Fuzzy logic for pipelines risk assessment

Pipelines systems are identified to be the safest way of transporting oil and natural gas. One of the most important aspects in developing pipeline systems is determining the potential risks that implementers may encounter. Therefore, risk analysis can determine critical risk items to allocate the limited resources and time. Risk Analysis and Management for Critical Asset Protection (RAMCAP) is one of the best methodologies for assessing the security risks. However, the most challenging problem in this method is uncertainty. Therefore, fuzzy set theory is used to model the uncertainty. Thus, Fuzzy RAMCAP is introduced in order to risk analysis and management for pipeline systems. Finally, a notional example from pipeline systems is provided to demonstrate an application of the proposed methodology


Introduction
Pipelines are the most practical and economically effective modes for transporting dangerous and flammable substances, such as natural gas while roads or rail transportation are often impractical (Papadakis et al., 1999).There are literally different methods to assess risks in pipeline systems (Jo & Ahn, 2005;Henselwood & Phillips, 2006;Dziubnski et al., 2006;Cagno et al., 2000;Yuhua et al., 2005Sklavounos & Rigas, 2006;Bartenev, 1996;Jo & Ahn, 2001).Pipeline systems play essential role on managing the gas distribution and risk assessment can help decision maker detect the high risk components and make an appropriate decisions to reduce or limit the risk.An appropriate technique requires to assess risks more precisely and more accurately (Alidoosti et al., 2011).
For this reason, the Department of Homeland Security presented Risk Analysis and Management for Critical Asset Protection (RAMCAP) framework, which is a function of three parameters (Cox, 2009): consequence, vulnerability and threat.RAMCAP provides a consistent and technically sound methodology for investigating consequences of attack.It also identifies security vulnerabilities and develops threat information based on both asset owner and government information (Moore et al., 2007).On the other hand, uncertainty is a part of real-world systems, which are either in crisp or Boolean logic and it is not possible to make a precise assessment.The existing uncertainty is created through two factors (Markowski et al., 2009): (1) uncertainty due to physical variability, and (2) uncertainty due to lack of knowledge.
One of the most popular and efficient ways to face with inherent uncertainty is the possibility theory emerged from the fuzzy sets developed by Zadeh (1965).In accordance with ability of fuzzy logic in modeling uncertainty, this approach is used in different fields of risk management (Chen & Sanguansat, 2011;Nieto-Morote & Ruz-Vila, 2011;Bajpai et al., 2010;Acosta et al., 2010;Rehana & Mujumdar, 2009;Markowski & Mannan, 2009;Liu et al., 2009;Flores et al., 2009;Azadeh et al, 2008;Sadiq et al., 2007;Sadiq & Husain, 2005, Fouladgar et al., 2012).This paper presents a new methodology established based on the adaptation of RAMCAP method and fuzzy inference system to build a more secure, safe, and resilient pipeline system.As a result, the outputs obtained using the conventional methodology are compared with the proposed framework.

RAMCAP framework
RAMCAP process was first developed to facilitate the analysis and management of risk and resilience of critical facilities and infrastructures.It is based on a primary definition that risk is the expected value of the consequences of specific terrorist attacks and natural events, weighted by the likelihood of the event and the conditional likelihood accomplished by the estimated consequences.So, risk (R) is determined by the intersection of consequences of the attack (C), the threats of the attack (T) and vulnerabilities to the attack (V) (ASME, 2009):

Vulnerability:
Vulnerability is an important element of a security risk assessment and it is an instrument to determine existing and residual risk (Douglas, 2006).Any weakness in an asset or infrastructure's design, implementation or operation exploited by an adversary contributes to functional failure in a natural disaster.In risk analysis, vulnerabilities are usually summarized as the conditional probability that, given an attack or natural event, the estimated consequences will ensue, i.e., the attack will succeed or the natural event will cause the estimated damage.Vulnerability of an infrastructure element is a function of its intrinsic design, protection systems (physical or other) and changes over time (Baker et al., 2002).

Consequence:
The outcome of an event includes different things including immediate, short and long-term, direct and indirect losses and effects (ASME, 2009).Loss may include human fatalities and injuries, financial and economic damages and environmental impacts, which can generally be estimated in quantitative terms.Consequences may also include less tangible and less quantifiable factors, including political ramifications, decreased morale, reductions in operational effectiveness or military readiness or other impacts.The concept of consequence is defined as the effect of an event or incident.

Threat:
The concept of threat is defined as an event with an undesired impact.Cox (2009) defined threat as any indication, circumstance or event with the potential to cause the loss of, or damage to, an asset or population.In the case of terrorism risk in pipeline systems, threat is based on the analysis of the intention and capability of an adversary to undertake actions detrimental to a section of pipeline or population and the attractiveness of the asset or population relative to alternative assets or populations.

Fuzzy set
A fuzzy set is a collection of elements in a universe of information where the boundary of the set contained in the universe is ambiguous, vague and otherwise fuzzy.Each fuzzy set is specified by a membership function, which assigns to each element in the universe of discourse a value within the unit interval [0, 1] ( Wang & Elhag, 2007).Unlike crisp (or ordinary) sets, fuzzy sets have no sharp or precise boundaries (Aydin, 2004).The concept of a fuzzy set provides mathematical formulations that can characterize the uncertain parameters involved in particular risk analysis method.
Contrary to classical sets, fuzzy sets accommodate various degrees of membership on continuous interval [0,1], where '0' conforms to no membership and '1' conforms to full membership.So, even the most sophisticated, precise, and well constructed quantitative model may give misleading results if uncertainties are not treated at some level.Uncertainty in risk analysis can range from modeling uncertainties, to incomplete and unreliable information.Data uncertainties are a major source.Any system under study has dominant risk contributors in addition to the dependent failures usually studied (Vesely, 1983).Fig. 1 shows the different case of a secure set.

Fuzzy inference systems
Fuzzy inference is the process of mapping from a given input set to an output set using fuzzy logic.Membership functions, fuzzy logic operators and if-then rules are used in this process.(Elsayed,  2009).The basic idea of a fuzzy inference system is to use fuzzy logic to define an output as a function of measured inputs (Horgby, 1998).The basic advantage of such system is its tolerability to linguistic/imprecise data.The structure of a typical FIS is depicted in Fig 2.
Fig. 2. The structure of a typical FIS (Markowski, 2008) In general, a fuzzy inference system consists of four steps.First, the inputs have to be modified to linguistic values.Following steps are necessary for successful application of modeling through a general fuzzy system.These are: (i) Fuzzification of the input and output variables by considering appropriate linguistic subsets such as high, medium, low, heavy, light, hot, warm, big, small.
(ii) Construction of rules based on expert knowledge and/or the basis of available literature.The rules relate the combined linguistic subsets of input variables to the convenient linguistic output subset.Any fuzzy rule includes statements of ''IF . . .THEN. .." with two parts.The first part that starts with IF and ends before the THEN is referred to as the predicate (premise, antecedent) which combines in a harmonious manner the subsets of input variables.Consequent part comes after ''THEN" which includes the convenient fuzzy subset of the output based on the premise part.This implies that there is a set of rules, which is valid for a specific portion of the inputs variation domain.
The input subsets within the premise part are combined most often with the logical ''and" conjunction whereas the rules are combined with logical ''or".
(iii) The implication part of a fuzzy system is defined as the shaping of the consequent part based on the premise (antecedent) part and the inputs are fuzzy subsets.
(iv) The result appears as a fuzzy subset and therefore, it is necessary to defuzzify the output for obtaining a crisp value that would be required by the administrators or engineers (Ross, 1995).Defuzzification procedure is frequently achieved through centroid method as applied in this paper.

Fuzzification
Consequences, Threats, and Vulnerabilities as the inputs should be divided based on their field in a number of fuzzy sets.RAMCAP provides data for the number of sets.The details of fuzzy sets applied in the first step of fuzzy inference system are presented in Table 1.The structure of fuzzy inference system constructed in the paper is depicted as Fig. 3.In this paper, the generalized bell type of membership function (gbell MF) was employed.It's the most widely applied membership function, which is described by the three parameters, a, b, and c (Eq. 1) (Buyukbingol et al., 2007).Table 1 shows the numerical ranges which fuzzy sets are selected based on them.The membership functions for risk also are depicted in a scale of 1 to 5 in Fig. 5. Indicates that there are no effective protective measures currently in place to Deter, Detect, Delay, and Respond to the threat and so an adversary would easily be capable of exploiting the critical asset.

High (H)
Indicates there are some protective measures to Deter, Detect, Delay, or Respond to the asset but not a complete or effective application of these security strategies and so it would be relatively easy for the adversary to successfully attack the asset.
Indicates that although there are some effective protective measures in place to Deter, Detect, Delay, and Respond, there isn't a complete and effective application of these security strategies and so the asset or the existing countermeasures could likely be compromised.[0.5,3,3]Low (L) Indicates that there are effective protective measures in place to Deter, Detect, Delay, and Respond, however, at least one weakness exists that an adversary would be capable of exploiting with some effort to evade or defeat the countermeasure given substantial resources.

3
Indicates that multiple layers of effective protective measures to Deter, Detect, Delay, and Respond to the threat exist and the chance that the adversary would be able to exploit the asset is very low.
Indicates that a credible threat exists against the asset and that the adversary demonstrates the capability and intent to launch an attack, and that the subject or similar assets are targeted on a frequently recurring basis.

High (H)
Indicates that a credible threat exists against the asset based on knowledge of the adversary's capability and intent to attack the asset or similar assets.
Indicates that there is a possible threat to the asset based on the adversary's desire to compromise similar assets.[0.5,3,3]Low (L) Indicates that there is a low threat against the asset or similar assets and that few known adversaries would pose a threat to the assets.

3
Indicates no credible evidence of capability or intent and no history of actual or planned threats against the asset or similar assets.

Rules
There are many fuzzy inference methods.This paper uses the Min-Max fuzzy inference method proposed by Mamdani.The Mamdani fuzzy logic system has many attractive features.First, it is suitable for engineering systems because its inputs and outputs are real-valued variables.Second, it provides a natural framework to incorporate fuzzy IF-THEN rules from human experts.Third, there is much freedom in the choices of fuzzifier, fuzzy inference engine, and defuzzifier, so that we may obtain the most suitable fuzzy logic system for a particular problem.(Wang, 1994) This paper uses 125 if-then rules to supply a data base by mapping between three input parameters (V, T, and C) and risk value

Inference engine
The inference engine maps input fuzzy sets (Vulnerability, Threat and Consequence) into fuzzy output set (Risk).Fig. 5. Shows number of if-then rules in order to provide a more comprehending of proposed FIS framework.A team including eleven evaluators with high degree of knowledge in the field of risk analysis prioritizes assets in terms of V, T, and C, so that; experts agree to assess outputs in fuzzy RAMCAP by linguistic terms and then those are compared with RAMCAP outputs.So, a comparison using the fuzzy RAMCAP with RAMCAP is depicted in Table 2.A disadvantage of the RAMCAP is that different sets of V, T, and C may generate an exactly alike value of risk.For example, two assets marine terminal and control room have values of 3, 2, 4 and 2, 4, 3 for V, T and C respectively.Both these assets will have a risk value of 12; however, the risk connotation of these two assets can be entirely different.The other disadvantage of the RAMCAP method is that it does not consider as well the relative importance among inputs.It's clear this may not be precise in real world problems.Hence, fuzzy RAMCAP can result a more accurate risk analysis for protection of critical assets in pipeline systems.

Conclusion
This paper developed an extended framework to analyze risk for critical assets in pipeline systems.
The main purpose was to investigate the major security risk items in order to allocate the limited resources and time using fuzzy set theory through fuzzy RAMCAP.The proposed methodology is able to solve some inherent imperfection of the RAMCAP.In contrast with the RAMCAP, the Fuzzy RAMCAP considers the relative importance among vulnerability, threat, and consequence.Application of linguistic terms in the input and output information also can be more realistic and flexible by fuzzy RAMCAP.Fuzzy RAMCAP can result a more accurate risk analysis for protection of critical assets in pipeline systems.

Fig. 3 .
Fig. 3.The architecture of the fuzzy inference system

Fig. 5 .
Fig. 5.The membership function of risk

Table 1
Fuzzy and crisp ratings

Table 2
The comparison of risk analysis results