| The ever-increasing escalation of security attacks and the limitations of current methods of detecting security vulnerabilities such as brute force and already known vulnerabilities of a program prompted this search for better alternatives of performing security analysis of programs. The imprecise and unpredictable ways to commit a security breach on a system defer the inductive reasoning in detecting security vulnerabilities. An instrument able to pursue security analysis of both the known and other, as yet ill-defined, attacks on a system is needed. This quantitative, experimental study explored the feasibility and effectiveness of an instrument that applied fuzzy logic to a well-known instrument of security analysis, NESSUS Home version, tested it on 171 computer systems, and ran it on four different types of applications: OS software, Internet software, application software, and WEB software. The existing security analyzers do not evaluate within their own detection mechanisms. By adding to this process, an instrument that can provide humanlike decision-making capacity, as fuzzy logic is doing, the security analysis arena could then effectively and consistently determine the security risk of the application without heavily relying on the experience of the security expert performing the evaluation. Keywords: computer security, soft computing, security analysis, fuzzy logic. |
PDF Full Text Request