Capturing Agents in Security Models
Agent-based Security Risk Management using Causal Discovery
More Info
expand_more
Abstract
Airports are important transportation hubs that reside in the heart of modern civilizations.They are of major economic and symbolic value for countries but are thereforealso attractive targets for adversaries. Over the years we have observed successful andunsuccessful terrorist attacks at airports, of which the recent Brussels Airport attack andIstanbul Atatürk Airport attack are two examples.A widely-used method to defend airports against these types of events is that of securityrisk management. Following this approach, security risks are quantified based onthreats, vulnerabilities, and consequences. These risks are then used as a basis to implementsecurity measures that can reduce the risks to acceptable levels. Several securityrisk management approaches were proposed before, such as attack trees and securitygames, but they struggle to include diverse human factors in their analysis. These factorsare inherently present in modern airports, as passengers, employees, and visitors areall humans. Furthermore, existing methods struggle to take other performance metrics,such as efficiency, into account.This thesis addresses these limitations by proposing a novel security risk managementapproach that relies on agent-based models and Monte Carlo simulations. Thisapproach builds on the existing security risk management framework but exploits theadvantages of the agent-based modelling paradigm. Agent-based models allow for theinclusion of rich cognitive, social and organizational models that enable the modellingof human behaviour. Furthermore, agent-based modelling is a suitable paradigm to estimatea variety of performance indicators, including airport efficiency.Two case studieswere performed to assess the performance of our agent-based securityrisk management approach. In these case studies we apply our approach to managesecurity risks at a regional airport, as well as an international airport.