Interpretation and Gas Distribution Net Threat Attack Markov models

This paper will focus on mathematical models to reduce the possibility of gas distribution net threat attacks, in order to avoid environmental damage caused by the siphoning off gas. These models are based on Markov models and theory of graphs. The article also shows some forms of attacks on gas distribution net. Environmental damage includes thermal influence caused by gas inflammation, terrain disturbance, biochemical processes. Among siphoning off gas indicators are: Interference in gas meter; Documentation noncompliance; Gas distribution off-the-meter; Power counter range discrepancy; Gas meter failure; Expired recalibration interval; Gas siphoning; Other discrepancies.


Introduction
According to the experience, an unauthorized tampering into gas distribution net has a highly negative influence on our environment. The siphoning off gas leads to corrosion, gas explosion and fires, excess gas flow rate, lack of funds for environmental remediation.
The main gas pipeline failure statistical analysis has showed the following: among all pipeline failures on trials and during operation, about 10% failures caused a significant environmental damage. Herewith the big diameter pipelines 1000-1400mm are of the highest ecological hazards. Average annual gas loss which leads to the environmental pollution is 43,2 million m³. The distinctive feature of pipeline anthropogenic impact on the environment is a thermal influence caused by gas inflammation and terrain disturbance as well. The range of thermal influence that defines the area of total terrain disturbance is from 30 to 600 m, and the pit that appears during pipeline accident has maximum dimensions until 106*56*12 m. The anthropogenic impact on the environment is multiple, because it influences the biochemical processes of atmosphere, earth and water. So, the environmental pollution is caused by gas flaring, compressor stations operation, emergency emissions and others. [1].
In order to avoid environmental damage it is important to reduce the possibility of siphoning off gas, so, that is why we have developed the gas distribution net threat attack model in this research.

Materials and Methods
Threat Attack Markov Model as systems of failures and recoveries. Siphoning gas leads up to both expected funds loss and a dangerous violation, which may cause severe accidents including fatality. In fact, to avoid threat of gas siphoning it is necessary to reduce vulnerabilities of gas distribution net. If we define the possibility of safety system to be ready for operation as Pse, then the possibility of gas siphoning threat protected gas distribution net to be ready for operation without siphoning off gas,P0se using this kind of safety system which completely reduces the vulnerability threat, can be defined as following: whereP0y -the possibility of vulnerability threat protected gas distribution net is ready to operate without siphoning off gas; P0y -the possibility of avoiding siphoning off gas; Pse -the possibility of gas distribution net is ready for operation.
As there are several vulnerabilities in gas distribution net, then we will have the following equation 1: It is important to point out that this model is correct in case the elements of safety system, vulnerability and threat are independent. Which means if one of the siphoning gas threats increases other vulnerabilities of the system then it is necessary to build up the matrix of dependent vulnerabilities and threats. That is the safety system is aimed both on reducing the possibility of specific threat and on providing the independency of safety system from siphoning gas threats.
We will consider gas distribution net regarding to both arising and reducing of siphoning gas vulnerability threat and arising and reducing threat attack in general appearing by corresponding combination of vulnerability threats, as a system of failures and recoveries.
Let us build up the Markov model describing the process of arising and reducing the real threat of siphoning gas. Having this goal, we will review a mathematic description of Markov process with discrete state and continuous time taking the example of siphoning gas threat graph having two node-weighted vulnerabilities: the threat is caused by two vulnerability threats with corresponding parameters -the intensity of recoveries and the removal of vulnerabilities. We suppose that both vulnerability threats match the condition ≤ 0,2. The probability process state system graph (Markov process) is shown in Fig.1. The graph shows four possible states of system: 0 -initial state of system, 1 -the first vulnerability in system is defined and not solved, 2 -the second vulnerability in system is defined and not solved, 12 -both vulnerabilities in system are defined and not solved -a real threat of siphoning gas is created. It is obvious to suggest that all transitions from one state to another happen under influence of simplest events with corresponding intensity of recoveries and removal of vulnerabilities.

Fig.1.
Markov model describing the process of arising and reducing the real threat of siphoning gas Kolmogorov differential system for state probabilities of this graph will be as following: When replacing in Kolmogorov equations their derivatives with zero values, we will get a system of linear algebraic equation, describing a steady mode, calculating which, considering exhaustive events, that means using a condition: 0 + 1 + 2 + 12 = 1, we will find required extremum (final) state probabilities. Applying to our simulation task, a state S12 is of highest interest -both vulnerabilities are revealed in system, characterized by the possibility 12 -this is a state, where it is possible to siphon off gas (a severe threat arises), because we revealed but didn't solve all vulnerabilities that are necessary to siphon off gas. So, we can take this parameter as a possibility of siphoning gas ( уа= 12). Consequently, the probability of system operational readiness regarding the siphoning gas threat 0а (or steady state availability Kf) is defined as: Kf = 0а = 0 + 1 + 2

Extended Threat Attack Markov Model as systems of failures and recoveries of safety performance.
The extended threat attack model is important to calculate the following key parameters of threat attack: arising intensity а and reducing intensity µа of the real threat attack, and failure mean operating time (recoverable system) of safety performance y, which defines an average interval between safety performance failures -a severe threat attack arising periods. The basis of extended modelling is the usage of assessed failure rate. In Markov reliability models the assessed failure rate ω is defined (for steady state area) as: where 1 -is a set of states of system availability, 2 -a set of states of system failure, j -transition intensity from -state of operability, probability of system , to j -state of nonoperability. Assessed failure rate, characterizing the frequency of failures in recoverable systems is inversely proportional to the mean time between failures m, MTBF (Mean Time Between Failures), strong evidence of this relation is shown in renewal theory: m = 1/ = 0y + b, where в -mean recovery time. Assuming that Kf = 0y 0y+ b, we have 0y = Kf / . In order to build the extended threat attack model we have to get back to the graph in Fig.1 to find out the way the flow of failures of safety performance appears and to find the way to define its efficiency. As we can see the threat attack is being created in two cases: in transition of state 1, where the system is with probability 1 (in Markov model the state probability is interpreted as a relative time share of system being in this state) , into state 12 (this is a severe threat attack state) the transitions happen with intensity 2 (if we take into account the corresponding time share of system being in state 1,then the intensity will be 1 2), and in transition of state 2, where the system is with probability 2, into state 12 the transitions happen with intensity 1(if we take into account the corresponding time share of system being in state 2, then the intensity will be 2 1). In our case the flow of failures can be interpreted as the flow of severe threat attack with intensity а: а = = 1 2 + 2 1

Fig.2. Stationary process state systems graphs for threat attacks
The extended threat attack model is described by graph of Fig.2, where in a specific way а and µа are defined the intensities of transitions, 0 state corresponds to reducing the threat, and 1 -to arising of severe threat attack. Other desirable parameters of threat attack are calculated as follows: 0уа = 1/ а µа = а Kf 1 − Kf = 1/ в Analyzed Markov models can be used in general safety properties assessment of specific safety equipment. When modeling the gas distribution protection facilities and evaluating safety level, it is important to take into account the readiness of an intruder for a severe threat attack. This is mostly caused by the judgmental factor that define the motivation of the intruder of siphoning gas. This is the vital difference of gas distribution net modeling from the same kind of modeling in reliability theory.

Results
The practical outcome of siphoning off gas. The table below illustrates the statistical analysis results of gas siphoning.  We suggest the method of estimated gas rate loss. 1. We define gas rate according to the gas piping diameter , m³\h: = 3600 * * * where -orifice coefficient, -orifice area in gas pipe line or technical device for gas extraction, -gas velocity, when it goes out of orifice to the atmosphere, m/s 2. We set the calculation period (24-hour period) when the gas was siphoning off 24 hours a day and then we calculate the gas volume, which was consumed during this period.
As follows: where 24 is the number of hours a day, n -calculation period, a day. The calculation was carried out according to recommendations of Legal Office of "Gazprom mezhregiongaz". The calculation matches the calculation method of Order №975 of the Ministry of Energy of the Russian Federation, but without direct reference.
The gas rate loss of one of the objects was 176 076 m³ assuming 6 months of continuous gas consumption.
The example of unauthorized tampering into the pipe line.  Figure 4 illustrates the example of siphoning off gas. This example highlights the significant increase of gas explosion, because this pipe connection will not have periodic tests.

Fig.5.
Interference in gas metering. Figure 5 shows the interference in gas counter data, the aim of which is the decrease of gas metering, which leads to the lack of funds for environmental remediation.

Discussion and Conclusion
As a result of this research, we have developed the siphoning off gas Markov model. One of the findings to emerge from this study is that the modern intruder has learnt to set the additional unauthorized branch connections and to decrease the gas metering using virus. A tampering into gas distribution net highly increases the possibility of environmental damage such as gas explosion, corrosion and fires. Using virus to reduce gas metering leads to the lack of funds for environmental remediation. Consequently, the building of gas distribution net threat attack system is of highest interest. It is important to highlight that mathematical threat attack models can be based on database and information systems protection analysis models.