Abstract
The highly complex and dynamic nature of information and communications networks necessitates that cyber defenders make decisions under uncertainty within a time-constrained environment using incomplete information. There is an abundance of network security tools on the market; these products collect massive amounts of data, perform event correlations, and alert cyber defenders to potential problems. The real challenge is in making sense of the data, turning it into useful information, and acting upon it in time for it to be effective. This is known as actionable knowledge. This paper discusses the use of fuzzy logic for accelerating the transformation of network monitoring tool alerts to actionable knowledge, suggests process improvement that combines information assurance and cyber defender expertise for holistic computer network defense, and describes an experimental design for collecting empirical data to support the continued research in this area.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Pegna, D. L. (2015). Big data sends cybersecurity back to the future. Retrieved June 15, 2015, from http://www.computerworld.com/article/2893656/the-future-of-cybersecurity-big-data-and-data-science.html.
Leedom, D. K. (2004). Analytic representation of sensemaking and kowledge management within a military C2 organization. Vienna, VA: Evidence Based Research Inc.
Ramanan, S. (2015). Top ten security breaches of 2015. Forbes.com. Retrieved from http://www.forbes.com/sites/quora/2015/12/31/the-top-10-security-breaches-of-2015/#2f01eff01f76.
(ISC)2 US Government Adviory Council Bureau. (2015). There were so many data breaches in 2015. Did we learn anything from them? Retrieved December 29, 2015, from http://www.nextgov.com/technology-news/tech-insider/2015/12/there-were-so-many-data-breaches-2015-did-we-learn-anything-them/124780/.
Cirilli, K. (2014). Home depot breach costs doubled target’s. Retrieved October 30, 2014, from http://thehill.com/policy/finance/222340-home-depot-breach-costs-doubled-targets.
Juniper Networks. (2014). Network configuration example midsize enterprise campus solution.
Zimmerman, C. (2014). Ten strategies of a world-class cybersecurity operations center. In M. A. Bedford (Ed.), MITRE corporate communications and public affairs. Appendices.
Joint Staff. (2012). CJCSM 6510.01B department of defense cyber incident handling program.
Lee, D., Hamilton, S. N., & Hamilton, W. L. (2011). Modeling cyber knowledge uncertainty. In 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).
Alrajeh, N. A., & Lloret, J. (2013). Intrusion detection systems based on artificial intelligence techniques in wireless sensor networks. International Journal of Distributed Sensor Networks, 2013, 6.
Anonymous. (2015). Department of homeland security, Einstein. Retrieved January 15, 2016, from http://www.dhs.gov/einstein.
Julisch, K., & Dacier, M. (2002). Mining intrusion detection alarms for actionable knowledge. In Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 366–375).
Zadeh, L. A. (1965). Fuzzy sets. Information and Control, 8, 15.
Zadeh, L. A. (1973). Outline of a new approach to the analysis of complex systems and decision processes. IEEE Transactions on Systems, Man and Cybernetics, 28–44.
Hammell II, R. J., Powell, J., Wood, J., & Christensen, M. (2010). Computational intelligence for information technology project management. In Intelligent Systems in Operations: Methods, Models and Applications in the Supply Chain (p. 80).
Yen, J., & Langari, R. (1998). Fuzzy logic: Intelligence, control, and information. Prentice-Hall, Inc.
Huang, C., Hu, K., Cheng, H., Chang, T., Luo, Y., & Lien, Y. (2012). Application of type-2 fuzzy logic to rule-based intrusion alert correlation detection. International Journal Innov Computing Inform and Control, 8, 65–74.
Alshammari, R., Sonamthiang, S., Teimouri, M., & Riordan, D. (2007) Using neuro-fuzzy approach to reduce false positive alerts. In Fifth Annual Conference on Communication Networks and Services Research. CNSR’07. (pp. 345–349)
Leung, H. (2015). An asset valuation approach using fuzzy logic. In SPIE Sensing Technology + Applications.
Alsubhi, K., Al-Shaer, E., & Boutaba, R. (2008). Alert prioritization in intrusion detection systems. In IEEE Network Operations and Management Symposium. NOMS 2008 (pp. 33–40).
Kim, A., Kang, M., Luo, J. Z., & Velasquez, A. (2014). A framework for event prioritization in cyber network defense. DTIC Document.
Tabia, K., Benferhat, S., Leray, P., & Mé, L. (2011). Alert correlation in intrusion detection: Combining ai-based approaches for exploiting security operators’ knowledge and preferences. In Security and Artificial Intelligence (SecArt).
Alsubhi, K., Aib, I., & Boutaba, R. (2012). FuzMet: A fuzzy‐logic based alert prioritization engine for intrusion detection systems. International Journal of Network Management, 22, 263–284.
Joint Staff. (2015). Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms.
Libicki, M. (2014). Shortage of cybersecurity professionals poses risk to national security. Rand.org. Retrieved from http://www.rand.org/news/press/2014/06/18.html.
Newcomb, E. A., & Hammell II, R. J. (2013). A method to assess a fuzzy-based mechanism to improve military decision support. In 14th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) (pp. 143–148).
Hanratty, T. P., Newcomb, E. A., Hammell II, R. J., Richardson, J. T., & Mittrick, M. R. (2016). A fuzzy-based approach to support decision making in complex military environments. International Journal of Intelligent Information Technologies (IJIIT), 12, 1–30.
Newcomb, E. A., & Hammell II, R. J. (2012). Examining the effects of the value of information on intelligence analyst performance. In Proceedings of the Conference on Information Systems Applied Research ISSN (p. 1508).
Hammell, R. J., Hanratty, T., & Heilman, E. (2012). Capturing the value of information in complex military environments: A fuzzy-based approach. In 2012 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE) (pp. 1–7).
Hanratty, T. P., Hammell II, J.R., Bodt, B.A., Heilman, E.G., & Dumer, J.C. (2013). Enhancing battlefield situational awareness through fuzzy-based value of information. In 2013 46th Hawaii International Conference on System Sciences (HICSS) (pp. 1402–1411).
Hanratty, T. P., Dumer, J. C., Hammell II, R. J., Miao, S., & Tang, Z. (2014). Tuning fuzzy membership functions to improve value of information calculations. In 2014 IEEE Conference on Norbert Wiener in the 21st Century (21CW) (pp. 1–7).
Miao, S., Hammell II, R. J., Hanratty, T., & Tang, Z. (2014). Comparison of fuzzy membership functions for value of information determination. In MAICS (pp. 53–60).
Miao, S., Hammell II, R.J., Tang, Z., Hannratty, T. P., Dumer, J. C., & Richardson, J. (2015). Integrating complementary/contradictory information into fuzzy-based voi determinations. In 2015 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (pp. 1–7).
Hanratty, T., Heilman, E., Dumer, J., & Hammell II, R. J. (2012). Knowledge Elicitation to Prototype the Value of Information. In Midwest Artificial Intelligence and Cognitive Science Conference (p. 173).
Joint Staff. (2014). Joint Publication 3-13 Information Operations.
Catlin, M., & Kautter, D. (2007). An overview of the Carver Plus Shock method for food sector vulnerability assessments. USFDA, editor. USFDA. (pp. 1–14).
U. S. Army. (2012). Army Doctrinal Reference Publication (ADRP) 3-05, Special Operations ed. Washington, DC: Headquarters, Department of the Army.
Microbiological Risk Assessment Series. (2009). No. 17, Chapter 4. Semi-quantitative risk characterization. ISBN 978 92 4 154789 5.
Sudkamp, T., & Hammell, R. J, I. I. (1994). Interpolation, completion, and learning fuzzy rules. IEEE Transactions on Systems, Man and Cybernetics, 24, 332–342.
Sommerville, I., & Kotonya, G. (1998) Requirements engineering: Processes and techniques. Wiley.
Wassink, I., Kulyk, O., van Dijk, B., van der Veer, G., & van der Vet, P. (2009). Applying a user-centered approach to interactive visualisation design. In Trends in Interactive Visualization (pp. 175–199). Springer.
NIST Computer Security Division. (2010). Guide for applying the risk management framework to federal information systems (Vol. 800-37 rev1). NIST Special Publication.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Allison Newcomb, E., Hammell, R.J. (2016). A Fuzzy Logic Utility Framework (FLUF) to Support Information Assurance. In: Lee, R. (eds) Software Engineering Research, Management and Applications. Studies in Computational Intelligence, vol 654. Springer, Cham. https://doi.org/10.1007/978-3-319-33903-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-33903-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-33902-3
Online ISBN: 978-3-319-33903-0
eBook Packages: EngineeringEngineering (R0)