Modelling Cyber-Security Experts' Decision Making Processes using Aggregation Operators

TL;DR

This paper develops automated aggregation models using weighted averages and evolutionary algorithms to assist cyber-security experts in assessing complex systems by identifying vulnerabilities and key contributing factors.

Contribution

It introduces a novel approach combining weighted averages, ordered weighted averages, and evolutionary algorithms to model expert decision-making in cyber-security assessments.

Findings

Effective aggregation operators were created for security component ratings.

The method identified critical attack points and influential factors.

Automated tools can support expert assessments, improving efficiency.

Abstract

An important role carried out by cyber-security experts is the assessment of proposed computer systems, during their design stage. This task is fraught with difficulties and uncertainty, making the knowledge provided by human experts essential for successful assessment. Today, the increasing number of progressively complex systems has led to an urgent need to produce tools that support the expert-led process of system-security assessment. In this research, we use weighted averages (WAs) and ordered weighted averages (OWAs) with evolutionary algorithms (EAs) to create aggregation operators that model parts of the assessment process. We show how individual overall ratings for security components can be produced from ratings of their characteristics, and how these individual overall ratings can be aggregated to produce overall rankings of potential attacks on a system. As well as the identification of salient attacks and weak points in a prospective system, the proposed method also highlights which factors and security components contribute most to a component's difficulty and attack ranking respectively. A real world scenario is used in which experts were asked to rank a set of technical attacks, and to answer a series of questions about the security components that are the subject of the attacks. The work shows how finding good aggregation operators, and identifying important components and factors of a cyber-security problem can be automated. The resulting operators have the potential for use as decision aids for systems designers and cyber-security experts, increasing the amount of assessment that can be achieved with the limited resources available.