How to Assign Weights to Towards a Theoretical . . . Different - PowerPoint PPT Presentation

Need for Vulnerability . . . Vulnerability Analysis: . . . Vulnerability Analysis . . . How to Find Weights? . . . How to Assign Weights to Towards a Theoretical . . . Different Factors in Towards a More . . . General Approach . . . Vulnerability Analysis: General Approach: . . . Possible Probabilistic . . . Towards a Justification of a Home Page Heuristic Technique Title Page ◭◭ ◮◮ Beverly Rivera, Irbis Gallegos, ◭ ◮ and Vladik Kreinovich Page 1 of 13 University of Texas at El Paso El Paso, TX 79968, USA Go Back barivera@miners.utep.edu, irbisg@utep.edu, Full Screen vladik@utep.edu Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 1. Need for Vulnerability Analysis Vulnerability Analysis . . . • Many important systems are vulnerable – to a storm, How to Find Weights? . . . to a terrorist attack, to hackers’ attack, etc. Towards a Theoretical . . . Towards a More . . . • We need to protect them. General Approach . . . • Usually, there are many different ways to protect the General Approach: . . . same system. Possible Probabilistic . . . Home Page • It is desirable to select the protection scheme with the largest degree of protection within the given budget. Title Page • The corresponding analysis of different vulnerability ◭◭ ◮◮ aspects is known as vulnerability analysis . ◭ ◮ Page 2 of 13 Go Back Full Screen Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 2. Vulnerability Analysis: Reminder Vulnerability Analysis . . . • There are many different aspects of vulnerability. How to Find Weights? . . . Towards a Theoretical . . . • Usually, it is known how to gauge the vulnerability v i Towards a More . . . of each aspect i . General Approach . . . • Thus, each alternative can be characterized by the cor- General Approach: . . . responding vulnerability values ( v 1 , . . . , v n ). Possible Probabilistic . . . • To compare alternatives, we need to combine the values Home Page v i into a single index v = f ( v 1 , . . . , v n ). Title Page • If one of the vulnerabilities v i increases, then the overall ◭◭ ◮◮ vulnerability index v must also increase. ◭ ◮ • Thus, f ( v 1 , . . . , v n ) must be increasing in each v i . Page 3 of 13 • Usually, vulnerabilities v i are reasonably small. Go Back • Thus, we can expand f ( v 1 , . . . , v n ) in Taylor series in n Full Screen � v i and keep only linear terms: v = c 0 + c i · v i . Close i =1 Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 3. Vulnerability Analysis (cont-d) Vulnerability Analysis . . . • Comparison does not change if we subtract the same How to Find Weights? . . . constant c 0 from all the combined values: Towards a Theoretical . . . Towards a More . . . v < v ′ ⇔ v − c 0 < v ′ − c 0 . General Approach . . . n General Approach: . . . • So, we can safely assume c 0 = 0 and v = � c i · v i . Possible Probabilistic . . . i =1 Home Page • Similarly, comparison does not change if we re-scale all n Title Page the values, e.g., divide them by � c i . i =1 ◭◭ ◮◮ • This is equivalent to considering a new (re-scaled) com- ◭ ◮ n n � � bined function f ( v 1 , . . . , v n ) = w i · v i with w i = 1 . Page 4 of 13 i =1 i =1 • The important challenge is how to compute the corre- Go Back sponding weights w i . Full Screen Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 4. How to Find Weights? Heuristic Solution Vulnerability Analysis . . . • For each aspect i , we know the frequency f i with which How to Find Weights? . . . this aspect is mentioned in the corr. requirements. Towards a Theoretical . . . Towards a More . . . • Sometimes, this is the only information that we have. General Approach . . . • Then, it is reasonable to determine w i based on f i , i.e., General Approach: . . . to take w i = F ( f i ) for some function F ( f ). Possible Probabilistic . . . Home Page • The following empirical idea works well: take w i = c · f i . Title Page • A big problem is that this idea does not have a solid theoretical explanation. ◭◭ ◮◮ • In this talk, we provide a possible theoretical explana- ◭ ◮ tion for this empirically successful idea. Page 5 of 13 Go Back Full Screen Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 5. Towards a Theoretical Explanation Vulnerability Analysis . . . • The more frequently the aspect is mentioned, the more How to Find Weights? . . . important it is: f i > f j ⇒ w i = F ( f i ) > F ( f j ) = w j . Towards a Theoretical . . . Towards a More . . . • So, F ( f ) must be increasing . General Approach . . . • For every combination of frequencies f 1 , . . . , f n for which General Approach: . . . n � f i = 1 , the resulting weights must add up to 1: Possible Probabilistic . . . i =1 Home Page n n � � Title Page w i = F ( f i ) = 1 . ◭◭ ◮◮ i =1 i =1 • Proposition. Let F : [0 , 1] → [0 , 1] be an increasing ◭ ◮ n n � f i = 1 implies � F ( f i ) = 1 . Then, f-n for which Page 6 of 13 i =1 i =1 Go Back F ( x ) = x. Full Screen • This justifies the empirically successful heuristic idea. Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 6. Towards a More General Approach Vulnerability Analysis . . . • So far, we assumed that the i -th weight w i depends How to Find Weights? . . . only on the i -th frequency f i . Towards a Theoretical . . . Towards a More . . . • Alternatively, we can normalize the “pre-weights” F ( f i ) F ( f i ) General Approach . . . so that they add up to one: w i = . n General Approach: . . . � F ( f k ) Possible Probabilistic . . . k =1 Home Page • In this more general approach, how to select F ( f )? Title Page • Example: we have four aspects, each mentioned n i n i ◭◭ ◮◮ times, then f i = . n 1 + n 2 + n 3 + n 4 ◭ ◮ • For some problems, the fourth aspect is irrelevant, so Page 7 of 13 v 4 = 0 and v = w 1 · v 1 + w 2 · v 2 + w 3 · v 3 . Go Back • On the other hand, since the 4th aspect is irrelevant, it makes sense to only consider n 1 , n 2 , and n 3 : Full Screen n i f ′ i = . Close n 1 + n 2 + n 3 Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 7. General Approach (cont-d) Vulnerability Analysis . . . • Based on the new frequencies f ′ i , we can compute the How to Find Weights? . . . new weights w ′ i and Towards a Theoretical . . . v ′ = w ′ Towards a More . . . 1 · v 1 + w ′ 2 · v 2 + w ′ 3 · v 3 . General Approach . . . • Whether we use v or v ′ , the selection should be the General Approach: . . . same. Possible Probabilistic . . . Home Page • To make sure that the selections are the same, we must guarantee that w ′ = w i Title Page i . w ′ w j j ◭◭ ◮◮ • The new frequencies f ′ i can be obtained from the pre- ◭ ◮ vious ones by multiplying by the same constant: Page 8 of 13 = n 1 + n 2 + n 3 + n 4 n i n i f ′ i = = k · f i . · Go Back n 1 + n 2 + n 3 n 1 + n 2 + n 3 n 1 + n 2 + n 3 + n 4 • Thus, the requirement takes the form F ( k · f i ) F ( k · f j ) = F ( f i ) Full Screen F ( f j ) . Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 8. General Approach: Main Result Vulnerability Analysis . . . • Proposition. For an increasing f-n F : [0 , 1] → [0 , 1] : How to Find Weights? . . . Towards a Theoretical . . . F ( k · f j ) = F ( f i ) F ( k · f i ) F ( f j ) for all k, f i , f j ⇔ F ( f ) = C · f α for α > 0 . Towards a More . . . General Approach . . . • So, we should take F ( f ) = C · f α . General Approach: . . . • Discussion: Possible Probabilistic . . . Home Page – The previous case corresponds to α = 1. Title Page – If we multiply all the values F ( f i ) by a constant C , then the resulting weights do not change. ◭◭ ◮◮ – Thus, from the viewpoint of application to vulner- ◭ ◮ ability, it is sufficient to consider only functions Page 9 of 13 F ( f ) = f α . Go Back Full Screen Close Quit

Need for Vulnerability . . . Vulnerability Analysis: . . . 9. Possible Probabilistic Interpretation of w i = f i Vulnerability Analysis . . . • Let us assume that the actual weights of two aspects How to Find Weights? . . . are w 1 and w 2 = 1 − w 1 . Towards a Theoretical . . . Towards a More . . . • Let us also assume that vulnerabilities v i are indepen- General Approach . . . dent identically distributed random variables. General Approach: . . . • A document mentions the 1st aspect if this aspect is Possible Probabilistic . . . more important (i.e., w 1 · v 1 > w 2 · v 2 ), so: Home Page f 1 = P ( w 1 · v 1 > w 2 · v 2 ) . Title Page ◭◭ ◮◮ • In a reasonable situation when both vulnerabilities are exponentially distributed, we have ◭ ◮ Page 10 of 13 w 1 = P ( w 1 · v 1 > w 2 · v 2 ) , i.e., w i = f i . Go Back Full Screen Close Quit