Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilities of Web Applications

Mohammad Shojaeshafiei; Letha Etzkorn; Michael Anderson; Mohammad Shojaeshafiei; Letha Etzkorn; Michael Anderson

doi:10.5121/ijcnc.2020.12407

Volume 12, Number 4

Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilities of Web Applications

Authors

Mohammad Shojaeshafiei, Letha Etzkorn and Michael Anderson, The University of Alabama in Huntsville, USA

Abstract

Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.

Keywords

vulnerability, web applications, analytic hierarchy process, fuzzy logic, goal question metrics, cybersecurity

Archives