Optimisation of security system design by quantitative risk assessment and genetic algorithms

The design of physical security systems for critical infrastructures is a delicate task that requires a balance between the cost of protection mechanisms and their expected effect on risk mitigation. This paper presents an approach usable to support the design of security systems by automatically optimising some parameters, basing on external constraints (e.g., limited available budget) and using quantitative risk assessment. Risk assessment is performed using a software tool that implements a quantitative methodology. The methodology accounts for the attributes of threats (frequency, system vulnerability, expected consequences) and protection mechanisms (cost, effectiveness, coverage, etc.). The optimisation is performed by means of genetic algorithms with the objective of achieving the set of parameters that minimises the risk while fitting external budget constraints, hence maximising the return on investment. The paper also describes an example application of the approach to the design of physical security systems for metro railways.