LUCID - LAB FOR UNCERTAINTY IN DATA AND DECISION MAKING
  • Home
  • Members
  • Projects
  • About
  • Software
  • Photos

LUCID

Lab for uncertainty in Data and
Decision Making
School of Computer Science,
​University of Nottingham

Paper on Improving Cyber Security Assessments accepted to IEEE SSCI 2016

4/10/2016

 
The paper "Improving Security Requirement Adequacy" by Hanan Hibishi, Travis D. Breaux and Christian Wagner has been accepted to the 2016 IEEE Symposium Series on Computational Intelligence (IEEE SSCI 2016) will be held in Athens, Greece in December 2016. The paper has resulted from a recent collaboration between Carnegie Mellon and Nottingham Universities, with Hanan visiting Nottingham in early 2016.
Full title and abstract are included below. A full version of the paper will be available soon.
Title: Improving Security Requirement Adequacy - An Interval Type 2 Fuzzy Logic Security Assessment System
Abstract: Organizations rely on security experts to improve the security of their systems. These professionals use background knowledge and experience to align known threats and vulnerabilities before selecting mitigation options. The substantial depth of expertise in any one area (e.g., databases, networks, operating systems) precludes the possibility that an expert would have complete knowledge about all threats and vulnerabilities. To begin addressing this problem of fragmented knowledge, we investigate the challenge of developing a security requirements rule base that mimics multi-human expert reasoning to enable new decision-support systems.  In this paper, we show how to collect relevant information from cyber security experts to enable the generation of: (1) interval type-2 fuzzy sets that capture intra- and inter-expert uncertainty around vulnerability levels; and (2) fuzzy logic rules driving the decision-making process within the requirements analysis. The proposed method relies on comparative ratings of security requirements in the context of concrete vignettes, providing a novel, interdisciplinary approach to knowledge generation for fuzzy logic systems. The paper presents an initial evaluation of the proposed approach through 52 scenarios with 13 experts to compare their assessments to those of the fuzzy logic decision support system. The results show that the system provides reliable assessments to the security analysts, in particular, generating more conservative assessments in 19% of the test scenarios compared to the experts’ ratings.

Comments are closed.

    LUCID BLOG

    News, Ideas and Comments around our work.

    Archives

    November 2021
    February 2021
    October 2020
    April 2020
    March 2020
    February 2020
    October 2019
    July 2019
    June 2019
    April 2019
    February 2019
    December 2018
    October 2018
    September 2018
    August 2018
    July 2018
    May 2018
    March 2018
    November 2017
    October 2017
    May 2017
    February 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016

    Categories

    All
    Fuzzy Sets
    Publications

    RSS Feed

Proudly powered by Weebly
  • Home
  • Members
  • Projects
  • About
  • Software
  • Photos