Model of assessment of the security of information and communication systems based on fuzzy visions
DOI:
https://doi.org/10.20535/2411-1031.2025.13.2.344709Keywords:
model, information and communication system, threat, loss, fuzzy multiplier, interval-type membership function, fuzzy relationAbstract
The current stage of development of information and communication systems is characterized by their massive advances in all spheres of everyday life: military law, government, economics, finance, industry, etc. The advancement of digital technologies will ensure the efficiency and speed of data processing, while simultaneously increasing the risk of threats to information security in the cyberspace. The task of assessing the threat or the security of information and communication systems based on known intelligence is important for several reasons. First of all, it allows you to go from a clear description of the risks to comprehensive estimates, which creates a basis for an economical solution. In another way, the analysis of traffic jams allows you to identify priority threats and optimize defense resources, focusing on the most critical scenarios. Thirdly, it reveals the possibility of using current mathematical methods for modeling non-significance in the field of information security. Classic methods for assessing the security of information and communication systems are based on the collection of clear statistical data about the threats and attacks. However, in practice, information about the severity of attacks and the scale of traffic attacks is often inconsistent, overly sensitive, or presented in what appears to be linguistic categories (“high risk of threat”, “significant losses”). In such minds, traditional methods demonstrate limited effectiveness due to the low accuracy of such assessments. This necessitates the need to create assessment systems that effectively deal with fuzzy information and establish cause-and-effect relationships between threats and potential losses. The article proposes a model for assessing the security of information and communication systems through potential losses based on type II fuzzy relations. A special feature of the model is the ability to deal with types of non-significance in a comprehensive manner. Fuzzy terms of threats and losses are formalized by interval functions of type II reliability, as a result of which the world significance of threats and losses is determined at intervals. The type II fuzzy model will be based on the extended compositional rule of Zadeh's derivation, from which two systems of fuzzy relations are combined. These systems link the lower (upper) boundaries of fuzzy relationships and the lower (upper) boundaries of the world of significance of threats and losses. The value of the output variable is determined by type reduction and defuzzification operations.
References
N.R. Pokhrel, and C.P. Tsokos, “Cybersecurity: A stochastic predictive model to determine overall network security risk using Markovian process”, Journal of Information Security, vol. 8, no. 2, pp. 91-105, Apr. 2017. doi: https://doi.org/10.4236/jis.2017.82007.
O.A. Revnyuk, N.V. Zagorod, and O.S. Ulichev, “Adaptive methodology for calculating the quantitative indicator of the security status of web applications”, Central Ukrainian Scientific Bulletin. Technical Sciences, iss. 10 (41), part. ІІ, pp. 3-102024. doi: https://doi.org/10.32515/2664-262X.2024.10(41).2.3-10.
M. Alali, N. Almakhadmen, and M. Mafarja, “Improving risk assessment model of cyber security using fuzzy logic inference system”, Procedia Computer Science, vol. 141, pp. 436-443, 2018. doi: https://doi.org/10.1016/j.cose.2017.09.011.
N.K. N. Dang, M. Lopuhaä-Zwakenberg, and M. Stoelinga, “Fuzzy quantitative attack tree analysis” in Proc 27th Inter. Conf. Fundamental Approaches to Software Engineering (FASE 2024), Luxembourg City, Luxembourg, 2024, pp. 210-231. [Online]. Available: https://link.springer.com/chapter/10.1007/978-3-031-57259-3_10?utm_source=chatgpt.com. Accessed on: May 10, 2025.
S. Kerimkhulle, Z. Dildebayeva, A. Tokhmetov, A. Amirova, J. Tussupov, U. Makhazhanova, A. Adalbek, R. Taberkhan, A. Zakirova, and A. Salykbayeva, “Fuzzy logic and its application in the assessment of information security risk of industrial internet of things”, Symmetry, vol. 15, art. 1958, 29 p., 2023. doi: https://doi.org/10.3390/sym15101958.
A.A. Tubis, S. Werbińska-Wojciechowska, M. Góralczyk, A. Wróblewski, and B. Ziętek, “Cyber-attacks risk analysis method for different levels”, Sensors (Basel). 2020 Dec 16; 20 (24):7210. doi: https://doi.org/10.3390/s20247210.
I. Subach, and V. Kubrak, “A model for identifying cyber incidents using a SIEM system for protecting information and communication systems”, Cybersecurity: Education, Science, Technology, iss. 4 (20), pp. 81-92, 2023. doi: https://doi.org/10.28925/2663-4023.2023.20.8192.
P. Cheimonidis, and K. Rantos, “Dynamic risk assessment in cybersecurity: A systematic review”, Future Internet, vol. 15, art. 324, 25 p., 2023. doi: https://doi.org/10.3390/fi15100324.
O. Kozlenko, “An example of fuzzy ontology usage for risk assessment and attack impact”, in Proc. 2024 IEEE Int. Conf. on Advanced Trends in Information Theory (ATIT), Kyiv, Ukraine, 2024, pp. 123-127. doi: https://doi.org/10.20535/tacs.2664-29132024.1.312677.
L.A. Zadeh, “The Concept of a Linguistic Variable and Its Application to Approximate Reasoning-I”, Information Sciences, no. 8, pp. 199-249, 1975. doi: http://dx.doi.org/10.1016/0020-0255(75)90036-5.
A.P. Rotshteyn, Intelligent Identification Technologies: Fuzzy Sets, Genetic Algorithms, Neural Networks. Vinnytsia, Ukraine: UNIVERSUM-Vinnytsia, 1999.
B.M. Gerasimov, V.M. Lokaziuk, O.G. Oksiyuk, and O.V. Pomorova, Intelligent Decision Support Systems. Kyiv, Ukraine: European University, 2007.
J. Mendel, Uncertain Rule-Based Fuzzy Logic Systems: Introduction and New Direction. Prentice-Hall, Englewood Cliffs, NJ, USA, 2001.
O.P. Rotshtein, and G.B. Rakytyanska, “Diagnostics based on multidimensional fuzzy relations under conditions of uncertainty”, Systems Research and Information Technologies, no. 2, pp. 97-111, 2015.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Collection "Information Technology and Security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
