A Comprehensive System for Semantic Spatiotemporal Assessment of Risk in Urban Areas

Risk assessment of urban areas aims at limiting the impact of harmful events by increasing awareness of their possible consequences. Qualitative risk assessment allows to figure out possible risk situations and to prioritize them, whereas quantitative risk assessment is devoted to measuring risks from data, in order to improve preparedness in case of crisis situations. We propose an automatic approach to comprehensive risk assessment. This leverages on a semantic and spatiotemporal representation of knowledge of the urban area and relies on a software system including: a knowledge base; two components for quantitative and qualitative risk assessments, respectively; and a WebGIS interface. The knowledge base consists of the TERMINUS domain ontology, to represent urban knowledge, and of a geo&#8208;referenced database, including geographical, environmental and urban data as well as temporal data related to the levels of operation of city services. CIPcast DSS is the component devoted to quantitative risk assessment, and WS&#8208;CREAM is the component supporting qualitative risk assessment based on computational creativity techniques. Two case studies concerning the city of Rome (Italy) show how this approach can be used in a real scenario for crisis preparedness. Finally, we discuss issues related to plausibility of risks and objectivity of their assessment.

time. Furthermore, as the qualitative assessment usually relies on human judgment and experience, it is almost impossible to identify unlikely but disruptive risks that, due to communication gaps, remain uncovered. These unexpected risks are recently referred to as "black swans" (Taleb, 2010).
Here, we propose a comprehensive approach that encompasses qualitative and quantitative risk assessment and allows generating geo-localized risk mini-models dynamically associated with sensitive points of interest (POIs). Examples of points of interests are hospitals, transportation services, museums and restaurants. In general, risk mini-models are fragments of conceptual models representing possible risks of socio-technical systems (Coletti et al., 2017). Risk mini-models related to a specific POI could change over time. For instance, the level of risk for a metro station could vary according to the time of the day (e.g. from very high level during the rush hour to low level during closing times). By ingesting temporal data on the level of operability of urban services, we compute dynamically the level of risk of all the automatically generated risk mini-models.
Furthermore, by exploiting computational creativity techniques, this approach overcomes limitations of existing qualitative risk assessment approaches, as they only rely on past data and on the experience and the different perception of experts. Computational creativity is a new field of Artificial Intelligence devoted to defining computational systems that create artefacts and ideas (Colton & Wiggins, 2012). We refer these methods to the creative process of the experts while they are conceiving risks that could lead to possible disruptive crisis situations that never happened in the past. In a recent paper , the authors explicitly validated the effectiveness of a computational creativity approach in supporting emergency management officers and risk analysts to conceive novel emergency scenarios for smart cities. In this work, more generally, the focus is on the capability of an automatic approach to supply risk descriptions that are useful to experts in their activity of qualitative risk assessment. These risks may represent both familiar and new plausible situations for the selected areas.
The approach is supported by a software system that allows the above-mentioned dynamic generation of geo-localized risk mini-models. The system consists of the following components: a ing the computational support for automatic risk identification and ranking, by querying the ontology and using context data; and CIPCast , a GIS (geographic information system)-based tool for risk analysis of critical infrastructures, enhanced with forecasting and decision support functionalities. Preliminary results, discussed in Barcaroli et al. (2019), are here extended by considering the temporal dimension of risk assessment. TERMINUS was built by means of ontology design patterns. An ontology design pattern is a reusable conceptual structure to support the ontology engineering process (Gangemi & Presutti, 2009). This is used by WS-CREAM to run semantic queries automatically built from pre-specified ontology patterns.
We present our experience on comprehensive risk assessment on two case studies regarding relevant areas of the city of Rome (Italy). The first case study considers the area close to Isola Tiberina, which is located in the city centre and encompasses a large museum, shops, restaurants and hospitals. As it is close to the Tevere river, we associated this use case to the flood risk. The second use case encompasses Sapienza University, its General Hospital "Policlinico Umberto I," some offices and a metro station. For this area, we have considered risk related to earthquakes.
We discuss plausibility and objectivity issues related to risk assessment processes. The paper has been organized as follows.
Section 2 presents relevant work. The literature review was mainly conducted in the research areas concerning both quantitative and qualitative risk assessment. Section 3 describes the ideas behind qualitative and quantitative risk assessment. The proposed software system is described in Section 4. Section 5 describes the experimentation of the approach in the city of Rome. Finally, the last section presents conclusions.

| REL ATED WORK
This paper deals with dynamic risk assessment for metropolitan areas due to natural events. The most common approaches to this purpose are either quantitative or qualitative risk assessment.
Among the existing works on quantitative risk assessment for populated areas, we cite the seismic vulnerability and risk assessment (Vicente, Parodi, Lagomarsino, Varum, & Silva, 2011) for the city of Coimbra in Portugal; the earthquake risk assessment for Istanbul metropolitan area (Erdik et al., 2003); and the quantitative risk assessment from climate change (World Health Organization, 2014) that, among the different causes of death, includes also costal flood mortality.
In the scope of qualitative risk assessment, among the most important contributions are the paper of Rinaldi, Peerenboom, and Kelly (2001) that discusses types of risks due to interdependencies of critical infrastructures, the paper of Coletti, De Nicola, and Villani (2016), presenting a semantic model for system-of-systems risks and discussing water systems risks with roots on climate change hazards, and the paper of Lückerath et al. (2018), within the EU project "Climate Resilient Cities and Infrastructures-RESIN," that, similarly, presents a modelling approach to cause-effect relationships underlying risks and vulnerabilities. Both works propose conceptual modelling approaches for vulnerability assessment of urban areas. These identify some upper level concepts as hazard, exposure and impact that should drive adaptation strategies due to climate change. The paper of Dierich, Tzavella, Setiadi, Fekete, and Neisser (2019) proposes an approach mixing qualitative and quantitative risk assessment. With respect to these works where qualitative assessment is performed by interviewing experts, our proposed activity is automatized by means of semantics-based and computational creativity techniques. Excel, is aimed to help city authorities and other stakeholders in the common understanding of current and future risks to assets of cities. These users are guided in manually scoring likelihood of threats and rating exposure, vulnerability and response measures on assets in a 5-point Likert scale (Likert, 1932). Based on these data, the QRE tool computes a compound risk level by means of a risk matrix. In our approach for risk assessment, not only risks are automatically assessed by means of a similar risk matrix and same computation methods, but we also automatize the scoring of the individual risk parameters based on real data, as explained in Section 4, so avoiding error-proneness of human-based data entry and subjectivity of the scoring.
Various initiatives in the literature are devoted to building ontologies for risk assessment. One of the first was the vulnerability upper model (VUM) and a VUM ontology, presented by Coletti et al. (2016), including concepts as risk, threat, system, stakeholder, severity and vulnerability. Then, this ontology was extended to build the first version of the TERMINUS ontology presented in Coletti et al. (2019).
After these, other initiatives include the common ontology of value and risk presented by Sales et al. (2018) and the ontology of emergency managing and planning about hazard crisis presented by Gaur, Shekarpour, Gyrard, and Sheth (2018). Other ontologies refer to close domains as the ontology proposed by Elmhadhbi, Karray, and Archimède (2019) that covers disaster management and the related operational emergency response system. TERMINUS was used as it focuses on the knowledge required in this paper, which concerns territory, risk and crisis management. Furthermore, it is structured as a multi-level specialization hierarchy that is a feature required in order Currently, the TERMINUS ontology used in this work covers physical and functional vulnerabilities of infrastructures and urban services to describe risks in a urban area. In future works, we plan to extend it with psychological vulnerabilities of people for a more detailed account for human aspects in the description and assessment of risks. Among such type of studies, the paper by Hayes, Blashki, Wiseman, Burke, and Reifels (2018) investigates impacts of climate change hazards on human health, including emotional resilience and psychosocial wellbeing, whereas the paper by Teffali, Matta, and Chatelet (2019) analyses predictability of the stress influence in the management of a crisis.

| FOUNDATI ONAL A S PEC TS OF S EMANTI C S PATI OTEMP OR AL A SS E SS MENT OF URBAN RIS K S
In this section, we present the foundational aspects of the proposed approach for risk assessment.
A risk mini-model is defined by a set of concepts representing a risk situation from a semantic perspective. This set includes a service (s), a vulnerability (v), a critical event (c) and the hazard (h) causing it.
The formal definition of the risk mini-model r is the following: A geographical area could include one or more POIs. For the sake of simplicity, we consider a POI as a system providing a service. For instance, we consider a metro station from the perspective of service that can be provided to commuters. Other perspectives for a system are, for instance, the economic value and the physical infrastructure. A detailed discussion on system aspects can be found in Coletti et al. (2019). Given a POI, a geo-localized temporal risk mini-model can be considered as an instance of a risk mini-model that represents a POI, its semantic functional representation, a vulnerability, a critical event and the hazard causing it, the geographical coordinates of the POI, and the time of the critical event. Hence the geo-localized temporal risk mini-model r p is defined as follows: where p represents the POI, x i are the spatial coordinates (i = 1,2,3) of the POI, and t is the time.
Then, we define the RiskLevel mapping function that maps the domain of the geo-localized temporal risk mini-models to the level of risk: where A detailed treatment on how the RiskLevel mapping function is computed is presented in Section 4.
Finally, we define the semantic spatiotemporal risk space as the set of all the pairs consisting of a geo-localized temporal risk minimodel and its corresponding risk level: Figure 1 depicts as coloured circles some geo-localized temporal risk mini-models for an urban area. Colours represent the level of risk in a given instant of time (red: high, yellow: medium, green: low).
As it can be deduced from the figure, the level of risk of a geo-localized temporal risk mini-models can change over time.
According to our approach, a risk analyst selects a POI included in a urban area. Then, for that POI he/she automatically retrieves a ranked list of possible geo-localized temporal risk mini-models.
Finally, he/she selects one of them to observe its level of risk and its temporal evolution over time.

| SOF T WARE SYS TEM FOR QUALITATIVE S EMANTI C S PATI OTEMP OR AL A SS E SS MENT OF RIS K S
The automatic approach for semantic spatiotemporal risk assessment enhances the decision support system capabilities of a preexisting GIS-based system devoted to Critical Infrastructures (CI) protection . A view of the overall system architecture is in Figure 2, showing the functional blocks to enable risk assessment following both quantitative and qualitative methods, and the data and domain knowledge they use. More specifically, the overall system consists of independent services exposing the required functions for risk assessment to a middle layer, which is responsible for their coordination and of their interaction with the components of the knowledge base. A WebGIS interface is used to both activate some of the system functions and to query GIS data from a map.
The quantitative risk assessment services in Figure 2 realize a de-

| CIPCast functionality for quantitative risk assessment
CIPCast Decision Support System (DSS) is conceived as a combination of free/open-source software environments that includes GIS features to perform operational risk prediction and analysis of critical infrastructure for natural hazards such as earthquakes. Indeed, multisource data and GIS-integrated analysis contribute to a better emergency planning, providing fundamental information for immediate response. All data and information available to such a purpose, such as base cartography, risk maps, critical infrastructure features data, data from sensors, scenario produced are stored and managed in a PostGIS-based geo-database. A specific component is devoted to dynamically acquiring external data from many different sources (e.g. weather and seismic data stations), to establish the current external conditions. These data are used to implement the following functional blocks for quantitative risk assessment. CIPCast can exploit different types of data, both from its own GIS database (geo-database) and from external repositories. In particular, the geo-database contains several data features: (a) territorial and environmental data (basic cartography, hydrogeological data, morphology, geology, etc.); (b) socio-economic data (census data); (c) data about structures (features and characteristics of buildings) and infrastructures (power lines, gas pipelines, water supply network, telco network components, roads and railways, etc.); (d) natural hazard and risk maps (earthquake catalog, seismic risk, inventory of landslides, flood risk, etc.); and (e) point of interest (POI) data. In order to predict the damage scenario, CIPCast gathers real-time data from field sensors and from external repositories/services. In particular, it acquires (a) earthquake events from the seismic network of the Italian institute for geophysical studies (INGV); (b) weather data and forecast from meteorological models (CETEMPS) and services, reporting data on rainfall, temperature, humidity, wind, pressure, etc. in a given area; and (c) satellite remote sensing data (e.g. measurements of displacement through SAR data).
Risk assessment functions of CIPCast concern physical damages estimations on buildings and components of critical infrastructures.

F I G U R E 2 Semantic spatiotemporal system architecture [Colour figure can be viewed at wileyonlinelibrary.com]
Given the geographic location of specific elements (e.g. critical infrastructures and POI), CIPCast can assess-for each element-the possible degree of damage depending on the type of event expected (and its intensity), taking into account the vulnerability of the element itself to a specific hazard (such as earthquake and flood) (Taraglio et al., 2019). Then, in the case of critical infrastructures, CIPCast evaluates the impact that the expected service damages could cause on the affected infrastructure element (e.g. substation, powerline and pipeline) and, consequently, on the entire infrastructure (Di Pietro et al., 2016).
Furthermore, a specific seismic risk module has been realized, which operates as a stress tester enabling to simulate earthquakes and assessing the resulting chain of events (Matassoni et al., 2017).
Such CIPCast module firstly simulates the ground shake map (related to earthquake intensity), by also considering the amplification effects, and then estimates the expected damages to buildings and other infrastructure elements. It allows to: -Simulate earthquake events (synthetic or by reproducing past events actually occurred) and estimate the (deterministic) scenarios in terms of macroseismic intensity; -Estimate damages on buildings and infrastructures, whose vulnerability was previously estimated; -Estimate consequences on population (casualties, people to be evacuated) and on the delivery of services (e.g. buildings collapse and consequence on roads).
Additionally, some decision-making support is provided to operational processes such as multiple strategies to manage crisis scenarios. Figure 3 presents a screenshot of the CIPCast interface showing the level of damage for buildings in a large area affected by a simulated earthquake.

| WS-CREAM functionality for semantic qualitative risk assessment
The automatic functions for semantic spatiotemporal risk generation and assessment aim at supporting a user, such as a risk analyst or a city planner, to imagine possible scenarios and identify relevant ones for objectives such as city emergency management and/or risks  (Likert, 1932). A detailed description of TERMINUS and the semantic spatiotemporal qualitative risk assessment functions follows.

| TERMINUS: An Ontology for Territorial Management and Infrastructures
TERMINUS is a domain ontology that includes semantic representations of environment, critical infrastructures and related hazards, risks and threats. An ontology is a formal specification of a shared conceptualization (Gruber, 1993;Borst, 1997). It defines concepts, relationships and axioms relevant for representing a domain of interest. TERMINUS has been engineered by considering real (historical) situations and by extending some ontology design patterns. At the current stage, TERMINUS has been built by deriving concepts from the vulnerability upper model (VUM) design pattern (Coletti et al., 2016), from the system aspect design pattern presented by Coletti et al. (2019) and from the risk of system service design pattern (Barcaroli et al., 2019) that is presented in the following. TERMINUS also includes knowledge related to interdependencies between critical infrastructures (Rinaldi et al., 2001). In particular, the risk of system service design pattern allows representing risks for city services due to catastrophic events as earthquakes, floods and landslides. This ontology design pattern is depicted in Figure 4. It consists of five upper level concepts: Hazard, Critical_event_of_system, Functional_vulnerability, System_service and Stakeholder. The description of these five upper level concepts is presented in Table 1, whereas the description of the relationships between them is presented in Table 2.

Concept name Description
Hazard Event or trend or their impacts (e.g. floods, droughts and sea level rise) with likely detrimental consequences to human systems (adapted from Hazard concept as described by Mora et al., 2018) Critical_event_of_system Event representing one or more effects on systems from exposure to a hazard; effects are mediated by the strength of the hazard and the vulnerability of the exposed system (Adapted from the Impact concept as described by Mora et al. (2018))

Functional_vulnerability
The propensity of a system function to be adversely affected. This results from the balance between sensitivity and adaptive capacity (adapted from the Vulnerability as described by Mora et al. (2018)

| Semantic risk generation
This function takes as input a list of service types, semantically annotated with TERMINUS concepts, which are present in a user selected urban area, and the type of hazard with its associated properties. Semantic annotation was done manually by some experts knowing the addressed geographical area. A SPARQL query (Coletti et al., 2017) is automatically built from the predefined ontology pattern, as that derived by the conceptual model in

| Automatic time-based risk assessment
This function implements risk ranking mechanisms accounting for both semantic criteria and for contextual information related to the characteristics of the POI and of the geographical area where it operates. Specifically, all entities of the risk mini-model, except the Stakeholder whose role is limited to risk description and understanding, are associated with one or more metrics, which are either evaluated at conceptual level, or at instance level. Then, the overall risk is assessed, by aggregating these values according to a time-dependent formula that can be configured for the system. The entity-level metrics are defined as described in Table 3, and they are individually assessed by some experts in the system preparation phase. Indeed, these values depend on geographical and environmental information, on the specific city, on the service types and on risk expert's knowledge, and they can be updated during system operation following the changes at the information sources.
During a risk assessment activity, a predefined risk formula: is applied to every POI, risk mini-model RM, geographical po-

| Usage scenario of the overall system
One of the envisaged usages of the overall system is in the prevention phase from potential crisis events that pose risks to a specific urban area. The following scenario illustrates such a use case.
A risk analyst wants to assess the consequences of an earth-

| C A S E S TUDY: RIS K A SS E SS MENT IN ROME (ITALY )
We identified two urban areas in Rome (Italy) and used context GISbased data for an empirical study with the objective of evaluating effectiveness and usefulness of the proposed semantic spatiotemporal risk assessment approach. In particular, we intended to investigate the support, given by our system, to a risk analyst and/or a city emergency operator to identify risk situations and evaluate their priority in order to handle them.
To this purpose, we set the following research questions.
(RQ1) To what extent the semantic risk descriptions generated by the system are plausible?
(RQ2) To what extent the system is useful for risk assessment?
A detailed description of the performed experimentation follows.

| System set-up
The selected areas for the study are General Hospital "Policlinico Umberto I" and Isola Tiberina. We selected the first area (Policlinico) for the case study because this area is highly crowded due to the The second selected area, the Isola Tiberina area, has been considered as it includes another important hospital in Rome, museums, restaurants and governmental offices. This area is also close to the Tevere river and, as such, it is exposed to flood risk, whose possible impacts we aim at investigating. A map of this area with some relevant POIs is reported in Figure 9.
An example of assessment of a semantic spatiotemporal risk mini-model related to the Isola Tiberina area is presented in Table 4.
The following activities were required to configure the system and prepare the queries for the experiment.
1. Specification of the hazard event. As above-mentioned, risks from an earthquake event were required for the Isola Tiberina area and from a flood event for the Policlinico area.
2. POIs identification and selection. Two subsets of POIs located in the two selected areas were chosen according to the following criteria: (a) each subset must include relevant POIs for the city; (b) the two subsets include POIs of the same service type; and (c) each subset contains POIs of various types. So, for Policlinico area, the POIs included in Table 5 were chosen. Instead, for Isola Tiberina area, the selected POIs are reported in Table 6.
3. Selection of temporal data. Two different week days/time were decided for the assessment of the risks from the hazard events.
Namely, Sunday at 11:00 and Tuesday at 21:00 were chosen for Isola Tiberina, instead Sunday at 21:00 and Tuesday at 18:00 were decided for Policlinico. Furthermore, the service levels of the in-

| Experiment
The semantic risk mini-models generation and qualitative spati- expert was asked to provide the criteria followed for attribution of the risk level, by weighting from 0 to 5 the following aspects: Hazard localization, that is hazard risk level for the POI localization; Economic value, that is the relevance of the POI in the city; Vulnerability, that is the type of vulnerability supplied in the risk mini-model; Critical event, that is the type of impact supplied in the risk mini-model; and Time, that is the time indicated for the hazard event. The obtained risk evaluations and comparison with the system results are reported in Tables 7 and 8. Furthermore, Table 9 summarizes the accordance of the risk results by each expert with those by the system, and Figure 10 the accordance of the experts on the risk evaluation criteria, compared with that used by the system.  with the quality of the source ontology and appropriateness of the risk semantic model.
RQ2 is concerned with evaluation of the automatic support to the qualitative risk assessment process. Especially in the case of less familiar risk descriptions, as in the case of our risk mini-models, this process is human-based. Therefore, we used this trial to measure differences (if any) in the human perceptions of risk situations, even when performed by domain experts, and an automatic assessment leveraging on an urban risk knowledge base, environmental risk data and a type of risk formula as in the common practice for qualitative risk assessment. In this respect, for each area, in Table 8 we reported the number of risk mini-models judged of low, medium or high relevance by each of the two evaluators for each POI, and compared with the results by the system. From the data in Table 8, we noticed that the expert results generally differ from the system results, and that, for both areas, results by the two experts also differ. Table 9 presents the detailed analysis of agreement in relevance level assessment between experts and the system (WS-CREAM).
This shows the number of risk mini-models that were judged at the same level of relevance. Also, this analysis confirms the need of an objective means to assess the relevance.
A reason for these differences can be found in Figure 10, showing that the four experts have actually attributed different weights to the five parameters of the risk formula computed by the system. This result confirms that subjectivity is an influencing factor in qualitative risk assessment and that an automatic support in the activity of risk quantification may be useful to provide an objective perspective as a basis for an experience-based qualitative risk assessment process, required whenever data for simulation-based risk prediction is not available and to identify new plausible risks. This conclusion was also confirmed by a direct feedback received from the experts.

| CON CLUS IONS
Risk assessment of urban areas is a complex activity due to uncertainties on hazards, on the variety and the temporal behaviour of systems. We presented a comprehensive software system devoted to risk assessment, including a novel component aiming to provide descriptions of relevant risk situations in an urban area, especially useful when qualitative risk assessment is required. This is achieved by using semantic reasoning on a domain ontology and automatically measuring the level of the generated risks.
The presented system relies on data of the geographical areas, the societal and infrastructural characteristics of the urban services under analysis and also the temporal evolution of such characteristics. The system integrates WS-CREAM, a software application based on semantic and computational creativity techniques, with CIPCast, which is a GIS-based DSS for risk analysis of critical infrastructure, boosted by forecasting capabilities and some optimization functionalities for the identification of optimal strategies to recover from specific critical infrastructure outages. We presented how these two systems can operate in synergy to perform semantic spatiotemporal risk assessment for urban areas, and provide validation results of the approach on two case studies within the city of Rome. Validation has been performed by involving experts with experience in real past situations. The results demonstrate that the generated risk mini-models are generally plausible and the automatic evaluation is useful to provide an objective input for risk assessment. As future work, we intend to further exploit the multi-perspective risk representation capability of the TERMINUS ontology and study more deeply its impact on the overall risk assessment. This will be accomplished by providing the various types of experts with tailored functionalities aimed, for instance, at supporting the activity of forming risk assessment teams or at suggesting alternative risk perspectives.