Ubiquitous computing environments are highly dynamic, with new unforeseen circumstances and constantly changing environments, which introduces new risks that cannot be assessed through traditional means of risk analysis. Mobile entities in a ubiquitous computing environment require the ability to perform an autonomous assessment of the risk incurred by a specific interaction with another entity in a given context. This assessment will allow a mobile entity to decide whether sufficient evidence exists to mitigate the risk and allow the interaction to proceed. Such evidence might include records of prior experiences, recommendations from a trusted entity or the reputation of the other entity. In this paper we propose a dynamic mechanism for estimating the risk probability of a certain interaction in a given environment using hybrid neural networks. We argue that traditional risk assessment models from the insurance industry do not directly apply to ubiquitous computing environments. Instead, we propose a dynamic mechanism for risk assessment, which is based on pattern matching, classification and prediction procedures. This mechanism uses an estimator of risk probability, which is based on the automatic clustering of defining features of the environment and the other entity, which helps avoid subjective judgments as much as possible. Risk assessment, Risk probability, Cluster, Neural network, ART, BP I. INTRODUCTION In a global ubiquitous computing infrastructure, the number of autonomous interacting entities could be millions or even billions. It is therefore not possible to rely on a specific security infrastructure such as certificate authorities and authorization servers. The interactions between entities are very much like those faced by human beings confronted with unexpected or unknown interaction with each other. Human society has developed the concept of trust to overcome initial suspicion and gradually evolve privileges. The basic trust lifecycle is showed in Figure 1. Recently, there has been an increased interest in security mechanisms based on the human notions of trust [2, 3, 4]. Entities in this infrastructure are both autonomous and mobile and must be capable of dealing with unforeseen circumstances ranging from unexpected interactions with other unknown entities to disconnected operation. Figure1: Trust Lifecycle [1] It has been recognized that an element of risk is part of the context of trust and a fundamental question is to characterize the extent to which risks are associated with the privileges that may be assigned to an unknown entity, so that the level of trust in an entity can be used to establish its level of privileges [5]. No one today can satisfactorily answer this question for computer-relative risks. Risk is the possibility of something adverse happening, and risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. In her paper [6], Dr. Sharon Fletcher asserts that risk management has gone through two generations already, and that it needs to enter its third. Until now, there have been quite a few tools and methods proposed, but most of them still view risk assessment as a fairly static procedure [7]. Risk is commonly defined as the hazard level combined with [8] • The likelihood of the hazard leading to an accident • Hazard exposure or duration (latency). Assessing risk is to assess the above two components. The latter factor in risk assessment is easier to determine as long as the accident can be confirmed. At least, the biggest loss can be estimated for a certain accident. Estimating the likelihood of the hazard is a much more complex issue. The insurance industry has done a lot of work to model the probability distribution functions for different contexts. In this paper, we only focus on estimating risk probability for a certain interaction, i.e., the likelihood of the hazard Risk Probability Estimating Based on Clustering 1 Yong Chen, 2 Christian Damsgaard Jensen, 1 Elizabeth Gray, 1 Jean-Marc Seigneur