Application of Fuzzy Logic in Cybersecurity Decision Making and Analysis After a Cyber Incident Detection

This scientific report describes an approach of applying a fuzzy logic decision-making system (Fuzzy Inference System) after detecting a specific cyber incident in a given communication and information infrastructure, supporting the adoption of rapid and adequate measures in the affected systems, both to minimize the consequences for the infrastructure and the functioning of the systems as in general, as well as to support the detailed analysis and prevention of a given cyber incident that has been committed. The cyber security decision-making system was designed in MATLAB’s Fuzzy Logic Toolbox, and the input fuzzy variables “Cyber-attack”, “Attack Target”, “Aim of Attack” were used to select specific action rules. The output fuzzy variables that are designed to produce the result of the operation of the fuzzy rules are: “Hardware actions”, “Software actions”, “User actions”, “Cyber intruder's profile”. The purpose of the presented system is to speed up processes after a cyber incident, because delayed and inadequate actions after such an event can lead to an even worse final state of a small or large system, as well as be the cause of great losses for an institution or business. The conducted simulation experiments with different values of the input fuzzy variables prove the approach and the correct decisions that can be made after cyber incidents with different characteristics.