FUZZY COGNITIVE MAPS AS A TOOL FOR VISUALIZING INCIDENT RESPONSE SCENARIOS IN SECURITY SYSTEMS
DOI:
https://doi.org/10.28925/2663-4023.2024.26.707Keywords:
Information security; fuzzy cognitive maps; cognitive matrix; concepts; scenario modeling; incidents; threats; forecasting.Abstract
Cyber threats are becoming increasingly complex and diverse. Existing methods of analysis and decision-making do not always allow us to adequately assess the uncertainty and ambiguity of the situation, responding to cyber incidents after they occur. It is more effective to implement proactive cybersecurity measures based on constant analysis and forecasting of potential threats. This approach allows us to identify weaknesses in the security system and take preventive measures, minimizing the risk of successful cyber attacks. This study proposes the use of fuzzy cognitive maps (FCMs) as an effective tool for visualization and analysis of incident response scenarios. Based on the analysis of scientific sources, the main definitions of the study are highlighted, in particular, the concepts of cognitive modeling, a fuzzy cognitive map, which is presented in the form of a weighted directed graph and a cognitive matrix, and the stages of its creation. The main provisions regarding the scenario approach in cybersecurity are formulated. As a result of the SWOT analysis, key concepts were identified, including risks, attacks, and defenses that form the basis of the system. The assessment of the relationships between concepts allowed us to create a model that reflects the cause-and-effect relationships between the elements of the mobile network security system. The model indicators were studied: consonance and dissonance, which showed that the greatest threat to the system is posed by APT (Advanced persistent threat), phishing, and ransomware, which have the highest level of relationships with other elements of the system, and DDoS attacks, on the contrary, have the least impact in the context of the constructed model. Scenarios for responding to incidents in the network security system were developed using the Mental Modeler software tool. Disadvantages of cognitive modeling and the scenario approach are identified. Their limitations are associated with the quality of expert knowledge and the complexity of building models for large systems. Promising areas of further research are the development of adaptive models capable of self-learning on new data using artificial intelligence. The results of the study can be used as educational material for students of specialty 125 Cybersecurity and Information Protection.
Downloads
References
Salieva, O. V., & Yaremchuk,, Y. E. (202.) Cognitive model for studying the level of security of a critical infrastructure facility. Information Security, 26(2), 64–73.
Shevchenko, S., Zhdanova, Y., Shevchenko, H., Nehodenko, О., & Spasiteleva, S. (2023). Information Security Risk Management using Cognitive Modeling. In: Cybersecurity Providing in Information and Telecommunication Systems, Vol. 3550, 297–305.
Shevchenko, S., Zhdanova, Y., Kryvytska, O., Shevchenko, H., & Spasiteleva, S. (2024). Fuzzy cognitive mapping as a scenario approach for information security risk analysis. In: Cybersecurity Providing in Information and Telecommunication Systems II, Vol. 3826, 356–362.
Veksler, V. D., Buchler, N., Hoffman, B. E., Cassenti, D. N., Sample, C., & Sugrim, S. (2018). Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users. Frontiers in Psychology, 9. https://doi.org/10.3389/fpsyg.2018.00691
Veksler, V. D., Buchler, N., LaFleur, C. G., Yu Michael, S., Lebiere, C., & Gonzalez, C. (2020). Cognitive Models in Cybersecurity: Learning From Expert Analysts and Predicting Attacker Behavior. Frontiers in Psychology, 11.
Andrade, R. O., & Yoo, S. G. (2019). Cognitive security: A comprehensive study of cognitive science in cybersecurity. Journal of Information Security and Applications, 48. https://doi.org/10.1016/j.jisa.2019.06.008
Krichene, J., & Boudriga. N. (2008). Incident response probabilistic cognitive maps. IEEE international symposium on parallel and distributed processing with applications, 689–94. doi:10.1109/ISPA.2008.33
Andrade, R., Torres, J., & Flores, P. (2018). Management of information security indicators under a cognitive security model. IEEE 8th annual computing and communication workshop and conference (CCWC), 478–83. doi:10.1109/CCWC.2018.8301745
Shapar, V. B. (2007). Modern explanatory psychological dictionary. Kharkiv.: Prapor.
Kosko, B. (1986). Fuzzy Cognitive Maps. International Journal of Man-Machine Studies, 24, 65–75.
Miliavskyi, Y. L.(2021). Identification and control of complex systems based on cognitive maps impulse processes models. Thesis for doctoral degree National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute».
Schoemaker, P. J. H. (1995). Planning: A Tool for Strategic Thinking. Reprint #3622.
MentalModeler. (n. d.). https://dev.mentalmodeler.com/
Glossary. NIST SP 800-30 Rev. 1. (n. d.). https://csrc.nist.gov/glossary/term/apt
Baksi, R. & Upadhyaya, S. (2021). Decepticon: a Theoretical Framework to Counter Advanced Persistent Threats. Information Systems Frontiers, 23, 1–17. https://doi.org/10.1007/s10796-020-10087-4
Microsoft Security. (n. d.). https://www.microsoft.com/en-us/security/business/security-101/what-is-business-email-compromise-bec
Apostolopoulos, I. D., & Groumpos, P. P. (2023). Fuzzy Cognitive Maps: Their Role in Explainable Artificial Intelligence. Applied Sciences, 13(6), 3412. https://doi.org/10.3390/app13063412
Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Світлана Шевченко, Юлія Жданова, Павло Складанний, Тарас Петренко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
