Improving security requirements adequacy: an interval type 2 fuzzy logic security assessment system

Organizations rely on security experts to improve the security of their systems. These professionals use background knowledge and experience to align known threats and vulnerabilities before selecting mitigation options. The substantial depth of expertise in any one area (e.g., databases, networks, operating systems) precludes the possibility that an expert would have complete knowledge about all threats and vulnerabilities. To begin addressing this problem of fragmented knowledge, we investigate the challenge of developing a security requirements rule base that mimics multi-human expert reasoning to enable new decision-support systems. In this paper, we show how to collect relevant information from cyber security experts to enable the generation of: (1) interval type-2 fuzzy sets that capture intra- and inter-expert uncertainty around vulnerability levels; and (2) fuzzy logic rules driving the decision-making process within the requirements analysis. The proposed method relies on comparative ratings of security requirements in the context of concrete vignettes, providing a novel, interdisciplinary approach to knowledge generation for fuzzy logic systems. The paper presents an initial evaluation of the proposed approach through 52 scenarios with 13 experts to compare their assessments to those of the fuzzy logic decision support system. The results show that the system provides reliable assessments to the security analysts, in particular, generating more conservative assessments in 19% of the test scenarios compared to the experts’ ratings

Learning from the parallel field of terrorism studies.

Comments on an article by T. W. Briggs and J. W. Pollard (see record 2020-26206-005). Briggs and Pollard make a convincing case for the advancement of computational modeling and simulation of mass violence for threat assessment and management. The purpose of this commentary is to look into the analogous study of terrorism to pinpoint recent areas of advancement. We narrow our focus to three core areas, two of which heavily overlap with core areas identified by Briggs and Pollard: (a) computational linguistic approaches, (b) spatial modeling, and (c) network based designs. Historically, the fields of both (a) threat assessment and management and (b) terrorism studies grew in silos. The aim here is for a much greater alignment in research agendas moving forward. (PsycInfo Database Record (c) 2020 APA, all rights reserved

Analyzing The Risk and Financial Impact of Phishing Attacks Using a Knowledge Based Approach

We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value to the firms. We analyze 1,030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid text and data mining method that predicts the severity of the attack with high accuracy. Our research identifies the important textual and financial variables that impact the severity of the attacks and determine that different antecedents influence risk level and potential financial loss associated with phishing attacks

Decision Support Methods and Tools

This paper is one of a set of papers, developed simultaneously and presented within a single conference session, that are intended to highlight systems analysis and design capabilities within the Systems Analysis and Concepts Directorate (SACD) of the National Aeronautics and Space Administration (NASA) Langley Research Center (LaRC). This paper focuses on the specific capabilities of uncertainty/risk analysis, quantification, propagation, decomposition, and management, robust/reliability design methods, and extensions of these capabilities into decision analysis methods within SACD. These disciplines are discussed together herein under the name of Decision Support Methods and Tools. Several examples are discussed which highlight the application of these methods within current or recent aerospace research at the NASA LaRC. Where applicable, commercially available, or government developed software tools are also discusse

Food security modelling using two stage hybrid model and fuzzy logic risk assessment

Food security has become a key issue worldwide in recent years. According to the Department for Environment Food and Rural Affair (DEFRA) UK, the key components of food security are food availability, global resource sustainability, access, food chain resilience, household food security, safety and confidence of public towards food system. Each of these components has its own indicators which need to be monitored. Only a few studies had been made towards analysing food security and most of these studies are based on conventional data analysis methods such as the use of statistical techniques. In handling food security datasets such as crops yield, production, economy growth, household behaviour and others, where most of the data is imprecise, non-linear and uncertain in nature, it is better to handle the data using intelligent system (IS) techniques such as fuzzy logic, neural networks, genetic algorithm and hybrid systems, rather than conventional techniques. Therefore this thesis focuses on the modelling of food security using IS techniques, and a newly developed hybrid intelligent technique called a 2-stage hybrid (TSH) model, which is capable of making accurate predictions. This technique is evaluated by considering three applications of food security research areas which relate to each of the indicators in the DEFRA key food security components. In addition, another food security model was developed, called a food security risk assessment model. This can be used in assessing the level of risk for food security. The TSH model is constructed by using two key techniques; the Genetic Algorithm (GA) module and the Artificial Neural Network (ANN) module, where these modules combine the global and local search, by optimizing the inputs of ANN in the first stage process and optimizing of weight and threshold of ANN, which is then used to remodel the ANN resulting in better prediction. In evaluating the performance of the TSH prediction model, a total of three datasets have been used, which relate to the food security area studied. These datasets involve the prediction of farm household output, prediction of cereal growth per capita as the food availability main indicators in food security component, and grain security assessment prediction. The TSH prediction model is benchmarked against five others techniques. Each of these five techniques uses an ANN as the prediction model. The models used are: Principal Component Analysis (PCA), Multi-layered Perceptron-Artificial Neural Network (MLP-ANN), feature selection (FS) of GA-ANN, Optimized Weight and Threshold (OWTNN) and Sensitive Genetic Neural Optimization (SGNO). Each of the application datasets considered is used to show the capability of the TSH model in making effective predictions, and shows that the general performance of the model is better than the other benchmarked techniques. The research in this thesis can be considered as a stepping-stone towards developing other tools in food security modelling, in order to aid the safety of food security

The n-fold decrease method of linguistics variables, based on the private database extension

В основу известной системы анализа и оценивания рисков заложены методы, основывающиеся на обработке лингвистических переменных, базирующихся на эталонных параметрических трапециевидных нечетких числах с различным количеством определяющих термов, формирование которых связано с привлечением экспертов соответствующей предметной области. Эффективность практического использования такой системы зависит от ее возможностей обрабатывать различные типы нечетких чисел и от оперативности варьирования количеством термов без привлечения необходимых экспертов. Для решения такой задачи предлагается метод n-кратного понижения порядка лингвистических переменных на основе второго частного расширения базы, который дает возможность формализовать процесс эквивалентного трансформирования числа термов лингвистической переменной на n порядков. Это позволит усовершенствовать соответствующую систему анализа и оценивания рисков информационной безопасности, за счет автоматизации процесса модификации функции n-кратным понижением порядка без привлечения экспертов соответствующей предметной области

Linguistic Threat Assessment: Understanding Targeted Violence through Computational Linguistics

Language alluding to possible violence is widespread online, and security professionals are increasingly faced with the issue of understanding and mitigating this phenomenon. The volume of extremist and violent online data presents a workload that is unmanageable for traditional, manual threat assessment. Computational linguistics may be of particular relevance to understanding threats of grievance-fuelled targeted violence on a large scale. This thesis seeks to advance knowledge on the possibilities and pitfalls of threat assessment through automated linguistic analysis. Based on in-depth interviews with expert threat assessment practitioners, three areas of language are identified which can be leveraged for automation of threat assessment, namely, linguistic content, style, and trajectories. Implementations of each area are demonstrated in three subsequent quantitative chapters. First, linguistic content is utilised to develop the Grievance Dictionary, a psycholinguistic dictionary aimed at measuring concepts related to grievance-fuelled violence in text. Thereafter, linguistic content is supplemented with measures of linguistic style in order to examine the feasibility of author profiling (determining gender, age, and personality) in abusive texts. Lastly, linguistic trajectories are measured over time in order to assess the effect of an external event on an extremist movement. Collectively, the chapters in this thesis demonstrate that linguistic automation of threat assessment is indeed possible. The concluding chapter describes the limitations of the proposed approaches and illustrates where future potential lies to improve automated linguistic threat assessment. Ideally, developers of computational implementations for threat assessment strive for explainability and transparency. Furthermore, it is argued that computational linguistics holds particular promise for large-scale measurement of grievance-fuelled language, but is perhaps less suited to prediction of actual violent behaviour. Lastly, researchers and practitioners involved in threat assessment are urged to collaboratively and critically evaluate novel computational tools which may emerge in the future

Governance matters

In a cross-section of more than 150 countries, the authors provide new empirical evidence of a strong causal relationship from better governance to better development outcomes. They base their analysis on a new database containing more than 300 governance indicators compiled from a variety of sources. They provide a detailed description of each of these indicators and sources. Using an unobserved components methodology (described in the companion paper by the same authors,"Aggregating Governance Indicators,"Policy Research Working Paper 2195), they then construct six aggregate indicators corresponding to six basic governance concepts: voice and accountability, political instability and violence, government effectiveness, regulatory burden, rule of law, and graft. As measured by these indicators, governance matters for development outcomes.Banks&Banking Reform,Decentralization,Health Economics&Finance,Corruption&Anitcorruption Law,Public Sector Corruption&Anticorruption Measures,Health Economics&Finance,National Governance,Statistical&Mathematical Sciences,Governance Indicators,Economic Policy, Institutions and Governance

A Clinical Decision Support System based on fuzzy rules and classification algorithms for monitoring the physiological parameters of type-2 diabetic patients

The use of different types of Clinical Decision Support Systems (CDSS) makes possible the improvement of the quality of the therapeutic and diagnostic efficiency in health field. Those systems, properly implemented, are able to simulate human expert clinician reasoning in order to suggest decisions on treatment of patients. In this paper, we exploit fuzzy inference machines to improve the quality of the day-by-day clinical care of type-2 diabetic patients of Anti-Diabetes Centre (CAD) of the Local Health Authority ASL Naples 1 (Naples, Italy). All the designed functionalities were developed thanks to the experience on the field, through different phases (data collection and adjustment, Fuzzy Inference System development and its validation on real cases) executed by an interdisciplinary research team comprising doctors, clinicians and IT engineers. The proposed approach also allows the remote monitoring of patients' clinical conditions and, hence, can help to reduce hospitalizations