AAAI Publications, The Twenty-Ninth International Flairs Conference

Font Size: 
Security Risk Aggregation Based on Neural Networks — An Empirically Validated Approach
Alexander Beck, Stefan Rass

Last modified: 2016-03-30


Managing risks in large information infrastructures is a task that is often infeasible without proper simplification of the system. One common way of "compacting" matters towards easing decision making is to aggregate vulnerabilities and risks identified for distinct components into an overall risk measure related to an entire subsystem. Traditionally, this aggregation is done pessimistically by taking the overall risk as the maximum of all individual risks ("the chain is only as strong as its weakest link"). As that method is quite wasteful of information, this work proposes a new approach, which uses neural networks to resemble human expert's decision making in the same regard. To validate the concept, we conducted an empirical study on human expert’s risk assessments, and trained several candidate networks on the empirical data to identify the best approximation to the opinions in our expert group.


risk management; neural network; data aggregation

Full Text: PDF