Threat Modeling Using Fuzzy Logic Paradigm
InSITE 2007 • Volume 7 • 2007
Threat modeling, which is the process of identifying, quantifying and analyzing potential threats of computer-based systems, has become a significant consideration towards designing secure software systems. Despite the previous methods adopted for threat modeling, there are still many systems that are probable to attack. In this work, a fuzzy logic-based threat modeling technique is designed. The technique involves the fuzzification of input variables that is based on six major categories of threats (STRIDE- Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege), rule evaluation, and aggregation of the rule outputs. The design is based on Mamdani-style inference system which is very good for the representation of human reasoning and effective analysis. The implementation is done using MATLAB fuzzy logic tools. Using the design to test five computer systems, the result shows a tool that can be effectively used to analyze potential threats to computer-based systems.
Fuzzy logic, threat, threat modelling
6 total downloads