no. 6
An application of fuzzy logistic regression for predicting CVSS severity category of industrial control systems
RAIRO. Operations Research, Tome 56 (2022) no. 6, pp. 4083-4111

Cybersecurity is rapidly gaining significance due to growing use of computers in daily life and business sectors. Likewise, industrial sector has also become more vulnerable to cyber threats exclusively with the onset of Industry 4.0, which is a digital transformation evolved with industrial control systems (ICS). Nowadays industrial organizations aim to build capacity towards protection of ICS to be cybersafe. To assess the effects of vulnerabilities in ICS, organizations utilize Common Vulnerability Scoring System (CVSS), which calculates severity categories/scores. In this study, we implemented a prediction model for CVSS vulnerability categorization of ICS. Although there exist many applicable methods to use in data analysis paradigm such as statistical regression, cluster and classification analysis, the categorical form of CVSS data based on verbal statements and the failure to satisfy basic statistical assumptions for classical models motivated us to focus on implementation of fuzzy logistic regression (FLR) model, which is one possible alternative method. We chose the FLR method to explore that it is applicable to ICS vulnerability data. Furthermore, the model was improved by employing metaheuristic algorithms to optimize the spread of fuzzy numbers representing input variables. This study is expected to contribute to practical application of vulnerability categorization of ICS.

DOI : 10.1051/ro/2022189
Classification : 62A86
Keywords: ICS, CVSS, Fuzzy Logistic Regression, metaheuristic algorithms 
@article{RO_2022__56_6_4083_0,
     author = {Dere, Ahmet Murat and Kabak, Mehmet},
     title = {An application of fuzzy logistic regression for predicting {CVSS} severity category of industrial control systems},
     journal = {RAIRO. Operations Research},
     pages = {4083--4111},
     year = {2022},
     publisher = {EDP-Sciences},
     volume = {56},
     number = {6},
     doi = {10.1051/ro/2022189},
     zbl = {07799076},
     language = {en},
     url = {https://www.numdam.org/articles/10.1051/ro/2022189/}
}
TY  - JOUR
AU  - Dere, Ahmet Murat
AU  - Kabak, Mehmet
TI  - An application of fuzzy logistic regression for predicting CVSS severity category of industrial control systems
JO  - RAIRO. Operations Research
PY  - 2022
SP  - 4083
EP  - 4111
VL  - 56
IS  - 6
PB  - EDP-Sciences
UR  - https://www.numdam.org/articles/10.1051/ro/2022189/
DO  - 10.1051/ro/2022189
LA  - en
ID  - RO_2022__56_6_4083_0
ER  - 
%0 Journal Article
%A Dere, Ahmet Murat
%A Kabak, Mehmet
%T An application of fuzzy logistic regression for predicting CVSS severity category of industrial control systems
%J RAIRO. Operations Research
%D 2022
%P 4083-4111
%V 56
%N 6
%I EDP-Sciences
%U https://www.numdam.org/articles/10.1051/ro/2022189/
%R 10.1051/ro/2022189
%G en
%F RO_2022__56_6_4083_0
Dere, Ahmet Murat; Kabak, Mehmet. An application of fuzzy logistic regression for predicting CVSS severity category of industrial control systems. RAIRO. Operations Research, Tome 56 (2022) no. 6, pp. 4083-4111. doi: 10.1051/ro/2022189

[1] IBM, What is Industry 4.0? IBM. https://www.ibm.com/topics/industry-4-0 (accessed 21.12.2021, 2021).

[2] U.S. Department of Commerce, Information Security. [Online] Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf (2012).

[3] U.S. Department of Commerce, Computer Security. [Online] Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30.pdf (2002).

[4] National Institute of Standards and Technology (NIST), Vulnerabilities. https://nvd.nist.gov/vuln (accessed 19.06.2021, 2021).

[5] D. Braue, Global Cybersecurity Spending to Exceed $1.75 Trillion from 2021 to 2025. https://cybersecurityventures.com/cybersecurity-spending-2021-2025/ (accessed 21.12.2021, 2021).

[6] U.S. Department of Commerce, National Institute of Standards and Technology (NIST), National Vulnerability Database. NIST. https://nvd.nist.gov/vuln/data-feeds (accessed 23.12.2021, 2021).

[7] U.S. Department of Commerce, National Institute of Standards and Technology (NIST), CVSS Vulnerability Metrics. https://nvd.nist.gov/vuln-metrics/cvss (accessed 22.12.2021, 2021).

[8] Cybersecurity & Infrastructure Security Agency, ICS-CERT Advisories. US Department of Homeland Security. https://www.cisa.gov/uscert/ics/advisories (accessed 23.12.2021, 2021).

[9] S. Pourahmad, S. M. T. Ayatollahi, S. M. Taheri and Z. H. Agahi, Fuzzy logistic regression based on the least squares approach with application in clinical studies. Comput. Math. App. 62 (2011) 3353–3365. | MR | Zbl

[10] N. Chukhrova and A. Johannssen, Fuzzy regression analysis: systematic review and bibliography. Appl. Soft Comput. 84 (2019) 105708. | DOI

[11] FIRST.org, Common Vulnerability Scoring System version 3.1: Specification Document. https://www.first.org/cvss/specification-document (accessed 22.12.2021, 2021).

[12] M. G. Dondo, A vulnerability prioritization system using a fuzzy risk analysis approach. in Proceedings of the IFIP Tc 11 23rd International Information Security Conference. Springer US, Boston, MA (2008) 525–540.

[13] I. V. Anikin, Using fuzzy logic for vulnerability assessment in telecommunication network, in 2017 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). IEEE (2017) 1–4. DOI: . | DOI

[14] K. Gencer and F. Başçiftçi, The fuzzy common vulnerability scoring system (F-CVSS) based on a least squares approach with fuzzy logistic regression. Egypt. Inf. J. 22 (2021) 145–153.

[15] Y. Gao and Q. Lu, A fuzzy logistic regression model based on the least squares estimation. Comput. Appl. Math. 37 (2018) 3562–3579. | MR | Zbl | DOI

[16] S. Pourahmad, S. M. T. Ayatollahi and S. M. Taheri, Fuzzy logistic regression: a new possibilistic model and its application in clinical vague status. Iran. J. Fuzzy Syst. 8 (2011) 1–17. | MR | Zbl

[17] S. Mustafa, S. Asghar and M. Hanif, Fuzzy logistic regression based on least square approach and trapezoidal membership function. Iran. J. Fuzzy Syst. 15 (2018) 97–106. | Zbl

[18] H. Tanaka, S. Uejima and K. Asai, Linear regression analysis with fuzzy model. IEEE Trans. Syst. Man Cybern. 12 (1982) 903–907. | Zbl | DOI

[19] N. Y. Pehlivan and A. Yonar, An integrated approach for fuzzy logistic regression. Istatistikçiler Dergisi: Istatistik ve Aktüerya 11 (2018) 42–54.

[20] P. Diamond, Fuzzy least squares. Inf. Sci. 46 (1988) 141–157. | MR | Zbl | DOI

[21] S. Y. Sohn, D. H. Kim and J. H. Yoon, Technology credit scoring model with fuzzy logistic regression. Appl. Soft Comput. 43 (2016) 150–158. | DOI

[22] J. H. Yoon and S. H. Choi, Fuzzy least squares estimation with new fuzzy operations, in Synergies of Soft Computing and Statistics for Intelligent Data Analysis, edited by R. Kruse, M. R. Berthold, C. Moewes, M. Á. Gil, P. Grzegorzewski and O. Hryniewicz. Springer Berlin Heidelberg, Berlin, Heidelberg (2013) 193–202. | Zbl | DOI

[23] J. H. Yoon and P. Grzegorzewski, On optimal and asymptotic properties of a fuzzy L 2 estimator. Mathematics 8 (2020) 1956. | DOI

[24] S. M. Taheri and M. Kelkinnama, Fuzzy least absolutes regression, in 2008 4th International IEEE Conference Intelligent Systems. Vol. 2. IEEE (2008). DOI: . | DOI

[25] G. Atalik and S. Senturk, A new approach for parameter estimation in fuzzy logistic regression. Iran. J. Fuzzy Syst. 15 (2018) 91–102. | MR | Zbl

[26] M. Namdari, A. Abadi, S. M. Taheri, M. Rezaei, N. Kalantari and N. Omidvar, Effect of folic acid on appetite in children: ordinal logistic and fuzzy logistic regressions. Nutrition 30 (2014) 274–278. | DOI

[27] M. Namdari, J. Yoon, A. Abadi, S. M. Taheri and S. Choi, Fuzzy logistic regression with least absolute deviations estimators. Soft Comput. 19 (2015) 909–917. | DOI

[28] B. Kim and R. R. Bishu, Evaluation of fuzzy linear regression models by comparing membership functions. Fuzzy Sets Syst. 100 (1998) 343–352. | DOI

[29] F. Salmani, S. M. Taheri and A. Abadi, A forward variable selection method for fuzzy logistic regression. Int. J. Fuzzy Syst. 21 (2019) 1259–1269. | MR | DOI

[30] R. Xu and C. Li, Multidimensional least-squares fitting with a fuzzy model (in English). Fuzzy Sets Syst. 119 (2001) 215–223. | MR | Zbl | DOI

[31] F. Salmani, S. M. Taheri, J. H. Yoon, A. Abadi, H. Alavi Majd and A. Abbaszadeh, Logistic regression for fuzzy covariates: modeling, inference, and applications. Int. J. Fuzzy Syst. 19 (2017) 1635–1644. | MR | DOI

[32] R. Nikbakht and A. Bahrampour, Determining factors influencing survival of breast cancer by fuzzy logistic regression model (in English). J. Res. Med. Sci. 22 (2017) 135–135. | DOI

[33] A. Behnampour, A. Biglarian and E. Bakhshi, Application of fuzzy logistic regression in modeling the severity of autism spectrum disorder (in English). Jorjani Biomed. J. 7 (2019) 49–60.

[34] M. Kelkinnama and S. M. Taheri, Fuzzy least-absolutes regression using shape preserving operations. Inf. Sci. 214 (2012) 105–120. | MR | Zbl | DOI

[35] T. M. B. Bennaser, Fuzzy logistic regression for detecting differential DNA methylation regions, Ph.D. in Applied Mathematics Doctoral Dissertations, Mathematics and Statistics, Missouri University of Science and Technology, USA (2020). | MR

[36] W. Anggraeni, S. Sumpeno, E. M. Yuniarno, R. F. Rachmadi, A. B. Gumelar and M. H. Purnomo, Prediction of dengue fever outbreak based on climate factors using fuzzy-logistic regression, in 2020 International Seminar on Intelligent Technology and its Applications (ISITIA), 22–23 July 2020. IEEE (2020) 199–204. DOI: . | DOI

[37] L. A. Zadeh, Fuzzy sets. Inf. Control 8 (1965) 338–353. | MR | Zbl | DOI

[38] E. Çeven and Ö. Özdemir, Using fuzzy logic to evaluate and predict Chenille Yarn’s shrinkage behaviour. Fibres Text. Eastern Eur. 15 (2007) 55–59.

[39] A. H. Gandomi, X.-S. Yang, S. Talatahari and A. Alavi, Metaheuristic algorithms in modeling and optimization, in Metaheuristic Applications in Structures and Infrastructures. Elsevier, London (2013) 1–24.

[40] L. Bianchi, M. Dorigo, L. M. Gambardella and W. J. Gutjahr, A survey on metaheuristics for stochastic combinatorial optimization. Nat. Comput. 8 (2009) 239–287. | MR | Zbl | DOI

[41] F. A. Hashim, K. Hussain, E. H. Houssein, M. S. Mabrouk and W. Al-Atabany, Archimedes optimization algorithm: a new metaheuristic algorithm for solving optimization problems. Appl. Intell. 51 (2021) 1531–1551. | DOI

[42] H. Rajabi Moshtaghi, A. Toloie Eshlaghy and M. R. Motadel, A comprehensive review on meta-heuristic algorithms and their classification with novel approach (in English). J. Appl. Res. Ind. Eng. 8 (2021) 63–89.

[43] M. Voskoglou, Use of the triangular fuzzy numbers for student assessment. Am. J. Appl. Math. Stat.. Preprint (2015). | arXiv

[44] FIRST.org, Common Vulnerability Scoring System v3.0: Specification Document. FIRST https://www.first.org/cvss/v3.0/specification-document#n3 (accessed 26.12.2021, 2021).

[45] F. Solvers, Excel solver – change options for evolutionary solving method. Frontline Solvers. (accessed 27.12.2021, 2021). | HAL

[46] CRAN, Package “GenSA”. https://cran.r-project.org/web/packages/GenSA/GenSA.pdf (accessed 27.12.2021, 2021).

Cité par Sources :