Enhanced Grey Risk Assessment Model for Support of Cloud Service Provider

The cloud computing environment provides easy-to-access service for private and confidential data. However, there are many threats to the leakage of private data. This paper focuses on investigating the vulnerabilities of cloud service providers (CSPs) from three risk aspects: management risks, law risks, and technology risks. Additionally, this paper presents a risk assessment model that is based on grey system theory (GST), defines indicators for assessment, and fully utilizes the analytic hierarchy process (AHP). Furthermore, we use the GST to predict the risk values by using the MATLAB platform. The GST determines the bottom evaluation sequence, while the AHP calculates the index weights. Based on the GST and the AHP, layer-based assessment values are determined for the bottom evaluation sequence and the index weights. The combination of AHP and GST aims to obtain systematic and structured well-defined procedures that are based on step-by-step processes. The AHP and GST methods are applied successfully to handle any risk assessment problem of the CSP. Furthermore, substantial challenges are encountered in determining the CSP’s response time and identifying the most suitable solution out of a specified series of solutions. This issue has been handled using two additive features: the response time and the grey incidence. The final risk values are calculated and can be used for prediction by utilizing the enhanced grey model (EGM) (1,1), which reduces the prediction error by providing direct forecast to avoid the iterative prediction shortcoming of standard GM (1,1). Thus, EGM (1,1) helps maintain the reliability on a larger scale despite utilizing more prediction periods. Based on the experimental results, we evaluate the validity, accuracy, and response time of the proposed approach. The simulation experiments were conducted to validate the suitability of the proposed model. The simulation results demonstrate that our risk assessment model contributes to reducing deviation to support CSPs with the three adopted models.


I. INTRODUCTION
Cloud computing is becoming a business trend and an investment in many applications. Information technology (IT) and telecommunications in businesses enable organizations to increase their profits [1]. These many companies adopt cloud computing in their businesses to maximize their profits. However, this causes a trust crisis in the industry [2] and creates a trade-off between gains and data privacy/security, The associate editor coordinating the review of this manuscript and approving it for publication was Kashif Munir.
which implies that companies that adopt the cloud computing paradigm do not have complete control over the computing resources on which they rely [3]. Therefore, most businesspeople expect that the CSP they choose will provide a reliable and safe cloud environment, which ensures that businesses can avoid severe data losses due to potential vulnerabilities and security threats in cloud computing [4], [5]. To identify a feasible approach to address the problem, this paper focuses on reliable models that can be used to perform a comprehensive risk assessment for the CSPs. Recently, a substantial amount of research has been conducted on risk assessment [6] in cloud computing; however, most of these studies have limitations. A study on the business risk assessment model of city commercial banks that is based on grey system theory [7] applies the factor analysis method to determine the index weight at a micro-level. In the same context, the authors in [8] did not fully utilize grey system theory to determine the bottom evaluation sequence and failed to evaluate the judgment matrix consistency. Motivated by these challenges, the contributions of this paper are summarized as follows: • Integration of GST and AHP models to determine the risk levels of a CSP, which helps reduce data deviations, and the inclusion of two additive features, namely response time and grey incidence, to facilitate the decision-making process. This contribution has a broader impact because the integration of GST and AHP yields an effective combination of the probability and the security of the risk. Prediction based on AHP-GST methods can be used to control the risk of CSP.
• EGM (1,1) is adopted to overcome the prediction error in GM (1,1). If the prediction horizon size increases, then the prediction error of GM (1,1) increases. Thus, EGM (1,1) not only produces a more reliable short-term prediction of CSP but also yields a reliable long-term prediction, which helps customers choose a more reliable CSP company.
• Additive features (the response time and the grey incidence) are incorporated to help determine the response time and to find a suitable solution among the specified solutions for the CSP when risk is encountered. As many applications of cloud computing technology are increasingly used, security becomes critical. The major problem is to find a secure and stable CSP so that businesses can be less vulnerable to security attacks. However, at present, there is a lack of structured risk assessment approaches for realizing this objective. The traditional technical methods of risk assessment utilize subjective evaluations, which are easily affected by human factors; hence, the data tend to experience deviations. The bottom index evaluation, which is a first data item in the AHP model, is of high significance for obtaining the risk level and the index weight. The index weight is used as part of the objective assessment of CSPs.
To realize objective and comprehensive risk assessment of CSPs, the following should be considered: (a) how to classify risk elements, (b) how to determine the bottom index evaluation, and (c) how to determine the index weight. We find the answers to these questions and utilize them in our experimental results to make predictions regarding the best available CSPs. The remainder of the paper is organized as follows. Section II briefly analyzes the state-of-the-art related work. In Section III, the motivation behind the integration of GST-AHP models and EGM (1,1) is presented. Section IV presents the proposed GST, AHP, and EGM (1,1). Section V presents experimental results and a detailed evaluation of the performance of the proposed scheme and compares the results of EGM (1, 1) with other contending models. In Section VI, a security risk project which includes the result of the discussion is introduced. Finally, the conclusions of the paper are presented in Section VII.

II. RELATED WORK
In this section, the salient characteristics of existing approaches are discussed. A qualitative analysis model is proposed for making qualitative judgments on commercial banks' risks [9]. The proposed method is based on expert scoring and the Delphi methods, which contribute to quantitative estimates in the absence of sufficient statistical and raw data. However, the proposed method has limitations since it is based on a subjective model that leads to data fluctuation; therefore, the results are inaccurate, unreliable, and the model does not have typical adaptability. Hence, it cannot be applied in most cases. Ren et al. [10] proposed a new evaluation system that uses grey relational clustering to determine the index weight. The innovation of the new evaluation system lies in two aspects. First, some high indicators can be deleted with the help of the grey relational clustering. Second, factor analysis is applied to determine weights among layers. The use of grey system theory as a model facilitates the determination of the values of the solution layer accurately. However, the main disadvantage of the new evaluation system is that the factor analysis that is used to determine the index weight is typically conducted at a micro-level.
He [11] uses AHP as part of the proposed scheme to perform risk assessment efficiently. Using the proposed method, the relative weights of elements that are related to the information security risk could be calculated. Then, the optimal indicators, which provide a strong basis for taking relevant measures, could be selected by sorting the weights of the elements to reduce the number of indicators. However, the method that is proposed in his paper is limited. The result is likely to exhibit deviations since, in the model, the experimental data are not used to perform a consistency test.
Mahmod and Watanabe [12] introduced a modified grey model (MGM) for identifying the best input trend of the model with suitable values of the input parameters for adequately fitting the observations. The MGM helped reduce the calculation time. However, MGM cannot determine the risk value efficiently. Huiru and Guo [13] proposed a hybrid optimized grey model that uses the rolling mechanism and the ant lion optimizer R-ALO-GM (1, 1). The parameters of GM (1, 1) were identified by using the ant lion optimizer, which is a novel nature-inspired algorithm. The rolling mechanism was integrated for predicting the accuracy improvement. Two cases were selected for evaluating the efficiency and viability of the proposed Rolling-ALO-GM (1, 1) for annual power load forecasting. The empirical results demonstrate the performance of the proposed R-ALO-GM (1, 1) model. It has been claimed that the proposed model could substantially improve load prediction accuracy. Tien [14] proposed the first-entry grey model (FGM (1,1)) for overcoming the limitations of GM (1,1). The proposed FGM (1,1) proved that the first entry of the original series in GM (1,1) was unproductive for prediction. Hence, to handle this issue, arbitrary values were inserted before the original series. Xuan et al. [15] introduced the improved analytic hierarchy process (IAHP) for determining and controlling an index weight and evaluating the two theories' outcomes. The proposed approach attempted to determine weight accuracy. After extensive study of existing approaches, we determined that the prevailing proposed approaches are of substantial significance. All these approaches try to improve accuracy; however, our approach not only improves the accuracy but also reduces the risk and the deviation.

III. MOTIVATION BEHIND THE INTEGRATION OF GST-AHP MODELS AND EGM (1,1)
Most cloud computing problems cannot be predicted by precise attribute values but can be articulated using fuzzy values. Therefore, in cloud services, it is essential to extend the white numbers to grey numbers for real-time systems. Thus, GST deals with inadequate and imperfect information to increase the restrictions of using old-fashioned statistical methods. It can determine quantitative and qualitative relationships among complex dynamics with insufficient information. In contrast, the AHP method identifies the weights of CSP's evaluation criteria. It assigns values that are based on the actual conditions and uses a similar judgment process, a decomposition process, and a complete rational model for decision-making. Thus, AHP is an essential tool for system investigation [16]. AHP and GST are useful and practical; however, neither method can systematically handle the scenario of several elements performing together. As a result, the accuracy remains poor. To advance the accuracy, objectivity, and efficiency of the system, GST and AHP evaluate and estimate the scoring value.
The motivations behind the use of the hybrid method are to obtain systematic and structured results via well-defined and step-by-step procedures, to realize transparency of the computation process, and to ensure rational and logical results with an adequate mathematical foundation. The AHP and GST methods can also be applied to handle successfully any risk assessment problem of cloud computing. The integration of the two approaches, along with the addition of two additive features, namely, grey incidence and response time, can solve the risk assessment problems of cloud computing, including commercial and business applications, effectively. The existing GM (1,1) only applies the prediction values to obtain the predicted values for the next time. In the case of increasing prediction horizon, prediction values cannot be acquired based on the previously observed values after a while. This leads to the prediction error in the assessment model. Thus, EGM (1,1) provides grey direct prediction by resolving the issue of GM (1,1). Furthermore, it uses the period's prediction values Pr v , which is based on the previous period's real observation values P ov , in the grey direct prediction.

IV. PROPOSED GST, AHP, AND EGM (1,1) A. MODEL CONSTRUCTION
We propose a new risk assessment scheme for CSP that is based on the GST, AHP, and EGM (1,1) models, as illustrated in Fig. 1. EGM (1,1) is an extension of standard GM (1,1) [17], [18]. GST is used to determine the bottom evaluation sequence, whereas AHP is used to determine the index weight. through these two schemes, we obtain values that indicate the risk level of a CSP by multiplying the bottom evaluation sequence with the index weight. The features of GST and AHP are combined and added with EGM (1,1). Additionally, the additive features (response time and grey incidence) are incorporated to support EGM (1,1). Finally, the risk assessment can be predicted based on the collected data.

B. DETERMINE THE RISK FACTORS OF CLOUD SERVICE PROVIDERS (CSPs)
To perform a risk assessment for CSPs, we conduct thorough research to identify the most relevant risk factors [19]- [27]. The CSP risks are classified into three categories: management risks, law risks, and technical risks. A CSP is affected by a combination of risks, which involve various configurable computing resources such as networks [28]- [32], servers, storage, services, and applications, which facilitate the provision of convenient and on-demand access to the cloud by users [33]- [35].
The goal is to ensure the security of the CSP. The factors are represented in three levels: The first level factors are F 1 , F 2 , F 3 . The second-level factors are F 11 , F 12 , F 21 , F 31 , F 32 . The third-level factors are These three levels of security factors are shown in Fig. 2.   Table 1 is based on ''GB/T 20984-2007 Information security technology -Risk assessment specification for information security'' [36]. According to Table 1, the risk assessment can be divided into five levels [37], as shown.

D. BUILDING THE GREY SYSTEM MODEL (GSM) 1) BOTTOM INDEX EVALUATION
To establish the relationships between the risk levels and grey clustering, our objective is to create a ''whitenization'' weight function that is based on the grey number and to use that information to transform the data that are provided by experts into a weight vector of the evaluation indices. Using this vector, we can determine the risk level of assessing indices.
Bottom Evaluation sequence can be defined as: Evaluation Experts i can be defined as: where m is the total number of evaluation experts In grey intervals, each value of x has different weights. We use f(x) to represent the weights which belong to x and use ⊗(x) = h to represent the value of x. The Whitenization weight function is defined as [38]: where h is the grey clustering. The maximum return value from the function is 1, and the minimum is 0. According to Table 1, it is concerned with the risk levels classification, the grey clustering: h = {1,2,3,4,5}. The five functions mentioned below are used to help determine the grey clustering sum in the later computations. The first grey clustering (h = 1) represents the very high-risk level. The VOLUME 8, 2020 domain is, therefore, ⊗_1 ∈ [0,5 ∞]. When we substitute h = 1 into (1), we get: The first grey clustering (h = 2) represents the high-risk level. The domain is ⊗ 1 ∈ [0, 4,5]. When we substitute h = 2 into (1), we get: The first grey clustering (h = 3): it represents the medium risk level. The domain is ⊗ 1 ∈ [0, 3,5]. When we substitute h = 3 into (1), we get: The first grey clustering (h = 4): it represents the low-risk level. The domain is ⊗ 1 ∈ [0, 2, 5]. When we substitute into Equation (1), we get: The first grey clustering (h = 5): it represents a very low-risk level. The domain is ⊗ 1 ∈ [0, 1, 5]. Substitute h = 5 into (1), we get: In the further calculation of the bottom indexes, we make a table which has i rows and j columns. Then the sample matrix x ij is taken from Table 1.
According to the f k concluded by evaluation index j which is evaluated by an expert i and sample x ij , we can compute the weight vector for evaluation index j, which belonged to the Grey clustering h (where h = 1,2,3,4,5).
Equation (7) represents the sum of the evaluation values that each expert gives, and the dependent variable is x ij ; x ij taken from the sample matrix X = x ij ; where m is the total number of expert i.
Equation (8) represents the Grey clustering sum of j columns, which consists on adding up n jh calculated in (8).
ξ jh = r jh r j (9) Equation (9) represents the statistics of the evaluation index j, which is belonged to the Grey clustering h, that is the quotient of (8) and (9). Similarly, ξ j = (ξ j1 ξ j2 ξ j3 ξ j4 ξ j5 ) represents the weight vector of the evaluation index j, and it is made up of the value from (9). U = (5, 4, 3, 2, 1) represents the numeric vector of each evaluation grey clustering level. The vector is decided from Table 1 to represent the risk level ranking in the descending order. Taking this into account, we get a comprehensive evaluation value which could be expressed as follows: Equation (10) represents the comprehensive evaluation value of the evaluation index.

E. DEVELOPING THE ANALYTICAL HIERARCHY PROCESS MODEL
To organize and analyze complicated decisions, the AHP is a relatively structured management technique. It was developed by Thomas L. Saaty in the 1970s and has been extensively researched. In the subsequent sections, we will discuss the steps of this method.

1) DECOMPOSITION OF THE SYSTEM AND THE CONSTRUCTION OF THE HIERARCHY MODEL
This model consists of three layers, namely, the target layer, the criterion layer, and the solution layer, as illustrated in Fig. 3.

2) CONSTRUCTION OF THE JUDGEMENT MATRIX
The judgment matrix is constructed by comparing an element in its target layer with all elements that are related to it. For example, for criterion H in the criterion layer, n elements are related to it in the solution layer. Therefore, the judgment matrix is expressed as: In the matrix above (11), a ij refers to the ratio of the importance of element i and element j in terms of the criterion H and satisfies a ji = 1 a ij , where a ij represents the scale between factor u i and factor u j . In the analytic hierarchy process, the comparison of the two elements can become quantitative according to Saaty's 1-9 scale method [36], as shown in Table 2.

3) JUDGMENT MATRIX CONSISTENCY TEST
Once we obtain the judgment matrix, the relative weights are computed with the greatest characteristic root which is used for getting consistency index (CI). The equation for computing greatest characteristic root is expressed as follows: where λ max : Greatest Characteristic Root; A: the judgment matrix; w: weight vector; n: order of the judgment matrix; (Aw) i : the number i element of Aw. Consistency Index (CI): where n is the order of the judgment matrix. Consistency Ratio (CR): where RI is given by Saaty and the table of the value is given in Table 3. Satty has also given the values of RI, as shown in Table 3. When CR<0. 10. The judgment matrix meets the consistency index. The corresponding weight is the one we need. If CR does not satisfy the requirement, the judgment matrix needs to be adjusted to meet the consistency expectation (i.e., CR < 0.1)

4) COMPUTATION OF THE RESPECTIVE INDEX WEIGHTS
To determine the weights of indices for the risk assessment of CSPs, we invited experts who are working on cloud computing research to score the evaluation indices. The objective is to compare the indices at the same level in pairs and to provide promotional scale fractions according to the relative importance of the indices. The results of this exercise will be used in the judgment matrices.
a ij (i = 1, 2 . . . , n; where n is the order of the judgment matrix) (15) So, the vector v = (w 1 , w 2 , . . . , w n ) T can be obtained by using w i n j=1 w j (i = 1, 2,. . . ,n) to normalize the vector v, The vector v = (w 1 , w 2 , . . . , w n ) T is the needed feature vector. The most significant characteristic root can be obtained as shown in (12).
b) Judgment Matrix Consistency Test: In the judgment matrix consistency test, if CR < 0.10, the result is accepted. Then, second-level and third-level indices can be computed. Otherwise, the judgment matrix must be modified until it meets the standard (CR < 0.1).

b: EXPERT SCORING METHOD
Facilitated by the expert scoring method, the elementary scores for the indices are obtained [41].

F. ADDITIVE FEATURES
A grey prediction model can help determine whether the following additive features should be incorporated into the model or not: Response Time; Grey Incidence

1) RESPONSE TIME
The response time is the intervening time between a probe on the system and the response to the inquiry. Shorter response time improves the performance and reduces the critical risk. Based on differential values, let us assume that if a development coefficient value c lies in the specific range, then the relationship between the risk and the inflation rate p p can be expressed as Thus, the basic grey model can be expressed as The shadow of the grey model is Equation (17) can be substituted by a differential equation. Thus, the response time of EGM (1, 1) for CSP can be calculated via equation (19) and this response time can be used in the risk prediction process.
where β denotes the grey model,ŷ the risk response time, and k the number of cloud users.

2) GREY INCIDENCE
The grey incidence facilitates the provision of methods for identifying the most suitable solution among a specified series of solutions for a real-world problem. The grey incidence is based on nearness and similarity. Definition 1: Grey incidence degree Let A i , with i ∈ M + 2 , denote two orders of similar length that describe the sum of the risks between two successive time instants as follows: This is referred to as the grey incidence between A 1 and A 2 . This model can be used to determine whether the obtained risks should be treated differently. Assume that n predicted risks i are clustered into s grey classes based on m criteria. The predicted value of risk i in terms of criterion j is denoted as a ij , with i∈M + m and j ∈M + n . The risk i should be analyzed and identified on a ij effectively.

G. EGM (1,1)
Through the GST and AHP models, the risk data that are used to assess the risk levels of the CSP in a specified year can be generated. This approach, the values for other years are obtained. Then, with these values and the EGM (1,1) model, the security levels in the coming years can be predicted. The process of the EGM (1,1) model will be discussed in the subsequent section.

1) DETERMINATION OF EGM (1,1)
The GM (1,1) model has been widely applied in several fields. It is a type of homogeneous exponential growth model that is based on the accumulation generation sequence and the least square method. GM (1,1) does not require prior information, but it can be used with limited input data. Thus, enhancement of the basic GM (1,1) is necessary for obtaining a more accurate prediction. GM (1,1) suffers from limited performance because it uses only predicted values to calculate the next period's prediction value for a short period. As the prediction horizon size increases, GM (1,1) produces larger prediction error. EGM (1,1) is adopted to handle the prediction error issue in GM (1,1). Thus, EGM (1,1) yields not only more reliable short-term predictions of CSP but also more reliable long-term predictions, which facilitates the selection of a more reliable CSP company by customers. If equations are available for Pr v > k, new prediction values are not acquired using the previous observation values P ov after a specified period. Thus, EGM (1,1) is applied both iteratively and indirectly if the number of predicted periods is sufficiently large. The working process of EGM (1,1) is illustrated in Fig. 4.
Where G l denotes the grey Length and γ the number of observations in the modeling set. Thus, EGM (1,1) provides grey direct prediction by resolving the issue that is encountered with GM (1,1). Furthermore, it uses the period's prediction values Pr v that are based on the previous period's real observation values P ov in the grey direct prediction. The complete derivations of EGM (1,1) are available.
(iv) Through the first-order accumulative generation sequence X (1) , EGM (1, 1) model is established; a first-order differential equation can be generated as follows: where b is the development Grey number and m is the endogenous control Grey number. The discretization yields the Equation (25) as follows: where the (1) [x (1) (k + 1)] represents the consequence produced by x (1) With the method of IAGO at the time of (k +1). Further derivations yield (25) and (26) as follows: Expanding (25) yields: ] (26) Equation (25) can be simplified and substituted in (26) to produce the following relationship: (vii) Least square method: The parameter vector φ can be computed by the least square method.
(viii) Substitute the result into (28) and compute the discrete solution using the following: Restoring to the raw data produces Equation (30) which is expressed as follows: (30) Equations (29) and (30) express the time-dependent function model of EGM (1,1). They are the concrete computation formulas of enhanced grey prediction. According to (31)(32)(33)(34), the prediction of EGM (1,1) depends on the use of previous real observations. It helps select the previous observation values P ov after a specified period. Let us assume that if P ov = 2, then the proposed EGM (1,1) applies subsequence {X t ,X t − 2, X t − 4, . . . , X t − 2k + 2} for the next two-period prediction. To predict future periods, the previous observation values P ov are chosen from the current time to k in every P ov periods. Thus, subsequence {X t , X t − P ov , X t − 2P ov , . . . , −P ov (k) + P ov } can be used to predictẊ t+P ov . GM(1,1) uses k = 4 and θ = 0.5; however, the values of both of these factors can affect the prediction of EGM(1,1). Thus, the values of both factors can be increased to improve the risk assessment performance.

V. EXPERIMENTAL EVALUATION
To evaluate the performance of the proposed model, we calculate the evaluation values and determine the risk level for the year 2017. The calculation of the index weights and the evaluation values and the prediction of EGM are conducted in Matlab2016 on a computer with the Windows 8 operating system. We consider four scores for every third-level index and calculate the bottom evaluation sequences. After conducting the consistency test in MATLAB, we calculate the evaluation values for second-level and first-level indices. Then, we determine the comprehensive values for the past nine years and make predictions in the next step. The parameters are listed in Table 4.

A. EXPERT SCORING
To determine an expert score for the CSP risk, various risk detection studies have been conducted [27], [33], [42]- [45], which serve as guides for expert data collection. To realize this objective, a web questionnaire was constructed and a total of 80 participants were invited to participate to obtain the expert data. From Enterprise Resource Planning China, NetSuite, SYSPRO, and ERPAG (ERP cloud service), 35, 22, 9, and 14 participants, respectively, are chosen. The average collected data are listed in Table 5. According to Table 5, the risk assessment can be divided into five levels: very high, high, medium, low, and very low. The values are assigned as 5, 4, 3, 2, and 1.
Then we can draw a graph to show the data in Table 5, and show it in Fig. 5:

B. EXPERT SCORING BOTTOM SEQUENCE EVALUATIONS
The steps have been described explicitly in previous section. For instance, consider F 111 (factor of employability) as an example and calculate its bottom evaluation sequence.
Step 4: Risk Level: Recall that the Grey clustering is defined as h = (1, 2, 3, 4, 5) and U = (5, 4, 3, 2, 1). Using Equation (10), the Grey evaluation value is V = ξ 111 × U T = 3.11. Therefore, the Grey class is 3 with the risk level of medium. In the same method, we can get the bottom evaluation sequence, as shown in Table 6.

C. WEIGHT VECTOR AND CONSISTENCY TEST
According to the formulae in section IV.E.4, the index weight vectors of each layer are calculated. In the judgment matrix consistency test, the consistency ratios are all smaller than 0.10; hence, their bottom evaluation sequences pass the test and can be utilized. Therefore, the index weight vector of each level is determined, as listed in Table 7. We show the trend to show the result of λ max and CR from Table 7 and show it in Fig. 6:

D. LAYERED EVALUATIONS
According to the results in Table 6 and Table 7, the risk levels for second-level indices and first-level indices is calculated. The process consists of several steps, which are described as follows.
(i) Evaluation for the second-level risks: The matrices.   The second-level evaluation sequence of F 11 is defined in (36): The evaluation value of F 11 is given as: In the same method, we can get the evaluation sequences and evaluation values of other second-level indexes. The results are shown in Table 8.  which belong to the first-level indexes. In the same method in (i), we can get the evaluation sequences and evaluation values of the other first-level indexes as shown in Table 9.

E. RESULTS EVALUATIONS
According to the hierarchy in our evaluation system, the evaluation matrix is made up of the first-level evaluation sequences. With the same method presented in the previous section (4.4), the evaluation value of index F could be expressed as follows: The evaluation value of the index F is approximated as 2.75 with the risk level medium. This shows that the CSP had a moderate risk.

VI. SECURITY RISK PROJECTION A. PROJECTION OF RISK VALUES FROM 2009 TO 2018
In this experiment, the deviation is calculated for the CSP by using risk values that were directly collected via expert scoring and by using GST and AHP models. The data are plotted for the years 2009-2018 in Fig. 7. A peak is observed at 3.5 in 2013 and the lowest point is attained in 2011 when using collected data from expert scoring and the weight indices have not been considered. In contrast, a stable increase is observed for risk values that are calculated exclusively from  2.4 to 2.75 by using the GST and AHP models. Furthermore, the actual data are plotted in Fig. 7 for comparison with the results of the AHP and GST models in terms of accuracy. Based on the data trend, we observed that the risk values that were not calculated by the GST and the AHP models show substantial deviations [39]. The maximum value exceeds the minimum value by a factor of two. In contrast, when applying the GST and the AHP models for risk assessments, the curves for the risk values become flat [40].
Our proposed models deal with extreme values in advance and determine the index weights among factors. Hence, our models are more suitable and accurate in real conditions because the GST model can determine quantitative and qualitative relationships among complex dynamics with inadequate information [46]. In addition, the AHP method identifies the weights of CSP's evaluation criteria accurately. Furthermore, AHP assigns the values based on the actual conditions and uses a comparative judgment process, a decomposition process, and a complete rational mode for decision-making. Thus, it is a vital tool for system investigation [47], [48]. The hybrid method facilitates the development of systematic and accurate well-defined and step-by-step procedures; ensures the transparency of the computation process; and utilizes a rational and logical approach that has an adequate mathematical foundation [49].

B. PROJECTION OF RISK VALUES FROM 2015 TO 2024
In this experiment, we have obtained the risk values of the CSP for the past nine years with the GST and the AHP models. Next, we should apply the projection for the same service provider in the following five-year period to evaluate its reliability and service consistency for the future. We use the actual values, the moving average method, GM (1,1), and the proposed EGM (1,1) model for projection.
Based on the results, we observed in Fig. 8 that the moving average and GM value have higher fitting precision compared with the EGM for risk prediction. Fig. 9 shows that the EGM (1,1) model is more suitable for both short-term and long-term projections for the risk assessment of CSP. Our proposed model has high fitting precision relative to the actual values, as shown in Fig. 9.

C. ACCURACY PROBABILITY
GM (1,1) [17], R-ALO-GM (1,1) [13] and IAHP [15] are satisfactory methods for reducing the deviations of variables. In Fig. 10, we plot the prediction accuracies of GM, R-ALO-GM, and IAHP and compare them with the predictions of our proposed EGM. Based on the results, there is a linear decline in the prediction accuracy over the period of 2010 to 2019. VOLUME 8, 2020  However, the prediction accuracy of the EGM is higher than those of the other contending models.
In Fig. 11, according to the graphical trend, GM and IAHP experience sharp decreases in the period from 2022 to 2029, compared to a slight decrease in the EGM (1,1) prediction accuracy, which reaches approximately 99.99 to 99.82. This decrease is marginal and does not affect our proposed model's prediction. Hence, we conclude that EGM outperforms the other contending models in terms of prediction accuracy. We use the EGM due to its performance in reducing the deviations for risk assessment to support CSP.

D. DISCUSSION OF RESULT
The risk assessment for CSP is conducted using the GST, the AHP, and EGM (1,1) models. The GST model is used to determine the bottom sequence evaluation. Furthermore, GST handles the insufficient and flawed information to strengthen the restrictions of old-fashioned statistical methods. In addition, the AHP model recognizes the weights of CSP's assessment criteria. It allocates the values based on the actual scenario and uses a comparative judgment process, a complete rational mode for decision-making and a decomposition process. Thus, AHP is an effective tool for system analysis. EGM (1,1) reduces the prediction error based on a direct prediction feature to avoid the iterative prediction shortcoming of standard GM (1,1). Thus, EGM (1,1) helps maintain higher accuracy despite the larger number of predicted periods. According to Table 5, the risk level of the bottom sequence evaluation ranges from high to low and most of the values are distributed at the medium level. A hierarchy model of three layers is constructed based on a CSP's information system. All the index weights between layers, which are determined by the AHP model, pass the consistency test because their consistency ratios are all smaller than 0.01. The advantage of conducting a consistency test is that it reduces the error in the judgment matrix. Combing the GST and the AHP models, we could objectively obtain the risk values, which are listed in Table 9. According to our simulation results, the risk values show a slight increase over the past years. When analyzing the results of the R-ALO-GM, GM and the IAHP models, we clearly observed that the EGM contributes to the risk assessment successfully and produces less deviation compared to other contending models. However, our proposed EGM (1,1) has a slight limitation when determining the risk value for a one-year period. EGM (1,1) inherits few features from GM (1,1). For example, GM (1,1) represents the time series as a differential equation. Thus, the modeling values and predictions of EGM (1, 1) are independent due to the inclusion of a first entry in the original series. Therefore, the proposed EGM (1,1) encounters the same limitation. Thus, this limitation can be overcome by using a random number in the front of the original series to replace the data from the first entry.

VII. CONCLUSION
A risk assessment model that is based on GST, AHP, and EGM (1,1) has been introduced for CSPs. The proposed model is compared with previous models. Our proposed model eliminates human factors and reduces the deviation of the experimental results in the risk assessment. The GST model is used to calculate the weight vectors and the evaluation values of bottom indices. In this model, whitenization functions are applied to overcome poor samples. The judgment matrix in the AHP model has ensured the reliability of our calculations, which are primarily the risk values that are used to assess the risk level of a CSP based on the AHP. EGM (1,1) provides direct prediction values by overcoming the limitations of GM (1,1). In addition, EGM (1,1) facilitates successful risk assessment and reduces the deviations compared to other contending models. Our simulation results demonstrated an effective reduction in the data deviations when performing the risk assessment and prediction using the combined model (GST, AHP, and EGM) in terms of risk projection and accuracy.