Publications

Publications / Conference

Evaluation of terrorist risk using belief and plausibility

Darby, John

The risk for a particular threat scenario can be evaluated as: Risk = fA * (1 - PE) * C where fA is the frequency of the attack, PE is the probability that the security system detects and neutralizes the attack, and C is the consequence if the attack is not neutralized. Risk has the units of consequence per unit time. Most evaluations of the effectiveness of a security system assume that the threat scenario is implemented and evaluate the conditional risk, given the attack. As the Design Basis Threat (DBT) has increased, traditional physical security starting at the facility boundary is hard pressed to counter the increased resources available to the adversary. Other aspects of security need to be considered including the use of intelligence to detect the threat during its formulation stage. Most of the evaluations to date have used a probabilistic approach, but for an overall evaluation of Risk the fidelity of the information available is insufficient to support the use of an entirely probabilistic approach. For example, it is difficult to assign a probability measure to the frequency of an attack, fA; a possibility measure is more appropriate. Both probability and possibility are special cases of belief, and using a belief measure for the three factors for Risk allows the risk to be evaluated including uncertainty consistent with the fidelity of the information available. If all terms in the risk equation are modeled with probability, the convolution process using belief is equivalent to standard convolution of probability distributions. If all terms in the risk equation are modeled with possibility, the convolution process using belief is equivalent to convolution of possibility distributions. A computer program named BeliefRisk has been written in Mathematica to implement the evaluation of Risk. Each factor in the Risk equation is modeled as a discrete set of values, and a distribution reflecting uncertainty is assigned to each set of values. Probability, possibility, or belief can be used as the metric for uncertainty for each factor. Risk is calculated by convoluting the uncertainty distributions for each constituent factor for risk using the mathematics of belief. A belief/plausibility distribution and an expected value interval are calculated for Risk. Also, belief and plausibility exceedance values are calculated for Risk. Belief can also be calculated for an infinite set on the reals given evidence on a finite number of intervals in the set. A computer program named BeliefConvolution has been written in Java to evaluate belief and plausibility for an algebraic combination of variables, each with evidence assigned to intervals of real numbers. For evaluation of Risk, BeliefConvolution provides identical results as BeliefRisk. BeliefConvolution has the ability to aggregate evidence into either linear or logarithmic bins. BeliefConvolution can calculate belief and plausibility for both crisp and fuzzy sets. © 2006 by ASME.