Advance Cyber Security System using fuzzy logic JAVED ALAM1, Prof. (Dr.) M. K. PANDEY2 1
Assistant Professor, Deptt of IT, UCST Dehradun UK (INDIA)
[email protected]
2
Director Computer Science & Applications AIMCA, Haldwani UK (INDIA)
[email protected]
ABSTRACT— Critical infrastructure sites and
not attorneys, speak of information warfare. While such information warfare is just another name for computer crime, the word warfare does fairly denote the amount of damage inflicted on society. There are three major classes of criminal activity with computers: Unauthorized use of a computer, which might involve stealing a username and password, or might involve accessing the victim's computer via the Internet through a backdoor operated by a Trojan horse program. Creating or releasing a malicious computer program (e.g., computer virus, worm, Trojan horse). Harassment and stalking in cyberspace. When lay people hear the words "computer crime", they often think of obscene pictures available on the Internet or solicitation of children for sex by pedophiles via chat rooms on the Internet. The legal problem of obscenity on the Internet is mostly the same as the legal problem of obscenity in books and magazines, except for some technical issues of personal jurisdiction on the Internet. Many crimes involving computers are no different from crimes without computers. The computer is only a tool that a criminal uses to commit a crime. For example, Using a computer, a scanner, graphics software, and a high-quality color laser or ink jet printer for forgery or counterfeiting is the same crime as using an oldfashioned printing press with ink. Stealing a laptop computer with proprietary information stored on the hard disk inside the computer is the same crime as stealing a briefcase that contains papers with proprietary information. Using the Internet or online services to solicit sex is similar to other forms of solicitation of sex, and so is not a new crime. Using computers can be another way to commit either larceny or fraud. In contrast to merely using computer equipment as a tool to commit old crimes, this essay is concerned with computer crimes that are new ways to harm people. There are many instances of messages sent in the name of someone who neither wrote the content nor authorized the sending of the message. For example: E-mails with bogus from: addresses were sent automatically by malicious programs (e.g., the Melissa virus in 1999, the BadTrans worm in 2001, the Klez program in 2002). Posting messages in an Internet newsgroup or online bulletin board with a false author's name that is
facilities are becoming increasingly dependent on interconnected physical and cyber based real time distributed control systems. A mounting cyber security threat results from the nature of these ubiquitous and sometimes unrestrained communications interconnections. Cyber security is not a single problem, but rather it is a group of highly different problems involving different sets of threats. An Advance Cyber Security System (ACSS) using fuzzy logic is a system that consists of a rule depository and a mechanism for accessing and running the rules. The depository is usually constructed with a collection of related rule sets. Fuzzy optimization deals with finding the values of input parameters of a complex simulated system which results in desired output. Fuzzy logic controller is used to execute fuzzy logic inference rules from a fuzzy rule base in determining the congestion parameters, getting the warning information and the appropriate action. To simulate the situation of an advance cyber security system using fuzzy logic, we use MATLAB. The model’s goal is not to protect a system however it aims at warning the system administrator for expected cyber threats. The proposed study shows its superiority in the areas of development flexibility and fast response for cyber threats. Keyword: —Cyber-crime, Cyber security, Fuzzy logic, Fuzzy rules
1.
INTRODUCTION
There are no precise, reliable statistics on the amount of computer crime and the economic loss to victims, partly because many of these crimes are apparently not detected by victims, many of these crimes are never reported to authorities, and partly because the losses are often difficult to calculate. Nevertheless, there is a consensus among both law enforcement personnel and computer scientists who specialize in security that both the number of computer crime incidents and the sophistication of computer criminals are increasing rapidly. Estimates are that computer crime costs victims in the USA at least US$ 5×108 /year, and the true value of such crime might be substantially higher. Experts in computer security, who are
1
intended to harm the reputation of the real person of that name. These acts might be punishable by existing criminal statutes that prohibit impersonation, forgery, deceit, or fraud. However, a judge might decide that the specific language in old statutes about writing or signature does not apply to e-mail. Rather than write new statutes for forged e-mail addresses or unauthorized sending of e-mail in someone else's name. During 1950-1975, computer programs and data were generally stored on cardboard cards with holes punched in them. If a vandal were to break into an office and either damage or steal the punch cards, the vandal could be adequately punished under traditional law of breaking and entering, vandalism, or theft. However, after about 1975, it became common to enter programs and data from remote terminals (a keyboard and monitor) using a modem and a telephone line. This same technology allowed banks to retrieve a customer's current balance from the bank's central computer, and merchants to process credit card billing without sending paper forms. But this change in technology also meant that a criminal could alter data and programs from his home, without physical entry into the victim's building. The traditional laws were no longer adequate to punish criminals who used computer modems. To successfully use a remote computer, any user must have both a valid user name and valid password. There are several basic ways to get these data: Call up a legitimate user, pretend to be a system administrator, and ask for the user name and password. This sounds ridiculous, but many people will give out such valuable information to anyone who pretends to have a good reason. Not only should you refuse to provide such information, but please report such requests to the management of the online service or the local police, so they can be alert to an active criminal. Search user's offices for such data, as many people post their user name and password on the side of their monitor or filing cabinet, where these data can be conveniently seen. Write a program that tries different combinations of user names and passwords until one is accepted. Use a packet "sniffer" program to find user names and passwords as they travel through networks. Search through a garbage bin behind the computer building in a university or corporate campus, find trash paper that lists user names and passwords.
In the 1970s and early 1980s, a common reaction was that hackers were a minor nuisance, like teenagers throwing rolls of toilet paper into trees. Then, in August 1983, a group of young hackers in Milwaukee hacked into a computer at the Sloan-Kettering Cancer Institute in New York City. That computer stored records of cancer patients' radiation treatment. Altering files on that computer could have killed patients, which reminded everyone that hacking was a serious problem. This 1983 incident was cited by the U.S. Congress in the legislative history of a federal computer crime statute. In recent years, there have been a large number of attacks on websites by hackers who are angry with the owner of the website. Victims of such attacks include various U.S. Government agencies, including the White House and FBI. Attacking the FBI website is like poking a lion with a stick. In a typical attack, the hacker will delete some pages or graphics, then upload new pages with the same name as the old file, so that the hacker controls the message conveyed by the site. One example of punishment for the crime of defacing a website is the case of Dennis M. Moran. On 9 March 2001, Moran, a high school dropout, was sentenced in New Hampshire state court to nine months incarceration and ordered to pay a total of US$ 15000 restitution to his victims for defacing two websites: In November 1999, he defaced the website of DARE America, an organization that campaigns against use of illicit drugs, whose website was in Los Angeles, California. In February 2000, he defaced the website of RSA Security in Massachusetts. In February 2000, he made "unauthorized intrusions" into computers at four different U.S. Army and Air Force installations. The development of internet and communication systems started the cyber movement into the new era. People, governments, and firms now rely on the use of the internet for their business, activities and personnel affair. The integration of information technology into today’s systems and functions has improved efficiency and led to significant change in daily life, but this reliance on integrated information technology system has also led to greater risk from cyber threats menacing the economic stability of many developed nations. Increased use of technology and interconnectivity means that the vital components of various countries’ critical infrastructures those areas necessary to perform the government and economy are exposed to cyber-attack. Moreover, protecting critical infrastructures has become a more difficult issue for the system administrator and the users. In order to control this vast cyber space, governments need to use intelligent cyber defense systems for detecting a wide range of threats and attacks. This study aims to develop an advance cyber security system using fuzzy logic. This study proposes a cybersecurity system using fuzzy logic that warns system administrators for expected cyber threats. It will be consider that system works well when applied with a given cyber threat scenario. This facilitates some warning signals generated by the fuzzy rules. The model’s goal is not to protect a system however it aims at warning the system administrator for expected cyber threats. The proposed study shows its superiority in the areas of development flexibility and fast response for cyber
The computer voyeurs, like petty criminals who peek in other people's windows, generally hack into other people's computers for the thrill of it. In the 1970s and early 1980s, many of these computer voyeurs also used technology to make long distance telephone calls for free, which technology also concealed their location when they were hacking into computers. Many of these voyeurs take a special thrill from hacking into military computers, bank computers, and telephone operating system computers, because the security is allegedly higher at these computers, so it is a greater technical challenge to hack into these machines. The criminals who change or delete data, or who deliberately gobble large amounts of computer resources, have a more sinister motive and are capable of doing immense damage.
2
threats. Cyber security is an important research area in network security and has been extensively used in many applications including real-time system. The model can be used by system administrators in order to determine the nature of cyber threat triggered by cyber terrorists.
Information Warfare Cyber Stalking Fraud and Identity Theft Phishing Virtual Crime
2. CYBER SECURITY 2.1 Cyber-threats Cyber-based technologies are now ubiquitous around the globe. The vast majority of users pursue lawful professional and personal objectives. However, criminals, terrorists, and spies also rely heavily on cyber-based technologies to support their objectives. These malefactors may access cyber-based technologies in order to deny service, steal or manipulate data, or use a device to launch an attack against itself or another piece of equipment. Entities using cyber-based technologies for illegal purposes take many forms and pursue a variety of actions counter to U.S. global security and economic interests. While E.O. 13636 discusses in general terms cyber-based threats directed at the nation’s critical infrastructure, it does not identify the types of cyber-actors and possible consequences of a successful attack. Commonly recognized cyber-aggressors discussed below, along with representative examples of the harm they can inflict, include cyberterrorists, cyberspies, cyberthieves, cyberwarriors, and cyberhacktivists.
Figure 1: Computer Crimes
2.3
Security Services
Another service provided by networks is security. Security is one of the most important elements involved in a network. When users share resources and data on a network, they should be able to control who can access the data or resource and what the user can do with it. An example of this is a file showing the financial records of a company. If this file is on a file server, it is important to be able to control who has access to the file. One step further, which is able to read and change the file, also, is a crucial consideration. This same example also applies to a shared printer. You might want to specify who can use the expensive color laser printer or, more specifically, when a person can use this printer. As you can see, security is an important service on a network. Network administrators spend a great deal of time learning and setting up security. Security services often deal with a user account database or something like the aforementioned directory services. This database of users often contains a list of names and passwords. When a person wants to access the network, he must log on to the network. Logging on is similar to trying to enter an office building with a security guard at the front door. Before you can enter the building, you must verify who you are against a list of people who are allowed access. Security services often are intermingled with other services. Some services added to a network can utilize the security services of the system onto which they have been installed.
2.2 Cyber crime Computer crime, cyber-crime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity. Cybercrime is also a major issue these days in the world as many people are hacking into the computer systems [2]. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud. The following are the types of computer crimes Cyber Crime Malware/Malicious Code Denial-Of-Service Attack Hacker/Hacking Computing Virus Cyber Terrorism
2.4 The cyber-security act of 2012 The bipartisan Cyber-security Act of 2012 was developed in response to the ever-increasing number of cyber-attacks on both private companies and the United States government. As the country increasingly relies upon the Internet to conduct business, the critical services upon which we rely have become increasingly vulnerable to cyber threats. The country’s most critical infrastructure can now be manipulated or attacked by malicious actors using computers halfway across the globe. The Cyber-security Act of 2012 would do the following: Determine the Greatest Cyber Vulnerabilities Protect Our Most Critical Infrastructure Protect and Promote Innovation
3
decided that a total of 66 counts were enough. Mafia boy pled not guilty. In November 2000, Mafia boy's bail was revoked, because he skipped school in violation of a court order. He spent two weeks in jail. In December 2000, Mafia boy, now 16 yrs. old, dropped out of school (after being suspended from school six times since the beginning of that academic year, and failing all of his classes except physical education), and was employed at a menial job. He was again granted bail. On 18 Jan 2001, Mafia boy pleaded guilty to 5 counts of mischief to data and 51 counts of illegal access to computers. As part of a plea agreement between his attorney and prosecutors, the prosecution dismissed the remaining ten counts. On 20 June 2001, a social worker reported to the court that Mafia boy "shows no sign of remorse" and "he's still trying to justify what he did was right." On 12 Sep 2001, Mafia boy was sentenced to spend eight months in a juvenile detention center, then spend one year on probation. Because Mafia boy was a child at the time of his crime, the maximum sentence that he could have received would be incarceration for two years. In issuing the sentence, Judge Gilles Ouellette commented: This is a grave matter. This attack weakened the entire electronic communications system. And the motivation was undeniable; this adolescent had a criminal intent." The above facts are taken from reports at CNN, CBC, CNEWS, and the sentence is reported at wired.com.
Improve Information Sharing While Protecting Privacy and Civil Liberties Improve the Security of the Federal Government’s Networks Clarify the Roles of Federal Agencies. Strengthen the Cyber-security Workforce Coordinate Cyber-security Research and Development
2.5 Denial of Services Attacks A denial of service attack occurs when an Internet server is flooded with a nearly continuous stream of bogus requests for web-pages, thereby denying legitimate users an opportunity to download a page and also possibly crashing the web-server. The following is one case involving a famous series of denial of service (DoS) attacks: The Yahoo website was attacked at 10:30 PST on Monday, 7 Feb 2000. The attack lasted three hours. Yahoo was pinged at the rate of one gigabyte/second. The websites of amazon.com buy.com cnn.com eBay.com were attacked on Tuesday, 8 Feb 2000. Each attack lasted between one and four hours. CNN reported that the attack on its website was the first major attack since its website went online in August 1995. The websites of E Trade, a stock broker, and ZDNet, a computer information company, were attacked on Wednesday, 9 Feb 2000. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in these DoS attacks. The attacks received the attention of President Clinton and the U.S. Attorney General, Janet Reno. The FBI began to investigate. A CNN news report posted at 18:44 EST on 9 Feb 2000 quotes Ron Dick of the FBI's National Infrastructure Protection Center as saying "A 15-year-old kid could launch these attacks. It doesn't take a great deal of sophistication to do." His remark was prophetic, because, on 18 April 2000, a 15 year old pupil in Montréal Canada was arrested and charged with two counts of "mischief to data" arising from his DoS attack on CNN. Because he was a juvenile, his name cannot be publicly disclosed, so he was called by his Internet pseudonym Mafiaboy. The Royal Canadian Mounted Police seized Mafiaboy's computer. CNN reported that Mafia boy was granted bail, with the following conditions: o "May only use computers under the direct supervision of a teacher." o "prohibited from connecting to the Internet" o Prohibited from entering "a store or company where computer services or parts are sold." o "Barred from communicating with three of his closest friends." On 3 August 2000, Canadian federal prosecutors charged Mafia boy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks on Amazon.com, eBay, Dell Computer, Outlaw.net, and Yahoo. Mafia boy had also attacked other websites, but prosecutors
3. LITERATURE REVIEW Cyber security refers to the protection of everything that is potentially exposed to the internet as computers, phones, other devices, personal information, privacy and our children. The Internet is an amazingly useful and versatile tool that has become indispensable for work, education, personal entertainment, and staying connected with family and friends. Use it responsibly, while taking care to protect yourself and your data, and you will continue to find it a valuable resource. Threats to a system in operation include everything that can prevent critical applications from satisfying their intended requirements, including insider and outsider misuse, malware and other system subversions, software flaws, hardware malfunctions, human failures, physical damage, and environmental disruptions. Indeed, systems sometimes fail without any external provocation, as a result of design flaws, implementation bugs, misconfiguration, and system aging. Additional threats arise in the system acquisition and code distribution processes. Serious security problems have also resulted from discarded or stolen systems. For large-scale systems consisting of many independent installations (such as the Domain Name System, DNS), security updates must reach and be installed in all relevant components throughout the entire life cycle of the systems. This scope of updating has proven to be difficult to achieve. Arunabha Mukhopadhyay, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, Samir K. Sadhukhan [1] discuss a
4
paper entitled “Cyber-risk decision models: To insure IT or not?”. In this paper first attempt to provide a decision model that aids both the insurer and insured in effectively deciding on cyber insurance products as a mitigation tool against cyber disasters. Mukhopadhyay explored the viability of cyber insurance as a complementary tool to minimize the loss arising from a security breach. They computed gross premium for some scenarios. Mukhopadhyay demonstrated the use of cyber insurance as a tool to mitigate cyber risk. They also demonstrated how risk could be divided in a beneficial manner to assist multiple insurers. In doing so, A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, S.K. Sadhukhan [6] proposed a Copula based model for computing e-risk. This paper is different from other papers as it takes into account correlated cyber risk, and we have (i) restricted our study to the firm level cyber risk and (ii) used the concepts of copula to model correlated risks associated with for cyber security breach. Copula is suited for this study as we wish to capture the interdependent risks for modeling the expected loss associated with an online attack. They used the process approach to generate a directed acyclic graph (DAG) that illustrates the probable reasons (i.e., technological and business) for IT security breach in an organization. This paper is different from Herath and Herath, as they have used Gaussian Copula to model correlated risk as opposed to Archimedean Copulas (i.e., Clayton and Gumbel Copulas) used by them. Based on data collection and expert opinion, they have modeled each node of the causal diagram as normal distribution and aggregated the data using the Gaussian Copula. They also use, for the first time, the UBPP model to customize the premium structure, which helps in customization of the product. It would make good business sense for an insurer to provide customized products to attract the cyber insurance customers. Furnel and Warren [4] discussed the problems posed by cyber terrorists. They considered the nature of the responses necessary to protect the future security of society. By the rising threat of cyber-attacks, some researchers tried to describe cyber threat and made attempts for finding a solution to their studies [5]. Jill Rowland, Mason Rice, Sujeet Shenoi [2] discuss a paper entitled “The anatomy of a cyber-power” in this paper attempts to clarify the important notions of cyber power. It considers nation-states as well as non-state actors, and articulates the essential components and characteristics required to acquire and maintain cyber power.
More specifically, this paper considers cyberspace to be the “consciousness” created within the pervasive information and communications infrastructure. This virtual world requires components from the physical world in order to exist and flourish. These components include hardware, software, data and people, all of which require resources (e.g., electricity, buildings, telecommunications and food and drink). In other words, cyber space is built from and uses resources from all five domains land, sea, air, space and cyberspace. Cyber entities have already emerged in a number of domains. Google, which was founded in1998, is one of the most successful companies to leverage a virtual (cyber) presence to generate real earnings. Sixteen years later, it is the preeminent cyber corporation. While Google earns the vast majority of its revenue in cyberspace, it has created diverse business units, several of them in the physical world. Facebook is a more recent incarnation of a corporation rooted in cyberspace. It earns substantial revenue, but of more consequence in this discussion about power, Facebook has hundreds of millions of users, many of them passionately devoted to social networking. The Internet Underground is another cyber (albeit criminal) entity with an infrastructure, economy, financial system, shareholders and customers, and considerable muscle within and outside cyberspace. Wikileaks is yet another type of cyber entity, transnational in its scope, with many adherents devoted to its ideology. Its active support of Edward Snowden, the NSA leaker, as he evades U. S. justice, demonstrates that it can defy an angry superpower and persist. The era of cyber entities has only just begun. Science fiction abounds with tales of pure cyber entities, as in the Matrix series. Such entities may well exist in the future. However, this paper focuses on cyber entities that straddle the virtual and physical worlds. They will be more advanced evolutionary versions of Google, Facebook, the Internet Underground and Wikileaks. They will be corporations, non-profits, criminal and terrorist organizations, social, religious and activist groups, perhaps even cyber states. 3.2 Phishing and Social Engineering Kevin Mitnick, once a notorious computer criminal and now a security consultant, summed up in an August 2011 TIME magazine interview the ways criminals combine plain old psychological trickery with malware-creation skills a combination referred to as social engineering. He said a hacker may learn your likes and dislikes from your posts on Facebook. “If I know you love Angry Birds (a popular smartphone game), maybe I would send you an email purporting to be from Angry Birds with a new pro version. Once you download it, I would have complete access to everything on your phone,” Mitnik said. Attacks like this are a form of phishing. Through phishing and social engineering, computer hackers trick victims into handing over sensitive data or downloading malware without thinking twice. Social engineering may take the form of emails or instant messages that appear to come from a trusted source. You may get fraudulent email that appears to come from your bank, a shopping website, a friend, or even the State government. The message may even contain links to a counterfeit version of the company’s website, complete with genuine looking graphics and corporate logos.
3.1 Cyberspace and cyber entities The term “cyberspace” was first used in 1984 by William Gibson in his novel Neuromancer. Gibson described cyberspace as a “consensual hallucination” – a world into which people physically connected and explored with disembodied conscious nesses. The word cyberspace comes from “cybernetics,” coined by Wiener in 1949 to describe the communication process that occurs between machines, and between humans and machines. In the early 1990s, John Perry Barlow appropriated the word cyberspace to express the modern concept of the relationship between computers and telecommunications networks. In this paper, draws on Barlow's version of cyber space in defining a cyber-entity as one that straddles the virtual and physical worlds [2].
5
In a phishing attack, you may be asked to click on a link or fraudulent website which asks you to submit your personal data or account information – and end up giving it to an identity thief. Or you might receive a suspicious email with an attachment containing a virus. By opening the attachment, you may download a Trojan horse that gives complete access to your computer. As an example of a phishing scam, in March 2012, the State of New Jersey learned of an “Attorney General Impostor” scam. Consumers as far away as Baltimore received an 11-page, official looking letter that claimed to be from the Attorney General of New Jersey. The fraudulent letter invited consumers to apply for their share of a fictitious multimillion-dollar legal settlement. It even contained a phone number and email address, manned by perpetrators of the scam. Anyone who called would speak with a con artist posing as a State employee, who would ask victims to send their Social Security numbers or other information. The New Internet, a cybersecurity news site, has noted that hackers launch phishing scams through instant messaging, Facebook, Twitter, and other social networking sites. In one attack, Facebook users found fake video links that bore the title “distracting beach babes” and a thumbnail image of a woman in a bikini. The posts appeared to come from the users’ friends. A similar attack used posts with the title “try not to laugh” and a link to what looked like a humor website. In both cases, the links attempted to install malware on users’ computers.
4.1 Structure of ACSS The first step in the proposed model is the establishment of input and output variables. This task is usually done by studying the problem domain. There is infinite number of potential candidates which should be restricted to positive numbers. In this paper, the key variables are defined. Input and outputs of proposed model is given in Table 1 and whole structure of advance cyber security system develops in MATAB shown in figure 2. Table 1: Input and output variables
Figure 2: The Whole Structure of ACSS using Mamdani Method
4.2 Data Collection for Cyber Terrorism The advance system models the knowledge of the human expert. It also provides explanations similar to the human expert. The system can describe various questions asked by the user. The data used for this work have been extracted from a series of questionnaires collected from cyber experts and system administrators. The obtained data are related especially with topics given below Denial of Service (Dos) attacks, virus, malware, logic bomb, social engineering, Trojan horse , Out of service, seizing web page, attacks for protesting, seize critical systems, capture confidential information, system control. This study evaluates cyber terrorists who might attack communications systems, financial centers, power plants, emergency services, transportation, water supply, oil and natural gas distribution stations. People capable of cyber terrorism such as dedicated special staff, hackers, cyber activists and opponents of the state are evaluated in the proposed ACSS model.
3.3 Exponentially Growing Threat The Wall Street Journal reported in May 2011 that one in every 14 downloads is a piece of malware. Secure Works, an information security service provider, reported in 2010 that the United States is the “least cyber-secure country in the world,” with 1.66 attacks per computer during the previous year compared with just 0.1 attempted attacks per computer in England. Symantec, a maker of security software, reported in 2008 that new malware released each year may outnumber new legitimate software. Phishing is also extremely widespread. Of the 140 billion emails sent every day, some 90 percent are spam, or electronic junk mail, according to a 2010 report in The Economist of those, about 16 percent include phishing scams. It is easier than ever for con artists to craft personalized emails that their victims are more likely to trust and open and this is because there is more information online about individuals than ever before. Consider how much information may be available online about you or your loved ones, thanks to social networking sites, your company’s website, online records and other sources including advertisers and advertising networks.
4.3 System Design Advance systems may be forward or backward chaining. In forward chaining systems, we reason from antecedent truth to consequent truth; that is, we reason from facts in the rule antecedent that we know to be true to establish new facts whose truth is implied by the antecedent. Backward chaining reverses this; we attempt to find facts to establish the truth of some goal state. It is possible to emulate backward chaining with a forward chaining system.
4. DEVELOPMENT OF ADVANCE CYBER SECURITY SYSTEM (ACSS) The existing literature on cyber security system has been summarized, and the common limitations in previous works have been highlighted. The designing stages include defining advance cyber security system variables, data collection for cyber threats, system design and implementation. These stages are described in the following subsections.
Forward Chaining: An expert system rule may be formulated simply as “if A then B” where A is a set of conditions on data and B is a set of instructions to be carried out when the rule is fires. The rules are examined to see which rules are made firable by the data, that is, A is satisfied, and a rule or rules selected for executing. When the rule is executed, the set of instructions B is executed.
6
Table 2: Cyber techniques and its abbreviation
Most rule-based advance systems works in this way. Forward chaining is used in proposed ACSS model. Backward chaining: A different sequence is followed in backward chaining. In backward chaining, we specify what conclusion we would like to reach, that is, we specify B. We find a rule or rules that have the desired consequent, and look at the antecedent A to see what the data must be to satisfy A. Now we find out how those data can be established, and look for rules that have those data as a consequent, or input data from a user to see if the antecedent can be satisfied. In backward chaining we work backward from goals to data; in forward chaining we work forward from data to goals. According to the theory of expert systems, the three main components are given below: User interface. Decision making inference engine. Database (storing the data and fuzzy rules). The model that embraces the fuzzy advance system is in this paper. The cyber expert can interact with the expert system interface in order to ask and read the advice from the proposed model. The inference engine consists of the cyber data threats, cyber terrorist profiles, and cyber-attack techniques. System administrator (or any user) interacts with ACSS using Matlab Fuzzy module. Inference engine gets commands from user by interface and evaluates these with the help of database in which rules are deposited.
Figure 3: Cyber Techniques Membership
4.4.2 Aim of Cyber Intruders (ACI) A cyber intruder usually has purpose for cyber-attack. This criteria defines various intention of aim of cyber intruders. Aims of cyber intruders areTable 3: Aim of cyber intruders and its abbreviation
Fuzzy Rule Based Model The general architecture for rule-based advance system and the components of a fuzzy rule based inference system are shown in this report. The main modules of a fuzzy rule based system are fuzzifization - or fuzzifier module - , fuzzy rules, inference engine and defuzzifier. Step 1. Fuzzification module: It converts a crisp input of the domain of the input variable domain to a grade by fuzzy set. Constructing a fuzzy logic membership functions play a crucial role for fuzzy rule based models. Triangular membership function was used in many fuzzy logic based applications. In this study triangular membership functions have been used. Step 2. Defining fuzzy rules: Fuzzy rules consist of antecedent and consequent in the form of IF-THEN statements. There are a number of rules, and they make a group which forms the basis for inference. The following some fuzzy rules have been taken with the combination of linguistic variable values. Input and output criteria of the model are “cyber techniques(CT)”, “aim of cyber intruders-(ACI)”, “cyber intruder’s target (CIT) “cyber intruders (CI)”, “hardware-(H)”, “software-(S)” and “user(U)”.
Figure 4: Aim of Cyber Intruders Membership
4.4.3 Cyber Intruder’s Target (CIT) Target is a critical term for a cyber-intruder. According to target, a cyber-intruder may use one or more different cyber techniques. A cyber intruder’s target may be as in Table 4. Table 4: Cyber intruder’s target and its abbreviation
4.4
Fuzzy parameters and their Membership function Design4.4.1 Cyber techniques (CT) This criteria describes techniques that cyber attackers can use for an intrusion or any cybercrime. Common techniques used by cyber techniques are as in Table 2.
7
Figure 5: Cyber Intruder’s Target Membership
Figure 8: Software Membership
4.4.4 Cyber Intruders (CI) A cyber intruder is a group or a person who violates network deficiencies. Different cyber intruders have been described as membership function in ACSS model. They are as in Table 5.
4.4.7 User (U) Users have awareness of cyber threats. They should take cyber security courses for improving their cyber ability. This criteria includes as in Table 8. Table 8: User and its abbreviation
Table 5: cyber intruders and its abbreviation
Figure 9: User Membership
4.5 Inference Engine and Defuzzification The basic function of the inference engine is to compute level of belief in output fuzzy sets from the levels of belief in the input fuzzy sets. The output is a single belief value for each output fuzzy set. In this stage, the fuzzy operator is applied in order to gain a single number that represents the result of the antecedent for that rule. The procedure of converting each aggregated fuzzy output set into a single crisp value is called defuzzification. In an ACSS, to find the defuzzification value we use the center of gravity method. The center of gravity equation can be written as follows:
Figure 6: Cyber Intruders Membership
4.4.5 Hardware (H) System administrators should use special hardware in order to prevent cyber-attacks. Special hardware criteria includes as in Table 6. Table 6: Hardware and its abbreviation
y max
y op
y min y max
y min
y agg ( y ) dy
agg ( y ) dy
Where yop is the output of the system and μagg is the output of the fuzzy set from the aggregation phase, ymin and ymax are the minimum and the maximum value of the base variables respectively. Figure 7: Hardware Membership
4.6 Fuzzy Rules The inference mechanism in the fuzzy logic controller resembles that of the human reasoning process. This is where fuzzy logic technology is associated with artificial intelligence. Humans unconsciously use rules in implementing their actions. Fuzzy rules consist of antecedent and consequent in the form of IF-THEN statements. There are a number of rules, and they make a group which forms the basis for inference. The following some fuzzy rules have been taken with the combination of linguistic variable values using the software MATLAB.
4.4.6 Software (S) Cyber intruders may exploit software insufficiency. Users should apply as in Table7. Table 7: software and its abbreviation
8
As shown Figure 13 advance cyber intruders (ACI) criteria is in x axis, and cyber intruder’s techniques (CIT) criteria is in y axis, and solution criteria hardware (H) is in z axis.
Figure 10: Fuzzy rules develop in MATLAB
Figure 13: Input variables Aim of Cyber Intruders (ACI), Cyber Intruder’s Target (CIT), vs. output variable Hardware (H)
As shown Figure 14 advance cyber intruders (ACI) criteria is in x axis, and cyber intruder’s techniques (CIT) criteria is in y axis, and solution criteria user (U) is in z axis.
5. SIMULATION RESULT AND DISCUSSION In advance cyber security system fuzzy variables as mentioned, the fuzzy controller also has an advantage of performing according to linguistic rules in the manner of how a human behaves. The reasoning method in the fuzzy controller is also similar to that of the cyber expert handle. After an advance cyber security system was carefully designed, we test the system and discuss the impact of the input variables on the output variables. As shown in figure 3 the input variable cyber techniques (CT) is not a fixed vale they are fuzzy variables as network attack, virus, Trojan horse, malware etc. Similarly for input variable aim of cyber intruders (ACI) has the fuzzy variables out of service, protesting, control system etc. and output variable User has the fuzzy variables user training, awareness and user control. Depending on the inputs the output take different fuzzy variables value as shown in figure 7, 8, and 9. It can be seen that cyber techniques (CT) criteria is in x axis, advance cyber intruders (ACI) criteria is in y axis, and solution criteria user (U) is in z axis as shown in Figure 11.
Figure 14: Input variables Aim of Cyber Intruders (ACI), Cyber Intruder’s Target (CIT), vs. output variable User (U)
As shown Figure 15 cyber intruders (CI) criteria is in x axis, and cyber techniques (CIT) criteria is in y axis, and solution criteria user (U) is in z axis.
Figure 15: Input variables Cyber Intruders (CI), Cyber Techniques (CT) vs. output variable User (U)
In Figure 16 of fuzzy rule viewer for ACSS is shown using MATLAB. According to the proposed model, a sample solution is given in Figure 16 when CT=0.135; ACI=0.32; CIT=0.187; CI=0.57. Here, model outputs are S=0.556; H=0.571 and U=0.861. Output of S=0.556 means that system needs update (SU); H=0.571 means that system needs special computer (SC); U=0.861 means that user needs user control (UC) is important.
Figure 11: Input variables Cyber Techniques (CT), Aim of Cyber Intruders (ACI) vs. output variable User (U)
As shown Figure 12 cyber techniques (CT) criteria is in x axis, advance cyber intruders (ACI) criteria is in y axis, and solution criteria software (S) is in z axis.
Figure 12: Input variables Cyber Techniques (CT), Aim of Cyber Intruders (ACI) vs. output variable Software (S)
9
6.
7. 8.
9.
Figure 16: Fuzzy Rule viewer for ACSS
10.
6. CONCLUSION AND RECOMMENDATION FOR FUTURE USE
11.
12.
This study proposes a fuzzy rule based cyber indicator that warns system administrators for expected cyber threats. It has been found that a system works well when applied with a given cyber threat scenario. This facilitates some warning signals generated by the rules. The model’s goal is not to protect a system however it aims at warning the system administrator for expected cyber threats. In this paper, an advance cyber security system based on fuzzy rule was presented. Mamdani fuzzy inference system was selected for develop ACSS. The inference of the fuzzy rules was carried out using the ‘min’ and ‘max’ operators for fuzzy intersection and union. A series of 65 fuzzy if-then rules were designed for the advance cyber system. Input space was divided into multidimensional partitions in order to formulate the initial rule base. Actions were then assigned to each of the partitions. The proposed model shows its superiority in the areas of development flexibility and fast response for cyber threats. The model can be used by system administrators in order to determine the nature of cyber threat triggered by cyber terrorists. Also, it can be used by commercial firms or government institutions to form a more secured knowledge environment. It could be attractive to the researchers to compare the performance of fuzzy rule based advance system with other meta-heuristics (e.g. Artificial Neural Network, Genetic Algorithm, and Fuzzy Neural Networks) or regular statistical methods (Linear/Nonlinear Regression). A special interest would be on testing whether fuzzy rule based approach has any advantage in dealing with the cyber security threats.
13.
14.
15.
16.
17.
18. 19.
REFERENCES 1.
2.
3.
4.
5.
Arunabha Mukhopadhyay, Samir Chatterjee, Debashis Saha, Ambuj Mahanti, Samir K. Sadhukhan “Cyber-risk decision models: To insure IT or not?” Decision support system of Elsevier May 2013, PP 11-26. Jill Rowland, Mason Rice, Sujeet Shenoi “The anatomy of a cyberpower” international journal of critical infrastructure protection of Elsevier January 2014. R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa, S. Shenoi, “Security strategies for SCADA networks,” in: Proceeding of the First Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Dartmouth College, Hanover, New Hampshire, USA, Mar. 19-21, 2007. S.M.Furnel and M.J.Warren, “Computer Hacking and Cyber Terrorism: The Real Threats in the New Millennium?”, Computers & Security, vol.18, pp.28-34,1999. L. Pietre-Cambacedes, T. Kropp, J.Weiss, and R. Pellizzonni, “Cybersecurity standards for the electric power industry-A survival
10
kit,” in CIGRÉ Paris Session, 2008, D2-217. A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, S.K. Sadhukhan, “e-Risk management with insurance: a framework using copula aided Bayesian belief networks” Presented at the Hawaii International Conference on system sciences, Hawaii, USA, 2006. Ellen Nakashima, “U.S. Said to Be Target of Massive CyberEspionage Campaign,” Washington Post, February 10, 2013. N. Fovino, M. Masera, “Through the description of attacks: a multidimensional view”, in: Proceeding of the 25th International Conference on Computer Safety, Reliability and Security, Gdansk, Poland, Sep. 26-29, 2006. R. Shanmugavadivu, “Network Intrusion Detection System Using Fuzzy Logic”, Indian Journal of Computer Science and Engineering (IJCSE), vol.2, pp. 101-111, 2011. S. M. Bridges, and R. B.Vaughn, “Fuzzy Data Mining And Genetic Algorithms Applied to Intrusion Detection”, In Proceedings of the National Information Systems Security Conference (NISSC), Baltimore, MD, 2000, pp.16-19. J.T. Yao, S.L. Zhao, and L.V. Saxton, “A Study On Fuzzy Intrusion Detection”, In Proceedings of the Data Mining, Intrusion Detection, Information Assurance, And Data Networks Security, SPIE, Vol. 5812, Orlando, Florida, USA, 2005, pp. 23-30. S. Mukkamala, G. Janoski, A. Sung, “Intrusion detection: support vector machines and neural networks.” In: Proceedings of the IEEE International Joint Conference on Neural Networks (ANNIE), St. Louis, MO, 2002, pp. 1702-1707. Y. Yu, and H. Hao, “An Ensemble Approach to Intrusion Detection Based on Improved Multi-Objective Genetic Algorithm”, Journal of Software, Vol.18, No.6, pp.1369-1378, June 2007. J. Cannady, “Artificial Neural Networks for Misuse Detection”, in Proceedings of the ’98 National Information System Security Conference (NISSC’98), 1998, pp. 443-456. W. Lee, S. Stolfo, and K. Mok, “A Data Mining Framework for Building Intrusion Detection Model”, In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1999, pp. 120132. J. Luo, and S. M. Bridges, “Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection”, International Journal of Intelligent Systems, Vol. 15, No. 8, pp. 687-704, 2000. C. Wilson, “Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress”, CRS Report for Congress, Oct. 17, 2003. L.A. Zadeh, “Fuzzy sets”, Information Control, vol.8, pp.338-353, 1965. E.H. Mamdani, and S. Assilian, “An experiment in linguistic synthesis with a fuzzy logic controller”, Int. J. Man-Mach. Stud., vol.7, pp.1-13, 1975.
