Visible to the public Fuzzy Logic and Security

SoS Newsletter- Advanced Book Block

Fuzzy Logic and Security

Fuzzy logic is being used to develop a number of security systems. The articles cited here include research into fuzzy logic-based security for software defined networks, industrial controls, intrusion response and recovery, wireless sensor networks, and more. These works were presented or published in 2014.

  • Dotcenko, S.; Vladyko, A; Letenko, I, "A Fuzzy Logic-Based Information Security Management For Software-Defined Networks," Advanced Communication Technology (ICACT), 2014 16th International Conference on, vol., no., pp.167,171, 16-19 Feb. 2014. doi: 10.1109/ICACT.2014.6778942 Abstract: In terms of network security, software-defined networks (SDN) offer researchers unprecedented control over network infrastructure and define a single point of control over the data flows routing of all network infrastructure. OpenFlow protocol is an embodiment of the software-defined networking paradigm. OpenFlow network security applications can implement more complex logic processing flows than their permission or prohibition. Such applications can implement logic to provide complex quarantine procedures, or redirect malicious network flows for their special treatment. Security detection and intrusion prevention algorithms can be implemented as OpenFlow security applications, however, their implementation is often more concise and effective. In this paper we considered the algorithm of the information security management system based on soft computing, and implemented a prototype of the intrusion detection system (IDS) for software-defined network, which consisting of statistic collection and processing module and decision-making module. These modules were implemented in the form of application for the Beacon controller in Java. Evaluation of the system was carried out on one of the main problems of network security - identification of hosts engaged in malicious network scanning. For evaluation of the modules work we used mininet environment, which provides rapid prototyping for OpenFlow network. The proposed algorithm combined with the decision making based on fuzzy rules has shown better results than the security algorithms used separately. In addition the number of code lines decreased by 20-30%, as well as the opportunity to easily integrate the various external modules and libraries, thus greatly simplifies the implementation of the algorithms and decision-making system.
    Keywords: decision making; fuzzy logic; protocols; security of data; software radio; telecommunication control; telecommunication network management; telecommunication network routing; telecommunication security; Java; OpenFlow protocol; beacon controller; data flows routing; decision making; decision-making module; fuzzy logic-based information security management; intrusion detection system; intrusion prevention algorithms; logic processing flows; malicious network flows; malicious network scanning; mininet environment; network infrastructure; network security; processing module; security detection; soft computing; software-defined networks; statistic collection; Decision making; Information security; Software algorithms; Switches; Training; Fuzzy Logic; Information security; OpenFlow; Port scan; Software-Defined Networks (ID#:14-2862) the implementation of the algorithms and decision-making system.
  • Vollmer, T.; Manic, M.; Linda, O., "Autonomic Intelligent Cyber-Sensor to Support Industrial Control Network Awareness," Industrial Informatics, IEEE Transactions on, vol.10, no.2, pp.1647, 1658, May 2014. doi: 10.1109/TII.2013.2270373 The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of autonomic computing and a simple object access protocol (SOAP)-based interface to metadata access points (IF-MAP) external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, and self-managed framework. The contribution of this paper is twofold: 1) A flexible two-level communication layer based on autonomic computing and service oriented architecture is detailed and 2) three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real-world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific operating system and port configurations. In addition, the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure. the implementation of the algorithms and decision-making system.
    Keywords: access protocols; computer network security; fault tolerant computing; field buses; fuzzy logic; industrial control; intelligent sensors; meta data; network interfaces; pattern clustering; C++;IF-MAP; PERL; SOAP-based interface; anomaly detection algorithm; autonomic computing; autonomic intelligent cyber-sensor; digital device proliferation; flexible two-level communication layer; fuzzy logic; industrial control network awareness; internal D-Bus communication mechanism; legacy software; metadata access point external communication layer; mixed-use test network; network security sensor; networked industrial ecosystem; proof of concept prototype; self-managed framework; service oriented architecture; simple object access protocol-based interface; traffic monitor; virtual network hosts; Autonomic computing; control systems ;industrial ecosystems; network security; service-oriented architecture (ID#:14-2863) the implementation of the algorithms and decision-making system.
  • Zonouz, S.A; Khurana, H.; Sanders, W.H.; Yardley, T.M., "RRE: A Game-Theoretic Intrusion Response and Recovery Engine," Parallel and Distributed Systems, IEEE Transactions on, vol.25, no.2, pp.395, 406, Feb. 2014. doi: 10.1109/TPDS.2013.211 Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the response and recovery engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. The RRE applies attack-response trees (ART) to analyze undesired system-level security events within host computers and their countermeasures using Boolean logic to combine lower level attack consequences. In addition, the RRE accounts for uncertainties in intrusion detection alert notifications. The RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. To support network-level multiobjective response selection and consider possibly conflicting network security properties, we employ fuzzy logic theory to calculate the network-level security metric values, i.e., security levels of the system's current and potentially future states in each stage of the game. In particular, inputs to the network-level game-theoretic response selection engine, are first fed into the fuzzy system that is in charge of a nonlinear inference and quantitative ranking of the possible actions using its previously defined fuzzy rule set. Consequently, the optimal network-level response actions are chosen through a game-theoretic optimization process. Experimental results show that the RRE, using Snort's alerts, can protect large networks for which attack-response trees have more than 500 nodes. the implementation of the algorithms and decision-making system.
    Keywords: Boolean functions; Markov processes; computer network security; decision theory; fuzzy set theory; stochastic games; trees (mathematics); ART; Boolean logic; RRE; Snort alerts; attack-response trees; automated response techniques; detection algorithms; fuzzy logic theory; fuzzy rule set; fuzzy system; game-theoretic intrusion response and recovery engine strategy; game-theoretic optimization process; intrusion detection; lower level attack consequences; network level game-theoretic response selection engine; network security property; network-level multiobjective response selection; network-level security metric values; networked computing systems; nonlinear inference; optimal network-level response actions; partially observable competitive Markov decision process; system-level security events; two-player Stackelberg stochastic game; Computers; Engines; Games; Markov processes; Security; Subspace constraints; Uncertainty; Computers; Engines; Games; Intrusion response systems; Markov decision processes; Markov processes; Security; Subspace constraints; Uncertainty; and fuzzy logic and control; network state estimation; stochastic games (ID#:14-2864) the implementation of the algorithms and decision-making system.
  • Thorat, S.S.; Markande, S.D., "Reinvented Fuzzy logic Secure Media Access Control Protocol (FSMAC) to improve lifespan of Wireless Sensor Networks," Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014 International Conference on, pp.344,349, 7-8 Feb. 2014. doi: 10.1109/ICICICT.2014.6781305 Wireless Sensor Networks (WSN) have grown in size and importance in a very short time. WSN is very sensitive to various attacks, hence Security has become prominent issue in WSNs. Denial-Of-Service (DOS) attack is one of main concern for WSNs. DOS Attack diminishes the resources of sensor nodes which affect the normal functioning of the node. Media Access Control (MAC) layer is responsible for communication within multiple access networks and incorporates shared medium. Fuzzy logic-optimized Secure Media Access Control (FSMAC) Protocol gives good solution against DOS Attack. It detects all intrusion taking place and also decreases average energy consumed by the sensor network than in attacked scenario. These results are responsible for increase in the lifespan of a sensor network. Fuzzy logic deals with uncertainty for human reasoning and decision making. Innovational use of Fuzzy logic theory is applied to this FSMAC protocol to enhance the performance. Here in this paper, Reinvention in FSMAC protocol is proposed using new intrusion detector parameters like No of times node sensed channel free and Variation in channel sense period. Performance of new protocol is tested on the basis of time of first node dead and average energy consumed by the sensor node. These results show that the lifespan of sensor network increases and average energy consumed by sensor node decreases. the implementation of the algorithms and decision-making system.
    Keywords: access protocols; cryptographic protocols; decision making; energy consumption; fuzzy logic; telecommunication security; wireless sensor networks; DOS attack; FSMAC protocol; WSN improvement; decision making; denial of service; energy consumption; fuzzy logic secure media access control protocol; human reasoning intrusion detector parameter; multiple access networks; sensor nodes; uncertainty handling; wireless sensor network; Frequency division multiaccess; Indexes; Protocols; Receivers; Uncertainty; Wireless sensor networks; Denial-Of-Service (DOS) Attack; Fuzzy logic-optimized Secure Media access Control Protocol (FSMAC); Media Access Control (MAC) Protocol; Security Issues; Wireless Sensor Networks (ID#:14-2865) the implementation of the algorithms and decision-making system.
  • Rambabu, C.; Obulesu, Y.P.; Saibabu, C., "Evolutionary Algorithm-Based Technique For Power System Security Enhancement," Advances in Electrical Engineering (ICAEE), 2014 International Conference on, pp.1,5, 9-11 Jan. 2014. doi: 10.1109/ICAEE.2014.6838521 Security constraint optimal power flow is one of the most cost effective measures to promote both cost minimization and maximum voltage security without jeopardizing the system operation. It is developed into a multi-objective problem that involves objectives such as economical operating condition of the system and system security margin. This paper explores the application of Particle Swarm Optimization Algorithm (PSO) to solve the security enhancement problem. In this paper, a novel fuzzy logic composite multi-objective evolutionary algorithm for security problem is presented. Flexible AC Transmission Systems (FACTS) devices, are modern compensators of active and reactive powers, can be considered viable options in providing security enhancement. The proposed algorithm is tested on the IEEE 30-bus system. The proposed methods have achieved solutions with good accuracy, stable convergence characteristics, simple implementation and satisfactory computation time. the implementation of the algorithms and decision-making system.
    Keywords: flexible AC transmission systems; fuzzy logic; particle swarm optimisation; power system security; FACTS; IEEE 30-bus system; cost minimization; economical operating condition; flexible AC transmission systems; fuzzy logic; maximum voltage security; multiobjective evolutionary algorithm; multiobjective problem; optimal power flow ;particle swarm optimization algorithm; power system security enhancement; security enhancement problem; Indexes; Power capacitors; Power system stability; Reactive power; Security; Silicon; Thyristors; Fuzzy Logic; Particle Swarm Optimization; Power System Security; TCSC (ID#:14-2866) the implementation of the algorithms and decision-making system.
  • AlOmary, R.Y.; Khan, S.A, "Fuzzy Logic Based Multi-Criteria Decision-Making Using Dubois and Prade's Operator For Distributed Denial Of Service Attacks In Wireless Sensor Networks," Information and Communication Systems (ICICS), 2014 5th International Conference on, pp.1,6, 1-3 April 2014 doi: 10.1109/IACS.2014.6841979 Wireless sensor networks (WSNs) have emerged as an important technology for monitoring of critical situations that require real-time sensing and data acquisition for decision-making purposes. Security of wireless sensor networks is a contemporary challenging issue. A significant number of various types of malicious attacks have been identified against the security of WSNs in recent times. Due to the unreliable and untrusted environments in which WSNs operate, the threat of distributed attacks against sensory resources such as power consumption, communication, and computation capabilities cannot be neglected. In this paper, a fuzzy logic based approach is proposed in the context of distributed denial of service attacks in WSNs. The proposed approach is modelled and formulated as multi-criteria decision-making problem, while considering attack detection rate and energy decay rate as the two decision criteria. Using the Dubois and Prade's fuzzy operator, a mechanism is developed to achieve the best trade-off between the two aforementioned conflicting criteria. Empirical analysis proves the effectiveness of the proposed approach. the implementation of the algorithms and decision-making system.
    Keywords: computer network security; decision making; fuzzy logic; wireless sensor networks; Dubois; Prade; WSN; attack detection rate; data acquisition; distributed denial of service attacks; energy decay rate; fuzzy logic based approach; fuzzy operator; malicious attacks; multicriteria decision-making problem; real-time sensing; sensory resources; wireless sensor networks security; Computer crime; Decision making; Fuzzy logic; Monitoring; Wireless sensor networks (ID#:14-2867) the implementation of the algorithms and decision-making system.
  • Chaudhary, A; Kumar, A; Tiwari, V.N., "A Reliable Solution Against Packet Dropping Attack Due To Malicious Nodes Using Fuzzy Logic in MANETs," Optimization, Reliability, and Information Technology (ICROIT), 2014 International Conference on, pp.178,181, 6-8 Feb. 2014. doi: 10.1109/ICROIT.2014.6798326 The recent trend of mobile ad hoc network increases the ability and impregnability of communication between the mobile nodes. Mobile ad Hoc networks are completely free from pre-existing infrastructure or authentication point so that all the present mobile nodes which are want to communicate with each other immediately form the topology and initiates the request for data packets to send or receive. For the security perspective, communication between mobile nodes via wireless links make these networks more susceptible to internal or external attacks because any one can join and move the network at any time. In general, Packet dropping attack through the malicious node (s) is one of the possible attack in the mobile ad hoc network. This paper emphasized to develop an intrusion detection system using fuzzy Logic to detect the packet dropping attack from the mobile ad hoc networks and also remove the malicious nodes in order to save the resources of mobile nodes. For the implementation point of view Qualnet simulator 6.1 and Mamdani fuzzy inference system are used to analyze the results. Simulation results show that our system is more capable to detect the dropping attacks with high positive rate and low false positive. the implementation of the algorithms and decision-making system.
    Keywords: fuzzy logic; inference mechanisms; mobile ad hoc networks; mobile computing; security of data; MANET; Mamdani fuzzy inference system; Qualnet simulator 6.1;data packets; fuzzy logic; intrusion detection system; malicious nodes; mobile ad hoc network; mobile nodes; packet dropping attack; wireless links; Ad hoc networks; Artificial intelligence; Fuzzy sets; Mobile computing; Reliability engineering; Routing; Fuzzy Logic; Intrusion Detection System (IDS); MANETs Security Issues; Mobile Ad Hoc networks (MANETs); Packet Dropping attack (ID#:14-2868) the implementation of the algorithms and decision-making system.
  • Khanum, S.; Islam, M.M., "An Enhanced Model Of Vertical Handoff Decision Based On Fuzzy Control Theory & User Preference," Electrical Information and Communication Technology (EICT), 2013 International Conference on, pp.1,6, 13-15 Feb. 2014. doi: 10.1109/EICT.2014.6777873 With the development of wireless communication technology, various wireless networks will exist with different features in same premises. Heterogeneous networks will be dominant in the next generation wireless networks. In such networks choose the most suitable network for mobile user is one of the key issues. Vertical handoff decision making is one of the most important topics in wireless heterogeneous networks architecture. Here the most significant parameters are considered in vertical handoff decision. The proposed method considered Received signal strength (RSS), Monetary Cost(C), Bandwidth (BW), Battery consumption (BC), Security (S) and Reliability (R). Handoff decision making is divided in two sections. First section calculates system obtained value (SOV) considering RSS, C, BW and BC. SOV is calculated using fuzzy logic theory. Today's mobile user are very intelligent in deciding there desired type of services. User preferred network is choose from user priority list is called User obtained value (UOV). Then handoff decisions are made based on SOV & UOV to select the most appropriate network for the mobile nodes (MNs). Simulation results show that fuzzy control theory & user preference based vertical handoff decision algorithm (VHDA) is able to make accurate handoff decisions, reduce unnecessary handoffs decrease handoff calculation time and decrease the probability of call blocking and dropping. the implementation of the algorithms and decision-making system.
    Keywords: decision making; fuzzy control; fuzzy set theory; mobile computing; mobility management (mobile radio); probability; telecommunication network reliability; telecommunication security; MC; RSS; SOV; VHDA; bandwidth; battery consumption; decrease call blocking probability; decrease call dropping probability; decrease handoff calculation time; fuzzy control theory; fuzzy logic theory; mobile nodes; monetary cost; next generation wireless networks; received signal strength; reliability; security; system obtained value calculation; unnecessary handoff reduction; user obtained value; user preference; user priority list; vertical handoff decision enhancement model; vertical handoff decision making; wireless communication technology; wireless heterogeneous networks architecture; Bandwidth; Batteries; Communication system security; Mobile communication; Vectors; Wireless networks; Bandwidth; Cost; Fuzzy control theory; Heterogeneous networks; Received signal strength; Security and user preference; Vertical handoff (ID#:14-2869) the implementation of the algorithms and decision-making system.
  • Karakis, R.; Guler, I, "An Application Of Fuzzy Logic-Based Image Steganography," Signal Processing and Communications Applications Conference (SIU), 2014 22nd, pp.156, 159, 23-25 April 2014. doi: 10.1109/SIU.2014.6830189 Today, data security in digital environment (such as text, image and video files) is revealed by development technology. Steganography and Cryptology are very important to save and hide data. Cryptology saves the message contents and Steganography hides the message presence. In this study, an application of fuzzy logic (FL)-based image Steganography was performed. First, the hidden messages were encrypted by XOR (eXclusive Or) algorithm. Second, FL algorithm was used to select the least significant bits (LSB) of the image pixels. Then, the LSBs of selected image pixels were replaced with the bits of the hidden messages. The method of LSB was improved as robustly and safely against steganalysis by the FL-based LSB algorithm. the implementation of the algorithms and decision-making system.
    Keywords: cryptography; fuzzy logic; image coding; steganography; FL-based LSB algorithm; XOR algorithm; cryptology; data security; eXclusive OR algorithm; fuzzy logic; image steganography; least significant bits; Conferences; Cryptography; Fuzzy logic; Internet; PSNR; Signal processing algorithms (ID#:14-2870) the implementation of the algorithms and decision-making system.
  • Nesteruk, P.; Nesteruk, L.; Kotenko, I, "Creation of a Fuzzy Knowledge Base for Adaptive Security Systems," Parallel, Distributed and Network-Based Processing (PDP), 2014 22nd Euromicro International Conference on, pp.574, 577, 12-14 Feb. 2014. doi: 10.1109/PDP.2014.115 To design next generation adaptive security systems the powerful intelligent components should be developed. The paper describes the fuzzy knowledge base specifying relationships between threats and protection mechanisms by Mathworks MATLAB Fuzzy Logic Toolbox. The goal is to increase the effectiveness of the system reactions by minimization of neural network weights. We demonstrate a technique for creation of a fuzzy knowledge base to improve the system protection via rules monitoring and correction. the implementation of the algorithms and decision-making system.
    Keywords: adaptive systems; fuzzy set theory; knowledge based systems; security of data; MATLAB; adaptive security systems; fuzzy knowledge; fuzzy logic toolbox; neural network weights; rules monitoring; Adaptation models; Adaptive systems; Biological system modeling; Fuzzy logic; Knowledge based systems; MATLAB; Security; MATLAB Fuzzy Logic Toolbox; adaptive security rules; adaptive security system; fuzzy knowledge base (ID#:14-2871) the implementation of the algorithms and decision-making system.


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.