A Fuzzy Cyber-Risk Analysis Model for Assessing Attacks on the Availability and Integrity of the Military Command and Control Systems

A Fuzzy Cyber-Risk Analysis Model for Assessing Attacks on the Availability and Integrity of the Military Command and Control Systems

Madjid Tavana (La Salle University, Philadelphia, PA, USA & University of Paderborn, Paderborn, Germany), Dawn A. Trevisani (Air Force Research Laboratory, Rome, NY, USA) and Dennis T. Kennedy (La Salle University, Philadelphia, PA, USA)
Copyright: © 2014 |Pages: 16
DOI: 10.4018/ijban.2014070102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The increasing complexity in Military Command and Control (C2) systems has led to greater vulnerability due to system availability and integrity caused by internal vulnerabilities and external threats. Several studies have proposed measures of availability and integrity for the assets in the C2 systems using precise and certain measures (i.e., the exact number of attacks on the availability and the integrity, the number of countermeasures for the availability and integrity attacks, the effectiveness of the availability and integrity countermeasure in eliminating the threats, and the financial impact of each attack on the availability and integrity of the assets). However, these measures are often uncertain in real-world problems. The source of uncertainty can be vagueness or ambiguity. Fuzzy logic and fuzzy sets can represent vagueness and ambiguity by formalizing inaccuracies inherent in human decision-making. In this paper, the authors extend the risk assessment literature by including fuzzy measures for the number of attacks on the availability and the integrity, the number of countermeasures for the availability and integrity attacks, and the effectiveness of the availability and integrity countermeasure in eliminating these threats. They analyze the financial impact of each attack on the availability and integrity of the assets and propose a comprehensive cyber-risk assessment system for the Military C2 in the fuzzy environment.
Article Preview

Literature Review

Several methods have been proposed in the literature to deal with imperfect data. Imperfect data can be characterized as being imprecise or uncertain. Other types of imperfect data such as vague or ambiguous data can be considered a special form of imprecision or uncertainty (Smets, 1997). Bayesian theory is often used to deal with both imprecision and uncertainty (Fienberg, 2006; Howson & Urbach, 1993; Jaynes, 2003). The theory of evidence is also used to deal with data that contains both imprecision and uncertainty at the same time (Shafer, 1976; Dempster, 1967). However, rough sets theory is used to handle imprecision when uncertainty is involved but cannot be quantified (Pawlak, 1991). The theory of possibility is used to handle incomplete data, which is a combination of imprecise and uncertain data (Zadeh, 1978). In contrast with these theories that can only handle one type of imperfection, random sets and the conditional event algebra can handle all types of imperfect data (Goodman et al., 1997). We use fuzzy values in our model to represent vagueness and ambiguity. Fuzzy logic enables computation in the face of vagueness and ambiguity, generating approximate results (Nedjah & Mourelle, 2005). While uncertainty represents the state of knowledge about a piece of data, imprecision is the characteristic of the data that cannot be expressed with a single value. The theory of fuzzy sets has been proposed by Zadeh (1965) to deal with vague data which is a particular form of both imprecise and uncertain data. Fuzzy sets have been used to account for the vague data in various work flow management systems (Lin et al., 2007; Tsai & Wang, 2008). The membership function of a fuzzy set defines the mapping of inputs to the degree or strength of membership, ranging from 0 to 1. The shape of this membership function can vary, as any function whose image is between 0 and 1 is a possible membership function. The most common forms of these functions are those represented by straight lines, such as triangular and trapezoidal member functions. In the proposed method, trapezoidal fuzzy numbers are used to capture and convert the fuzzy imprecise and uncertain information. Among the various types of fuzzy numbers, trapezoidal fuzzy numbers are used most often for characterizing linguistic information in practical applications (Klir & Yuan 1995, Yeh & Deng 2004). The common use of trapezoidal fuzzy numbers is mainly attributed to their simplicity in both concept and computation.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 5: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 4: 4 Issues (2017)
Volume 3: 4 Issues (2016)
Volume 2: 4 Issues (2015)
Volume 1: 4 Issues (2014)
View Complete Journal Contents Listing