Abstract

The goal of this paper is to provide a mathematical threat modeling methodology and a threat risk assessment tool that may assist security consultants at assessing the security risks in their protected systems/plants, nuclear power plants and stores of hazardous substances: explosive atmospheres and flammable and combustible gases and liquids, and so forth, and at building an appropriate risk mitigation policy. The probability of a penetration into the protected objects is estimated by combining the probability of the penetration by overcoming the security barriers with a vulnerability model. On the basis of the topographical placement of the protected objects, their security features, and the probability of the penetration, we propose a model of risk mitigation and effective decision making.

1. Introduction

The term physical protection of safety-critical objects represents a set of technical regime actions or organizational actions necessary to prevent the unauthorized actions performed with or in the objects (intrusion and sabotage) of critical infrastructure, such as nuclear facilities, power plants, transmission grids, drinking water supplies, storages of chemicals, oil pipelines and related facilities, and roads.

The infrastructure of developed countries is highly vulnerable and also highly interconnected. As the critical infrastructure is an international phenomenon, an attack on any state may result in the infrastructure failure at the regional level as well as at a broader international geographic level. Thus, various countries seek to harmonize their legal procedures in this paper, for example, H.R.3696: National Cybersecurity and Critical Infrastructure Protection Act of 2014 (USA) [1], Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection [2] and the associated legal acts of member states, and so forth.

Currently, an increased attention is being paid to the safety of important objects. In the literature, we can find many different approaches to analyze and to solve the problem of assessing the threat for critical infrastructure.

For example, in the paper [3], the author presents new methodology and develops the strategy and solutions for vulnerability assessment to identify and understand the threats to and vulnerabilities of critical infrastructure.

In the work of Hromada and Lukas [4], the conceptual approach and the possible ways of how to develop relevant framework for critical infrastructure protection to increase the resilience of its functional continuity are discussed.

Oyeyinka et al. [5] develop an analytical methodology for physical protection systems evaluation and their effectiveness.

The paper of Woo [6] serves as a dynamical quantification of the detection and action against the incidents using the Vensim simulation software.

As the testing and validating in real conditions are feasible only to a limited extent, the computer technique allows simulating different types of attempts to violate the protected area and thus revealing the hidden security vulnerabilities. A carefully designed model of the real examined environment filled with the correct data is inevitable.

The aim of the study is to propose algorithms enabling the users to analyze the probability of an intruder penetration to the protected object located in the area bounded by multilevel barriers with transition gates (Figure 1).

The probability that the physical protection system prevents a hostile attack to finish an unwanted event is in the literature generally calculated as where PE is probability of total system effectiveness, PI is probability of interruption: the overall probability of the attack detection during its duration including the critical detection point (CDP) based on the principle of early detection and the concept of critical point detection, and PN is probability of neutralization: the probability that the corresponding force can prevent the completion of the malicious act, such as the theft of nuclear material or nuclear facility sabotage [7].

The term to neutralize means that the corresponding force stops the invader, occupies the object, or eliminates the hostile attack in another way (by causing the escape of the invader).

The principle of early detection is as follows: to interrupt the enemy attack before the requirement for the sabotage or theft is terminated. From the time of detecting the event, the reaction of the defense forces must be shorter in time than the time remaining for the completion of the enemy attack.

CDP is the last chance to detect the enemy attack. The time for the action is shorter than the time remaining for terminating the invader requirement [7].

In order to perform the intervention effectively, the early attack detection must be achieved at all possible paths to the target object.

On the basis of an extensive use of the principles of probability and the graph theory, the paper deals with the proposal of a mathematical model suitable for further computer processing. The mathematical model describes all the aspects of a real situation and creates an abstract view on the issue.

Based on the customer requirements, three scenarios have been developed:()how far does the intruder penetrate into the object until the desired level of detection is reached?()What is the distance between the intruder and the target when only the given time to the target is left?()Does the intruder get into the target and out of it until the desired level of detection is reached?

All three scenarios allow for detecting the supposed position of the intruder if the input condition of the given scenario is met. The algorithms, called Alpha, Beta, and Gamma, were developed for individual scenarios and are listed in other parts of the paper, in Section 6.

An application with a graphical user interface was developed for the purposes of verifying the mathematical model and algorithms.

At the end of the study, one of the series of tests carried out for random models with different parameters such as the number of barriers, gates, detection probability, is chosen.

According to our best knowledge, no paper focused on solving the specific tasks mentioned above, the scenarios Alpha, Beta, and Gamma.

2. Definitions of Security Features and Nomenclature

In this section, we introduce the definitions of principal concepts used in this paper as follows:(1)target object: (e.g., nuclear reactor);(2)barriers: the continuous obstacles to penetrate into the protected object (e.g., a fence): , , an outer barrier, and . The number of barriers ; with , we have barriers;(3)Zone: the area between two consecutive barriers: , . The total number of the zones ;(4)Gates: inputs on the barriers: , , fences on the barrier . The total number of the gates on barrier is , and the total number of the gates ;(5)Rays: half-lines connecting the target object with the barriers; more precisely, is the half-line . The total number of the rays is equal to the total number of the gates; that is, ;(6)R-gates: physical places on the barriers lying on the rays : , , , and , which is a physical place on the half-line lying on the barrier . Thus, if , it is the connection of the target object and the gate , and then the R-gate lies on the intersection of and . The total number of the R-gates is .

Remark 1. The reason for introducing the concept of R-gate is the need of implementing the calculations in real time by reducing the number of less probable paths of the intruder.

Remark 2. Obviously, , . Therefore, in the process of implementing the algorithms (Section 6), we will denote the gates and the R-gates on the same barrier (say, ) consecutively and with two indexes only.

3. Required Data

3.1. Location of Objects

Let denote the coordinates of the object . Thus, one can see the following:(1)the coordinates of the target object , after translation ;(2)the coordinates of ;(3)the coordinates of ;(4)the rays , , ().

3.2. Probabilities of Detection during Penetration

Let denote the probability of detection of the subjects penetrating through the object in the direction to the target object and in the direction from the target object . Then, the probability of the penetration through the object will be and :(1);(2);(3);(4);(5) the probability of detection per second of the stay in the zone .

3.3. The Assumed Times Needed to Overcome the Security Features

Let denote the assumed time of the penetration through the object (in the direction to the target object ) and (in the direction from the target object ). Then, we denote the following:(1);(2);(3);(4).

4. Required Inputs and Outputs

4.1. Inputs into the Mathematical Model

The necessary inputs into mathematical model are the following:(1)scenario selection: , or ;(2)specifying and , , the speed of the penetrating subject through the zone towards/from the target object , respectively;(3)the probabilities and times of the penetration through the protection elements;(4)the possibility to switch off the selected security features:(a)if the barrier is switched off when moving inwards, then , , , , , and , , analogously when moving outwards , , , , and , ;(b)if the gate is switched off when moving inwards, then , , , analogously when moving outwards , , ;(c)if the zone is switched off when moving inwards, then , analogously when moving outwards .

4.2. Outputs from Mathematical Model

The required outputs from mathematical model are the following:()For the given probability of the detection , determine the set of points (and paths belonging to them) in which the probability level of the detection is reached exactly.()For the given time , determine the set of points (and paths belonging to them) by which the time for achieving the target object is equal to the time .()For the given probability of the detection , find the return paths (if any) with the probability of the detection lower than required (the return path is defined as the path starting at some point on the outer barrier , passing through , and ending on the outer barrier ).

5. Preliminary Calculations

Using the data specified in Sections 3.1, 3.2, and 3.3, we put together a mathematical model of the whole protected object. Obviously, these sensitive data require a high degree of confidentiality. In addition to these data, it is necessary to determine and calculate the following values.(1)The target object is being translated into the origin of the coordinate system.(2)Location of an arbitrary object is .(3)The real position for each object is being calculated using the map scale.(4)Let be the object from the set , , fixed and let be the object from the set . The distance , calculated using the classical Euclidean norm, is calculated for every such pair .(5)Let . Then, the time that the subject passes from the object to the object through the zone at the rate is equal to . Similarly, the time that the subject passes from the object to the object through the zone at the rate is equal to .(6)The probability of the detection of the subject moving through the zone towards is and that in the direction away from is .

6. Algorithms

Based on the three algorithms, there are three cases of the intrusion by intruding into the protected object proposed and analyzed in this section. The Alpha analysis represents the evaluation of the possibility of the intruder penetration algorithm based on a set of detection probability level. The Beta analysis evaluates the distance from the penetration spot to the target with respect to time. The Gamma analysis examines the possibilities of the intruder penetration into the target and out of the protected object based on the desired detection level.

6.1. Recursive Procedure, Path Alpha (Figure 10)

This subsection introduces the flowchart [8] for the Alpha analysis used for implementing the mathematical model into the software environment.

Path characterization is as follows: How far does the intruder penetrate into the object until the desired level of detection is reached?

6.2. Recursive Procedure, Path Beta (Figure 11)

In this subsection, we propose the flowchart implementing the mathematical model to the software environment with the purpose of examining the Beta path.

Path characterization is as follows: What is the distance between the intruder and the target, when only the given time to the target is left?

6.3. Recursive Procedures, Path Gamma (Figures 12 and 13)

The flowchart presented in this subsection was designed for the Gamma path and is supposed to examine the probability of the intruder penetration into and out of the object successfully.

Path characterization is as follows: Does the intruder get into the target and out of it until the desired level of detection is reached?

7. Application of Mathematical Model

In this section, we apply the proposed methodology to the fictive model of the protected area.

Figures 2 and 3 show the topographical and schematic placement of the target object and its security features, respectively. The symbols used in Figures 29 are explained in Table 1.

Tables 2 and 3 refer to the parameters of gates and zones, respectively.

7.1. Analysis Alpha: The Selected Paths
7.1.1. Path 1

One can see the following:desired probability of detection ;path: R[3,6] R[2,6] (segment length 24.33 m) G[1,2] (segment length 8.06 m) (segment length 34.06 m) (Figure 4);total time of penetration = 123 s.

7.1.2. Path 2

One can see the following:desired probability of detection ;path: G[3,2] R[2,4] (segment length 45.18 m) R[1,7] (segment length 37.40 m of 43.29 m) (Figure 5);total time of penetration = 73 s.

7.2. Analysis Beta: The Selected Paths
7.2.1. Path 1

One can see the following:time needed to reach  s-CDP;path: G[3,1] R[2,6] (segment length 115.17 m of 185.37 m) R[1,4] (segment length 58.19 m) (segment length 19.10 m) (Figure 6);probability of detection = 0.99886.

7.2.2. Path 2

One can see the following:time needed to reach  s-CDP;path: G[3,2] R[2,6] (segment length 132.97 m) G[1,2] (segment length 8.06 m) (segment length 34.06 m) (Figure 7);probability of detection = 0.99885.

7.3. Analysis Gamma: The Selected Paths
7.3.1. Path 1

One can see the following:desired probability of detection ;path: R[3,6] R[2,6] (segment length 24.33 m) R[1,5] (segment length 27.89 m) (segment length 39.96 m) R[1,6] (segment length 34.21 m) R[2,5] (segment length 75.47 m) (Figure 8);total time of penetration = 229 s;probability of detection = 0.99938.

7.3.2. Path 2

One can see the following:desired probability of detection ;path: G[3,2] R[2,4] (segment length 45.18 m) R[1,3] (segment length 30.02 m) (segment length 25.55 m) R[1,5] (segment length 39.96 m) G[2,3] (segment length 48.26 m) G[3,3] (segment length 0.00 m, G[2,3] = G[3,3]) (Figure 9);total time of penetration = 260 s;probability of detection = 0.99937.

8. Conclusions

The submitted study analyzes the alternatives of the intruder penetration into the protected area by processing the data describing the detection capabilities in overcoming the transition gates and barriers or moving through the area. The solution relevance is closely related to the accuracy of the input data.

A mathematical view of the studied issue created an abstraction serving as a basis for the model and algorithm proposal. The computer technology must be involved due to the number of combinations arising in the model transition. Therefore, the user interface, suggesting the design of application assisting in the processing of the issue, was proposed. The subsequent implementation was necessary in order to verify the correctness of the mathematical model, the functionality of the proposed algorithms, and the applicability and intuitiveness of the designed user interface.

Emerging from the performed tests, it can be concluded that the proposed algorithms are functional and are able to achieve the desired results. The tests also highlight the problem of an exponential increase of road alternatives after increasing the number of barriers and gates. It will be necessary to establish criteria, filtering out the uninteresting intrusive ways. A significant reduction in the total paths is required for the postprocessing of results by man.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.