MODELING CAUSE-AND-EFFECT EVENTS IN INFORMATION SYSTEMS SECURITY USING FUZZY COGNITIVE MAPS

Abstract

This paper presents a methodology for modeling cause-and-effect relationships between events impacting the functional safety of information systems, utilizing fuzzy cognitive maps and neuro-fuzzy technologies. The described model and approach effectively assess the level of risk and functional safety of information systems under conditions of uncertainty, taking into account complex interactions between information assets, vulnerabilities, and cyber threats, thereby providing insights into the system's security state.

The article describes the use of fuzzy cognitive maps based on expert assessments, weight tuning through neuro-fuzzy learning, and the modeling of cyberattack scenarios. The proposed approach includes tools for modeling cyberattack scenarios, enabling the evaluation of the likelihood of successful attacks and the identification of critical system points requiring additional protection.

The method is beneficial for intrusion detection systems and the security assessment of cloud and enterprise information systems. The article also discusses the limitations of the analyzed model, namely the high quality of expert assessments and the computational complexity of analyzing large systems with numerous interconnections. To address these challenges, optimization of algorithms using neuro-fuzzy methods, particularly an adaptive neuro-fuzzy inference system, and the use of parallel computing are proposed. Future research aims to extend the model's application to Internet of Things systems, where there is potential for assessing quality and functional safety, enabling the development of new methods that account for the identified limitations and integrate with machine learning technologies.