multiple layers of fuzzy logic to quantify vulnerabilies in iot
This addresses the issue of ambiguities in vulnerability quantification for network security and IoT, though it appears incremental by combining existing methods like SQUARE and standards.
The paper tackles the problem of quantifying network and IoT vulnerabilities by proposing a Multi-layered Fuzzy Logic approach, applied to the Department of Transportation as a proof of concept, but does not report concrete numerical results.
Quantifying vulnerabilities of network systems has been a highly controversial issue in the fields of network security and IoT. Much research has been conducted on this purpose; however, these have many ambiguities and uncertainties. In this paper, we investigate the quantification of vulnerability in the Department of Transportation (DOT) as our proof of concept. We initiate the analysis of security requirements, using Security Quality Requirements Engineering (SQUARE) for security requirements elicitation. Then we apply published security standards such as NIST SP-800 and ISO 27001 to map our security factors and sub-factors. Finally, we propose our Multi-layered Fuzzy Logic (MFL) approach based on Goal question Metrics (GQM) to quantify network security and IoT (Mobile Devices) vulnerability in DOT.