A novel approach to network vulnerabilities quantitative evaluation based on Mamdani-Style fuzzy logic

It is a linguistic issue to evaluate the network vulnerabilities quantitatively in network security management. It is often claimed to evaluate the vulnerabilities properly and effectively. However, detailed analysis and evaluation based on fuzzy logic, which can deal with the linguistic problems well, is very rare. In this paper, a novel approach, based on Mamdani-Style fuzzy logic, is presented. This method considers the network vulnerabilitiespsila impact, possibility of being exploited, and the importance of the environmental assets.It involves the fuzzification of the input, rule evaluation, aggregation and defuzzification.And the simulation test shows that this method can evaluate the network vulnerabilities effectively and properly.

[1]  Joseph H. M. Tah,et al.  A proposal for construction project risk assessment using fuzzy logic , 2000 .

[2]  M. P. Ristenbatt Methodology for network communication vulnerability analysis , 1988, MILCOM 88, 21st Century Military Communications - What's Possible?'. Conference record. Military Communications Conference.

[3]  Sofie Verbrugge,et al.  Influence of GMPLS on network providers' operational expenditures: a quantitative study , 2005, IEEE Communications Magazine.

[4]  E. H. Mamdani,et al.  Application of Fuzzy Logic to Approximate Reasoning Using Linguistic Synthesis , 1976, IEEE Transactions on Computers.

[5]  Abraham Kandel,et al.  Complex fuzzy logic , 2003, IEEE Trans. Fuzzy Syst..

[6]  Robert A. Martin Managing Vulnerabilities in Networked Systems , 2001, Computer.

[7]  Xi Hongsheng,et al.  A Novel Approach to Network Security Situation Awareness Based on Multi-Perspective Analysis , 2007 .

[8]  Carol Woody,et al.  OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 1: Introduction to OCTAVE-S , 2005 .

[9]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[10]  Carol Woody,et al.  OCTAVE-S Implementation Guide, Version 1 , 2005 .

[11]  Peng He,et al.  L-Chord: Routing Model for Chord Based on Layer-Dividing , 2007 .

[12]  Antonio Rizzo,et al.  Quantitative evaluation and operative usage of interactive systems , 2001, Proceedings 12th International Symposium on Software Reliability Engineering.

[13]  E. H. Mamdani,et al.  Prescriptive method for deriving control policy in a fuzzy-logic controller , 1975 .

[14]  Xi Hongsheng Signature Extraction Algorithm Based on Known Characteristic and Environment Dependent Variable , 2008 .

[15]  Yi Zhang,et al.  Two Formal Analysis of Attack Graphs: Two Formal Analysis of Attack Graphs , 2010 .