Academy & Industry Research Collaboration Center (AIRCC)

Volume 10, Number 09, July 2020

Multiple Layers of Fuzzy Logic to Quantify Vulnerabilities in IoT

  Authors

Mohammad Shojaeshafiei, Letha Etzkorn and Michael Anderson, The University of Alabama in Huntsville, USA

  Abstract

Quantifying vulnerabilities of network systems has been a highly controversial issue in the fields of network security and IoT. Much research has been conducted on this purpose; however, these have many ambiguities and uncertainties. In this paper, we investigate the quantification of vulnerability in the Department of Transportation (DOT) as our proof of concept. We initiate the analysis of security requirements, using Security Quality Requirements Engineering (SQUARE) for security requirements elicitation. Then we apply published security standards such as NIST SP-800 and ISO 27001 to map our security factors and sub-factors. Finally, we propose our Multi-layered Fuzzy Logic (MFL) approach based on Goal question Metrics (GQM) to quantify network security and IoT (Mobile Devices) vulnerability in DOT.

  Keywords

Computer Network, Network Security, Mobile Devices, Fuzzy Logic, Vulnerability, Cyber Security.