Probabilistic mathematical modelling for security risk assessment

Kolev, Denis (2021) Probabilistic mathematical modelling for security risk assessment. PhD thesis, University of Glasgow.

Full text available as:
[thumbnail of 2021KolevPhD.pdf] PDF
Download (4MB)


This thesis presents a novel framework for security risk assessment (SRA) and identification, comprising mathematical algorithms and a family of models. Recently, due to the growing incidence of cyber-attacks and cyber-fraud, as well as terrorist attacks and other adversarial activities, qualitative and comprehensive SRA and security risk management have become increasingly important. For large-scale systems, SRA and related data processing tasks are challenging due to the large amount of available information, as well as the diversity and complexity of data sources. However, SRA relies mainly on procedures that, despite being well-formalised, are manual, which introduces the “human factor" as early as the system design stages. The existence of multiple possible threats, along with the variability of the information received from different sensors, has increased the complexity of situation awareness analysis, which often results in scenarios where security officers (operators) are overwhelmed with data and, in certain cases, a high false positive rate. The primary motivation behind this work was to develop a general mathematical approach to SRA based on statistical data processing, data fusion techniques, and game theoretic models.

The proposed framework is based on a slight adjustment of the existing SRA methodology for threat modelling, augmented by additional mathematical formalisations. In general, two primary models are presented as the main contribution:

• “Static Model" for SRA, which is applicable at the stage of designing the protection
of the considered system.
• “Dynamic Model" for the processing of generic security-related data, which is applied
when the system is in operation.

Both models use graph theory as a basis. The static model uses game theory for optimal protection design, while the dynamic model applies Bayesian inference techniques for “online" data processing.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Miller, Professor Alice and Johnson, Mr. Christopher
Date of Award: 2021
Depositing User: Theses Team
Unique ID: glathesis:2021-82528
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 22 Oct 2021 10:28
Last Modified: 08 Apr 2022 17:07
Thesis DOI: 10.5525/gla.thesis.82528

Actions (login required)

View Item View Item


Downloads per month over past year