | https://arxiv.org/abs/1608.08497 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwdV09T8MwED21nVgQFaDyfQMSk0Vo_JGMVUupkEoHQGSL7OYSsaAqSRH8e5xLECxd7ZN1Og93z3d-D-CalDGhIS1IZSSksmvhbGaFzTOrIxvmkonnl0968SofE5X0AH__wtjy6_2z5Qd21e2dbkYdIxmbPvTH4wZcPayStjnJVFyd_Z-drzF56V-SmB_Aflfd4aS9jiH06OMQ3hq9Maa-xum3o1I8d5pxyDzDdXWDs07pBpcsDoXd-D5V2MylFzgpPCwuOIi42hC3xqsjuJrfv0wXgl1JNy1vRNp4mbKX4TEMPLqnEWBOzDkfSZVZGbjAEnlUoeN8bbQv5uMTGO065XT31hns-cyu-fEzOIdBXW7pwmfP2l1yCH8A2rF2Gg |
| linkProvider | Cornell University |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Modelling+Cyber-Security+Experts%27+Decision+Making+Processes+using+Aggregation+Operators&rft.au=Miller%2C+Simon&rft.au=Wagner%2C+Christian&rft.au=Aickelin%2C+Uwe&rft.au=Garibaldi%2C+Jonathan+M&rft.date=2016-08-30&rft_id=info:doi/10.48550%2Farxiv.1608.08497&rft.externalDocID=1608_08497 |