The global threat of deliberate attacks on chemical, process, and energy facilities underscores the urgent need to enhance Security Vulnerability/Risk Assessment (SVA/SRA) approaches. Traditional assessments often use historical data and Exploratory Data Analysis (EDA) to identify reference scenarios. However, EDA lacks a standardized approach to identify and rank the incident chains. A novel methodology based on Bayesian Networks (BN), named BAS2E, was developed to support the systematic identification of reference scenarios from past event datasets. The methodology is based on the development of a static quantified BN, that accurately reflects the causal relationships in incident chains, focusing specifically on those between threats, attack methods, and physical damage scenarios. The BN is quantified by statistical information from the analysis of the incident records and employs the Noisy-OR gate model to manage data gaps in the conditional probability tables (CPTs) specification. The application of the BN sensitivity analysis provides quantification of the reciprocal influence between nodes using a specific derivative-based parameter, allowing for the systematic ranking of the most impactful incident chains to be included as reference scenarios in SVA/SRA. The methodology is demonstrated through its application to a dataset of 109 security incidents that occurred in the offshore Oil&Gas sector.
Iaiani, M., Fazari, G., Tugnoli, A., Cozzani, V. (2025). Identification of reference security scenarios from past event datasets by Bayesian Network analysis. RELIABILITY ENGINEERING & SYSTEM SAFETY, 254, 1-15 [10.1016/j.ress.2024.110615].
Identification of reference security scenarios from past event datasets by Bayesian Network analysis
Iaiani, Matteo;Fazari, Giuseppe;Tugnoli, Alessandro;Cozzani, Valerio
2025
Abstract
The global threat of deliberate attacks on chemical, process, and energy facilities underscores the urgent need to enhance Security Vulnerability/Risk Assessment (SVA/SRA) approaches. Traditional assessments often use historical data and Exploratory Data Analysis (EDA) to identify reference scenarios. However, EDA lacks a standardized approach to identify and rank the incident chains. A novel methodology based on Bayesian Networks (BN), named BAS2E, was developed to support the systematic identification of reference scenarios from past event datasets. The methodology is based on the development of a static quantified BN, that accurately reflects the causal relationships in incident chains, focusing specifically on those between threats, attack methods, and physical damage scenarios. The BN is quantified by statistical information from the analysis of the incident records and employs the Noisy-OR gate model to manage data gaps in the conditional probability tables (CPTs) specification. The application of the BN sensitivity analysis provides quantification of the reciprocal influence between nodes using a specific derivative-based parameter, allowing for the systematic ranking of the most impactful incident chains to be included as reference scenarios in SVA/SRA. The methodology is demonstrated through its application to a dataset of 109 security incidents that occurred in the offshore Oil&Gas sector.| File | Dimensione | Formato | |
|---|---|---|---|
|
Article BAS2E methodology.pdf
accesso aperto
Tipo:
Versione (PDF) editoriale
Licenza:
Licenza per Accesso Aperto. Creative Commons Attribuzione (CCBY)
Dimensione
19.51 MB
Formato
Adobe PDF
|
19.51 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
