Skip to main content

Network System’s Vulnerability Quantification Using Multi-layered Fuzzy Logic Based on GQM

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track 2020 (NCS 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1271))

Included in the following conference series:

  • 459 Accesses

Abstract

Network security is one of the crucial components of an organization’s security system. Much research has been conducted to come up with a clear-cut approach in order to quantify organizations’ network system vulnerabilities. Many security standards such as NIST SP-800 and ISO 27001 with the guidelines and clauses are published with a reasonable outline to pave the ground for a safe track towards secure system design, however, these standards do not clearly show the details of work implementation. In this paper, we apply Fuzzy Logic methodology to quantify each factor and sub-factors derived using Goal Question Metrics in network security. Our procedure follows a bottom-up hierarchy model from the details of a security component to the desired goal in order to address vulnerabilities in a quantified manner in the Department of Transportation. Thus, our approach measures different types of potential vulnerabilities in a network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Hayden, L.: IT Security Metrics: A Practical Framework for Measuring Security & Protecting Data. McGraw Hill, New York (2010)

    Google Scholar 

  2. Karabacak, B., Sogukpinar, I.: ISRAM: information security risk analysis method. Comput. Secur. 24(2), 147–159 (2005)

    Article  Google Scholar 

  3. Basili, V.R., Green, S.: Software process evolution at the SEL. Foundations of Empirical Software Engineering, pp. 142–154

    Google Scholar 

  4. Zimmermann, H.-J.: Fuzzy Sets, Decision Making, and Expert Systems. Springer, Dordrecht (1987)

    Book  Google Scholar 

  5. Zadeh, L.: Fuzzy sets. Inf. Control 8(3), 338–353 (1965)

    Article  Google Scholar 

  6. Bibliography on fuzzy sets and their applications. In: Fuzzy Sets and Their Applications to Cognitive and Decision Processes, pp. 477–496 (1975)

    Google Scholar 

  7. Pedrycz, W.: Why triangular membership functions? Fuzzy Sets Syst. 64(1), 21–30 (1994)

    Article  MathSciNet  Google Scholar 

  8. Kacprzyk, J.: Group decision making with a fuzzy linguistic majority. Fuzzy Sets Syst. 18(2), 105–118 (1986)

    Article  MathSciNet  Google Scholar 

  9. Karnik, N., Mendel, J., Liang, Q.: Type-2 fuzzy logic systems. IEEE Trans. Fuzzy Syst. 7(6), 643–658 (1999)

    Article  Google Scholar 

  10. Leekwijck, W.V., Kerre, E.E.: Defuzzification: criteria and classification. Fuzzy Sets Syst. 108(2), 159–178 (1999)

    Article  MathSciNet  Google Scholar 

  11. Mamdani, E.: Advances in the linguistic synthesis of fuzzy controllers. Int. J. Man Mach. Stud. 8(6), 669–678 (1976)

    Article  Google Scholar 

  12. Erturk, E., Sezer, E.A.: Software fault prediction using Mamdani type fuzzy inference system. Int. J. Data Anal. Tech. Strat. 8(1), 14 (2016)

    Article  Google Scholar 

  13. Sugeno, M.: An introductory survey of fuzzy control. Inf. Sci. 36(1–2), 59–83 (1985)

    Article  MathSciNet  Google Scholar 

  14. Pfleeger, C.P., Pfleeger, S.L., Margulies, J.: Security in computing. Pearson India Education Services, India (2018)

    Google Scholar 

  15. Anton, P.S., Anderson, R.H., Mesic, R.: Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology. RAND Corporation, Santa Monica (2004)

    Google Scholar 

  16. Measuring Operational Risk Using Fuzzy Logic Modeling. Measuring Operational Risk Using Fuzzy Logic Modeling | Expert Commentary | IRMI.com. https://www.irmi.com/articles/expert-commentary/measuring-operational-risk-using-fuzzy-logic-modeling. Accessed 24 Jan 2020

  17. Zhao, D.-M., Wang, J.-H., Ma, J.-F.: Fuzzy risk assessment of the network security. In: 2006 International Conference on Machine Learning and Cybernetics (2006)

    Google Scholar 

  18. Lee, M.-C.: Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. Int. J. Comput. Sci. Inf. Technol. 6(1), 29–45 (2014)

    Google Scholar 

  19. Watkins, L., Hurley, J.S.: Cyber maturity as measured by scientific-based risk metrics. J. Inf. Warf., 60–69

    Google Scholar 

  20. The ISO 27001 Risk Assessment: Information Security Risk Management for ISO 27001/ISO 27002, 3rd edn., pp. 87–93 (2019)

    Google Scholar 

  21. J. T. Force: Security and Privacy Controls for Information Systems and Organizations, CSRC, 15 August 2017. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

  22. Shepperd, M.: Practical software metrics for project management and process improvement. Inf. Softw. Technol. 35(11–12), 701 (1993)

    Article  Google Scholar 

  23. Shojaeshafiei, M., Etzkorn, L., Anderson, M.: Cybersecurity framework requirements to quantify vulnerabilities based on GQM. Springer, 04 June 2019. https://link.springer.com/chapter/10.1007/978-3-030-31239-8_20

  24. Ngai, E., Wat, F.: Fuzzy decision support system for risk analysis in e-commerce development. Decis. Support Syst. 40(2), 235–255 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mohammad Shojaeshafiei .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shojaeshafiei, M., Etzkorn, L., Anderson, M. (2021). Network System’s Vulnerability Quantification Using Multi-layered Fuzzy Logic Based on GQM. In: Choo, KK.R., Morris, T., Peterson, G.L., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2020. NCS 2020. Advances in Intelligent Systems and Computing, vol 1271. Springer, Cham. https://doi.org/10.1007/978-3-030-58703-1_7

Download citation

Publish with us

Policies and ethics