A STRIDE Model based Threat Modelling using Unified and-Or Fuzzy Operator for Computer Network Security

In the present era, security has become a fundamental issue in efficient and proper functioning of computer and network systems. To prevent and mitigate a system, an important issue to understand how different threats could damage a network system. Keeping this issue under consideration, this paper proposes risk assessment and modeling of threats which shows the level of any attack. STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privileges) is a model which covers numerous existing threats that are related to all security properties necessary for a secure network. An strategy has been proposed which takes the number and types of attacks as input and applies a fuzzy logic based threat assessment approach to assess the level of attack. The presented work uses a fuzzy operator, namely, unified AND–OR (UAO operator), and a decision-making approach based on a fuzzy rule.