An AHP-Based Risk-Assessment Model of Expressway Network: Kun Xu, Wei Li, Dangfang Zhang

An AHP-Based Risk-Assessment Model of Expressway Network
Kun Xu, Wei Li, Dangfang Zhang

1
Kun Xu, 2Wei Li, 3Dangfang Zhang

School of Information Science and Engineering, Hunan University,
233177704@qq.com
2,Corresponding Author
School of Information Science and Engineering, Hunan University,
rj_wli@hnu.edu.cn
3
School of Information Science and Engineering, Hunan University, dfzhang@hnu.edu.cn
1, First Author
Abstract
After analyzing of the relationship between risk and the assets, threats, vulnerability of Expressway
Network, the paper brings out a Risk-Assessment Model of Expressway Network based AHP. In the end,
it works out the problem within the risk of the system and its each factor. And the paper tries to
improve the Analytic Hierarchy Process and put forward the 1~10 five-scale method which makes it
convenient for designing questionnaires and increasing experts acceptance. Meanwhile this method
can avoid contradiction and confusion when experts try to make a judgment by comparison. Therefore,
it can make a much more consistent judgment matrix, and the Analytic Hierarchy Process can work
more effectively in the risk assessment test on electro-mechanical systems.
Key words: AHP Analytic Hierarchy Process, 1~10 Five-Scale Method, Expressway Network, Risk
Assessment Model
1. Introduction
The connected Expressway Electro-mechanical Systems have made such a large scale wide-area
information network. And it is the only platform applied to the process in the transaction information
of billions of expressway toll-booths, the monitoring information of roads and tunnels, the information
exchange of communication systems, information services and value-added services, and so on. Thus
obviously it concerns nearly every aspect in expressway services, generates vast network nodes, and
further more, connects a great number of operators. But there comes a fatal weak point, too. Supposed
the network were maliciously attacked, it might lose tremendous data and become paralyzed or even
out of control, which might cause heavy economic losses[1-2]. Therefore, a mastering current safety
condition of the system plays the key role in system constructing and running. And to grasp the current
condition, a risk assessment test must be carried out on the system[3]. In the test, assets vulnerability
and potential threats shall be analyzed. Then there comes out the possibility and consequence of an
accident. And finally the risk of the system will be calculated. This analysis provides an important
reference to develop the strategy for controlling the system safety[4].
Among recent studies of the risk assessment of information system, researchers mostly take the
perspective of improving Analytic Hierarchy Process (AHP)[5-6] or Fuzzy Set and Entropy-Weight,
and they aims at having it done more scientifically in the risk assessment and reducing experts
subjectivity and haphazardness when they take the assessment[7-8]. That is, these studies focus on
improving AHP arithmetic, which more reasonably quantifies the weighted value of each factor in the
assessment[9]. However, these studies do not make it clear how to scientifically connect the factors to
the current safety condition of the system. When a risk assessment test is undertaking, not only shall
the arithmetic be improved, but factors of the test on the entire systems, in other words, the model for
the test be thoroughly studied[10]. In detail, the relationship between risks and factors shall be studied,
problems aroused shall be settled, and finally the data shall serve the foundation in bringing out the
safety condition of information system[11].
This paper firstly tries to analyze the relationship between the possible risks and the asset, threat,
and vulnerability of the expressway network. Then it puts forward a risk assessment model named A
Comparison of the Asset and Vulnerability in the Environment of Threat (CAVET), which consists of
two parts. First, a survey of the expressway network is conducted, based on which the index system
structure will be constructed for the risk assessment. The system is so huge that the division of system
structure has to be done by different levels with reference to the frame protection of system domain.
International Journal of Digital Content Technology and its Applications(JDCTA)

Volume6,Number21,November 2012
doi:10.4156/jdcta.vol6.issue21.44
390

And based on previous studies, it tries to improve the Analytic Hierarchy Process and put forward the
1~10 Five-scale Method that makes it convenient for designing questionnaires and increasing
experts acceptance. Meanwhile this method can avoid any contradiction or confusion when these
experts try to make a judgment by comparison. Thus, it makes the judgment matrix much more
consistent, and the Analytic Hierarchy Process can work more effectively in the risk assessment test on
the electro-mechanical system.
2. Construction of CAVET
As mentioned, the risk assessment model CAVET shall be brought out in this paper, i.e. to make a
comparison of the asset and vulnerability among threats. Its main idea is to compare the security levels
and to check whether they reach the security standards or not, through Gaussian Function comparison
int( A) : int(V ) . An integral parts comparison between assets and vulnerability aims to investigate
whether a system has met the basic requirement[12], and the result coming out shows the value-at-risk
of the system, marked by R. Here, CAVET is showed in the graph below:
Structure of Risk Assessment System

Assets
Identification
AHP Model of
Assets
Vulnerability
Identification
Current
Conditi
on
AHP Model of
Vulnerability
Threats
Identification
Current
Conditi
on
Weights
Weights
AHP Model of
Threats
Weights
Total
Vulnerability
Total Assets
Current
Conditi
on
Total Threats
Gaussian Function
Comparison
Risk
Reassessing
Different
Grades
Suitable Control Regulations
to Risk-managing
Decimal Function
Comparison
the Same
Grade
Different
Grades
Actual Risk
the Same
Grade
Maintaining the Current
Safety Protection
Figure 1. The CAVET Assessment Model

The model above shows, that once the structure of a risk assessment is made, the data firstly be
numerated is the total amount of assets, vulnerability, and threats. The computational process for these
data is illustrated in the following paragraphs.
1. Assessed-value of total assets:
A a1 A1 a2 A2 ai Ai
1
Here, A1 to Ai is calculated on lower factors (if there is one).
Ai ai1 Ai1 ai 2 Ai 2 aij Aij
Aij aij1 Aij1 aij 2 Aij 2 aijk Aijk
391

When there is no lower factor, the assessed value Ai (0 Ai 5) will be made from questionnaires
of the current condition of assets, among which all weighted value ai is calculated by AHP. And the
particular arithmetic and process will be introduced in detail in later paragraphs.
2. Assessed-value of total vulnerability:
V v1 V1 v2 V2 vi Vi
Here, V1 to Vi is calculated on lower factors (if there is one).
Vi vi1 Vi1 vi 2 Vi 2 vij Vij
Vij vij1 Vij1 vij 2 Vij 2 vijk Vijk
When there is no lower factor, the assessed value Vi (0 Vi 5) will be made from questionnaires
of the current condition of vulnerability, among which all weighted value vi is calculated by AHP. And
the particular arithmetic and process will be introduced in detail in later paragraphs.
3. Assessed-value of total threats:
T t1 T1 t 2 T2 ti Ti
Here, T1 to Ti is calculated on lower factors (if there is one).
Ti ti1 Ti1 ti 2 Ti 2 tij Tij
Tij tij1 Tij1 tij 2 Tij 2 tijk Tijk
When there is no lower factor, the assessed value Ti (0 Ti 5) will be made from questionnaires
of the current situation of threats, among which all weighted value vi is calculated by AHP. And the
particular arithmetic and process will be introduced in detail in later paragraphs.
When the total amount of assets, vulnerability, and threats are calculated, a risk assessment test is
taken on the expressway network by CAVET, which leads to the data of its risk and its actual risk. The
particular steps shall be taken according to the following instructions.
The system safety shall firstly be determined, and its value-at-risk shall be calculated then,
specifically, to make a comparison between the levels of assets and that of vulnerability.
R int( A) : int(V )
While that both sides are on the same level means that the system basically reaches the mark, that
the level of vulnerability is higher shows that the system is over-secured. But if the level of
vulnerability appears below that of assets, the system is in danger because of insufficient safe
protection.
On comparison, if both assets and vulnerability are on the same level, the difference values
following the decimal point shall be further compared. And the difference values correspond to the five
levels of threats. The higher the threats level goes, the lower should the assets level be than that of
vulnerability. Here is the specific arithmetic formula:
AR
1
T - {V } { A} and {V } { A} 0
5
392

In particular applied environments, if AR (actual risk) is above zero, the system is at risk and, it has
not reached the security standard because threats actually exist; if AR is below or equal to zero, the
security has met the requirement of threats; but if AR is far too below zero, the safety protection has
gone too far.
3. Studies and Improvement of AHP

With less quantitative information, AHP is able to formulize thinking process when a decision is
made. Its solution is to construct judgment matrices. In constructing judgment matrices, while
determining the relative importance of every two factors by comparing one factor with another, it is the
key point to make sure that experts can accurately comprehend and make a clear judgment and, even
design a scale model that agrees with reality and their thinking process. The scale for judgment
matrices has always been the focus of experts research in the world. However, when a risk assessment
test on expressway network is being undertaken based on AHP, the key point lies in choosing a suitable
scale model from current methods and modifying it to the specific applied circumstance. So this paper
aims to put forward the 1~10 five-scale method much suitable for the risk assessment of expressway
network on the basis of the current 1~9 scale and 0~2 scale. Then integrating with the indirect
method of judgment matrix mentioned in references[13], the five-scale comparison matrix is translated
into indirect judgment matrix through mathematical transform. So weights of assets, vulnerability, and
threats of electro-mechanical systems can be calculated according to the indirect method as ai,ti,vi.
To compare the relative importance of every two factors in the risk assessment of expressway
network, an n comparison matrix can be constructed, consuming that there are n factors
namely
w1 , w2 wn .
w1
w
1
w2
A w1
wn
w1
w1
wn
w2
wn
wn
wn
w1
w2
w2
w2
wn
w2
In this comparison matrix:

10 Factor i followed by Factor j
9
more important
w
aij i 5 Factor i equal to Factor j
wj
less important
2
1 Factor i following Factor j

(i,j=1,2,,n)
10
The order exponent of importance of each factor can be calculated in this way:
n
pi
ij
j 1
11
(i=1,2,,n)
While p max stands for the maximum order exponent, p min for the minimum. Similarly, Amax
represents the factor of maximum order exponent and A min for the minimum. And these two factors
393

b ( 1) shall be
are treated as the basic comparative factors. Simultaneously, the relative importance m
calculated by experts. Also, with the accordance to the scale of basic comparative factors the order
exponent difference of each factor shall be translated from 0, ( pmax pmin ) to 1 ~ bm or 1/bm1
which can show the relative importance between factors:
1
1
(bij 1)
(bm 1)
pi p j
pmax p min
1
1
1
1
( 1)
( 1)
pi p j bij
pmax p min bm
pi p j 0
pi p j 0
12
13
The following formula can be achieved after collocation and translation. According to the formula,
the relative importance between factors can be calculated. In this way, bij can construct an indirect
judgment matrix:
pi p j
(bm 1) 1
p max p min
bij
p j pi
1 /
(bm 1) 1
p max p min
pi p j 0
14
pi p j 0
ij=12n
4. Comparison of Evaluation Cases and Assessment Analysis

4.1 Constructing the AHP Hierarchy
In this paper, a risk assessment of some provincial expressway network is taken as a typical case.
And the following paragraphs indicate the AHP hierarchy of the assets, threats, and vulnerability
assessment indicator system:
1. Assets Hierarchy
Assets={the provincial monitoring center, sub-centers of sections; toll-booths}; the Provincial
Monitoring Center={the Internet Assess Subsystems, subsystems of secret-associated network and
subsystems of private network}; Section Sub-center ={the Internet Assess Subsystems, subsystems of
secret-associated network and subsystems of private network }; Toll Booth={subsystem of private
network}; the Internet Assess Subsystem={communication sub-area}; Subsystem of Secret-associated
Network={communication sub-area, monitoring, fee charging}; Subsystems of Private
Network={communication
sub-area,
monitoring,
fee};
Communication
Sub-area=Fee
Charging=Monitoring={physical environment; network layer, system layer, data layer, application
layer}.
2. Threats Hierarchy
Threats={human factors, natural factors}; Human factors={unintended damage, intended damage};
Unintended damage={technicians, business staff}; Intended damage={vindictive staff, intruders or
hackers}; Technicians=Business Staff={technical failure threats; staffs mistaken threats;
communication threats; logical threats}; Vindictive staff=intruders or hackers={technical failure
threats; communication threats; logical threats}; Natural factors={physical and environmental threats,
technical failure threats}.
3. Vulnerability Hierarchy
Vulnerability={physical layer, network layer, system layer, application layer, management layer};
Physical Layer={environment security, media security, equipment security, electromagnetic leak,
electromagnetic compatibility}; Network Layer={ security between private network and VLAN, assess
394

control of private network, private network shunt solution, network performance detecting measures,
dynamic network monitoring measures, dial-up networking measures, network transmission
measures}; System layer={precautions against computer virus, server security, client leaking security};
Application Layer={desktop and data security, data integrity security, data backup and recovery
security, non-repudiation security, system security auditing measures, auditing measures of network
information real-time monitoring, database security}; Management Layer={organizations of network
security management, network security control system, security measures}.
4.2 Comparison of AHP Arithmetic Matrix Consistency Check Based on Different

Scales
According to the AHP structure and Formula 9~14 of Diagram 1 (the Assessment Model), an
indirect judgment matrix of two layers is created respectively for 1~10 five-scale method and 0~2 scale
with scale transformed, and a judgment matrix of two layers for 1~9 scale as well. The related
statistical data of consistency check are listed as follows:
Table 1. Statistics of AHP Arithmetic Matrix Consistency Based on 1~10 Five-scale Method
Pass or fail in the Pass or fail in the Pass or fail in the
Names of
consistency
consistency
consistency
NO.
(indirect)
check
check
check
judgment matrix
1
2
3
4
5
6
7
8
9
10
11
(110 five-scale)
(02 scale)
(19 scale)
pass
fail
fail
pass
fail
fail
pass
pass
fail
pass
pass
pass
pass
pass
fail
pass
pass
fail
pass
pass
fail
pass
fail
fail
pass
fail
fail
pass
pass
pass
pass
pass
pass
assets matrix (layer

1)
the provincial center
matrix (layer 2)
the sub-centers
matrix (layer 2)
vulnerability matrix
(layer 1)
application layer
matrix (layer 2)
network layer
matrix (layer 2)
physical layer
matrix (layer 2)
management layer
matrix (layer 2)
system layer matrix
(layer 2)
threats matrix (layer
1)
human factors
matrix (layer 2)
4.3 Calculations of AHP Arithmetic Value Based on Different Scales

According to Formula 1~6 and the model of layer structure, the calculations of values of three type
of scale are illustrated as follows:
1. Calculations of values of 1~10 five-scale method
Table 2. Values of assets (described by two layers)
the provincial
sub-centers of
assets
center
sections
0.743111
0.193591
0.063299
0.063299
0.743111
0.193591
0.066575
0.684845
0.24858
395

vulnerability
0.479466
0.074637
0.258474
0.038638
0.148784
Table 3. Values of threats (described by two layers)

management
application layer network layer physical layer
layer
0.071575
0.340544
0.164287
0.105716
0.018108
0.048582
0.031959
0.219229
0.107357
0.04255
0.348312
0.069548
0.225015
0.158605
0.018672
0.029942
0.131118
0.246895
0.508733
0.040867
0.072388
0.700736
0.239802
0.059462
system layer
0.059462
0.239802
0.700736
Table 4. Values of vulnerability (described by two layers)

threat
human factors
0.166667
0.833333
0.142857
0.857143
2. Calculations of values of 0~2 three-scale method

the provincial
sub-centers of
assets
center
sections
0.723054
0.215722
0.061223
vulnerability
0.486304
0.073121
0.261711
0.039292
0.139571
0.061223
0.723054
0.215722
0.068564
0.707089
0.224346

management
layer
0.066935
0.352481
0.15452
0.102139
0.019054
0.043394
0.02815
0.233327
0.102139
0.043394
0.352481
0.066935
0.233327
0.15452
0.019054
0.02815
0.139571
0.261711
0.486304
0.039292
0.073121
0.723054
0.215722
0.061223
system layer
0.061223
0.215722
0.723054

threat
human factors
0.166667
0.833333
0.142857
0.857143
3. Calculations of values of 1~9 scale method

the provincial
sub-centers of
assets
center
sections
0.739055
0.191552
0.069393
0.065327
0.726318
0.208355
0.06828
0.685164
0.246557
396

vulnerability
0.495251
0.06599
0.258966
0.037661
0.142132

management
layer
0.124804
0.241403
0.145837
0.122996
0.017999
0.087058
0.053637
0.206266
0.12324
0.055502
0.367229
0.078357
0.200639
0.129266
0.015128
0.03064
0.136132
0.214434
0.511597
0.040713
0.097125
0.678267
0.258456
0.063278
system layer
0.063278
0.258456
0.678267

threat
human factors
0.2
0.8
0.166667
0.833333
4.3.1 Analysis and Comparison of Results
In this paper, the risk assessment of expressway network has been discussed respectively by 1~10
five-scale method, 0~2 three-scale method, and 1~9 scale, constructing a judgment matrix. With
accordance to the above discussion, the judgment matrix cannot pass the consistency check when it is
constructed in the risk assessment by 1~9 scale, while by 0~2 three-scale method it shows much better
with only 4 matrices failing in the check and slight deviation. Surprisingly, the result by 1~10
five-scale method comes out the best among the three methods, which has smoothly passed the
consistency check. The analysis of results is showed in detail as follows:
1) The main reason 1~9 scale making severe deviation lies in its much too complicated scales. It can
hardly avoid any conflicts within the comparison of factors of a matrix as they increase. Besides, the
complication even raises a much higher fuzzy barrier for experts when they try to judge, which
demands much more techniques in evaluation and lowers the credibility of the evaluation in the
assessment.
2) The 0~2 three-scale method shows much better but there appears some inconsistency, mainly
because of the decrease of assessment accuracy as too much information is lost. The experts agree with
this method but also point out that the insufficiency of scales sometimes leads to less precise judgment
during the assessment evaluation.
3) The 1~10 five-scale method has integrated the strengths of the previous two, which can provide
sufficient information and bring down the complication as well. That is, it avoids the weakness of the
previous two methods. As its strengths outstand in the consistency check, it also better increases
experts acceptance of questionnaires, than that of 0~2 three-scale method.
4.4 Values of Risk Based on AHP Arithmetic of Different Scales

Table 11. Calculations of Value-at-risk Based on 1~10 Five-scale Method
Value of total system
a1 A1 a 2 A2 ai Ai 3.380866
assets (A)
t1 T1 t 2 T2 ti Ti 1.714286
threats (T)
v1 V1 v2 V2 vi Vi 3.687482
vulnerability (V)
R
int(3.380866) : int(3.687482) 3 : 3( satisfying the basic security requirement )
AR
1
T - {V } - { A} 0.036241 0 and {V } - { A} {3.687482} - {3.380866} 0
5
The above calculations indicate that risk still exists in the expressway network as its security level
fails to reach threats level.
397

Table 12. Calculations of Value-at-risk Based on 0~2 Three-scale Method

a1 A1 a 2 A2 ai Ai 3.354129
assets (A)
t1 T1 t 2 T2 ti Ti 1.714286
threats (T)
v1 V1 v2 V2 vi Vi 3.716215
vulnerability (V)
R
AR
1
T - {V } - { A} 0.019229 0 and {V } - { A} {3.716215} - {3.354129} 0
5
The above calculations indicate that no risk still exists in the expressway network as its security
level is much higher threats level.
Table 13. Calculations of Value-at-risk Based on 1~9 scale Method

a1 A1 a 2 A2 ai Ai 3.358808
assets (A)
t1 T1 t 2 T2 ti Ti 1.666667
threats (T)
t1 T1 t 2 T2 t i Ti 3.700171
vulnerability (V)
R
AR
1
T - {V } - { A} 0.00803 0 and {V } - { A} {3.700171} - {3.358808} 0
5
The above calculations indicate that no risk still exists in the expressway network as its security
level is much higher than threats level.
4.5 Analysis Comparison of Value-in-risk

Questionnaires and experts assessment show that expressway network in general has reached the
security requirement. However, there is still some deficiency in technologies or measures, such as
technology of safety & secrecy, intranet shunt solution, auditing measures of network information
real-time monitoring, and so on. Besides, the deficiency is prone to be maliciously used by some staff,
which can pose a great risk. Thus, in fact, some potential risk still remains in the expressway network
and, practical value-at-risk ought to be above zero. The AR, from the comparison of previous three
types of scales, proves that only the 1~10 five-scale method complies with the practical situation while
the 0~2 three-scale method causes the worst deviation.
5. Conclusion
To summarize, with AHP, this paper has studied and improved the main structure of the current
electro-mechanical systems, based on the integration of some outstanding research achievements in the
area of risk assessment of information systems and the summary of some problems within these
research results. Then it tries to promote the CAVET and do some relative case studies as the key
argument. In a word, 1~10 five-scale method, 0~2 three-scale method, and 1~9 scale are respectively
adopted in the risk assessment of electro-mechanical systems, and then a comparison and analysis is
taken on the values achieved by the three scales. Finally, in the relative case studies, the 1~10
five-scale method has shown much superiority in the consistency check and the accuracy of
calculations.
398

6.ACKNOWLEGEMENTS
The authors acknowledge the support of Fundamental Research Funds for the Central Universities
in Hunan University.
7.References
[1] Zhang Cai-jiang,Wang Chun-sheng,Shen Qi-ping. Evaluation on Expressway Construction Project
Management Effectiveness Based on G-AHP Model: Cases in Guangdong Province of China,
International Conference on Management Science and Engineering, pp.2068-2074, 2006.
[2] Xueyan Cao, Fayun Deng, Liang Liu, Xiaolin Li, Shiming Li, "Information Pretreatment and
Multi-criteria Decision Making in Fast Disaster Assessment", JDCTA: International Journal of
Digital Content Technology and its Applications, Vol. 5, No. 10, pp. 20 ~ 30, 2011
[3] Chen Yun, Tang Wei. The Model of Risk Allocation in BOT Expressway Project, International
Conference on Information Management, Innovation Management and Industrial Engineering,
pp.283-286, 2008.
[4] Feng, D. G., Zhang, Y. & Zhang, Y. Q. . Survey of information security risk assessment, Journal
of China Institute of Communications, vol.25,no.7, pp.10-18, 2004.
[5] Niu, H. H. & Liu, L. X.. Research on Risk Assessment of Information Security Based on
Improved Neural Network, Computer Simulation, vol.28,no.6, pp.117-120, 160,2011.
[6] Zhang, R. L. & Wu, S. N. & Zhou, S. Y. . A Trust Model Based on Behaviors Risk Evaluation,
Chinese Journal of Computers, vol.32,no.4, pp.688-698, 2009.
[7] Fu, Y., Wu, X. P., Ye, Q. & Peng, X. An Approach for Information Systems Security Risk
Assessment on Fuzzy Set and Entropy-Weight, Acta Electronica Sinica, vol.38, no.7,
pp.1489-1494,2010.
[8] Shin-ichi Ohnishi,Takahiro Yamanoi,Hideyuki Imai. Developing a fuzzy AHP model for risk
assessment in educational administration information system, International Conference on
Artificial Intelligence, Management Science and Electronic Commerce, pp.2047-2050, 2011 2nd.
[9] Liang Ding-Xiang, Chen Xi, Safety assessment model of electric power information system based
on fuzzing synthetical theory and its application, Power System Protection and Control,
vol.37,no.5, pp.61-64, 2009.
[10] Hu, Y., Ren, D. B. & Wu, S. H.. Study and Application of Evaluation Index System for
Telecommunication Network Risk, Telecommunications Science, vol.24, no.5, pp.50-54, 2008.
[11] Xi Li, Xiaoning Zhu, Guoqiang Cai, "Research on System Integration Alliance of Urban Rail
Transit Safety Monitoring", JCIT: Journal of Convergence Information Technology, Vol. 5, No. 7,
pp. 36 ~ 41, 2010
[12] GB/T 22239-2008Information Security Technology-Baseline for Classified Protection of
Information System Security. Information Technology & Standardization, vol.11, pp.36-38,
2009..
[13] Zuo, J.. The Indirect Method to Judgment Matrix of Analytical Hierarchy Process. Systems
Engineering, no.6, 56-63, 1988.
399

An AHP-Based Risk-Assessment Model of Expressway Network: Kun Xu, Wei Li, Dangfang Zhang

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

An AHP-Based Risk-Assessment Model of Expressway Network: Kun Xu, Wei Li, Dangfang Zhang

Uploaded by

Copyright:

Available Formats

An AHP-Based Risk-Assessment Model of Expressway Network

Kun Xu, Wei Li, Dangfang Zhang