AI-enhanced Cybersecurity Risk Assessment with Multi-Fuzzy Inference
Home Research Details
Essam Natsheh, Fatima Bakhit Tabook

AI-enhanced Cybersecurity Risk Assessment with Multi-Fuzzy Inference

0.0 (0 ratings)

Introduction

Ai-enhanced cybersecurity risk assessment with multi-fuzzy inference. Revolutionize cybersecurity risk assessment with an AI-enhanced multi-fuzzy inference system (MFIS). It delivers fine-grained, expert-aligned scores, simplifying cyber-defense prioritization.

0
12 views

Abstract

The pace and complexity of modern cyber-attacks expose the limits of traditional ‘impact × likelihood’ risk matrices, which compress uncertainty into coarse categories and miss inter-dependent threat dynamics. We propose a three-layer multi-fuzzy inference system (MFIS) that models general infrastructure vulnerabilities and access-control weaknesses separately, then fuses them into a single, continuous 0-25 risk score. The framework was validated on three representative scenarios—catastrophic/continuous, serious/frequent, and minor/few attacks—encompassing sixteen threat criteria. Compared with a crisp 5 × 5 matrix, MFIS cut mean-absolute error and root-mean-square error by 90 to 99% and reproduced expert-panel judgments to within 0.55 points across all scenarios. Nine independent practitioners rated the prototype highly on usability (100% agreement), credibility (100%) and actionability (100%), with 78% willing to recommend adoption. These results demonstrate that MFIS delivers fine-grained, expert-aligned assessments without adding operational complexity, making it a viable drop-in replacement for time- or resource-constrained organizations. By capturing partial memberships and cross-domain interactions, MFIS offers a more faithful, adaptive and explainable basis for prioritizing cyber-defense investments and can be extended to emerging threat domains with modest rule-base updates.


Review

This paper introduces a timely and highly relevant solution to a critical challenge in modern cybersecurity: the inherent limitations of traditional, coarse-grained risk assessment methodologies. The authors effectively articulate how conventional 'impact × likelihood' matrices struggle to capture the nuances of dynamic cyber-threats, particularly the complex interdependencies and uncertainties involved. Their proposed three-layer Multi-Fuzzy Inference System (MFIS) represents a significant advancement by offering a continuous, fine-grained risk score from 0-25. This approach intelligently models infrastructure vulnerabilities and access-control weaknesses separately before fusing them, thereby providing a more sophisticated and realistic basis for evaluating risk than existing methods. The strength of this work is further evidenced by its robust validation framework. The MFIS was rigorously tested against three distinct attack scenarios, encompassing sixteen threat criteria, demonstrating its versatility and accuracy. Crucially, the quantitative comparison against a crisp 5x5 matrix revealed a remarkable reduction in mean-absolute error and root-mean-square error (90-99%), closely aligning with expert-panel judgments. Beyond the technical merits, the practical applicability of the MFIS is underscored by the overwhelmingly positive feedback from nine independent practitioners, who lauded its usability, credibility, and actionability, with a strong willingness to recommend its adoption. This dual-pronged validation—technical precision and practical endorsement—is exceptionally compelling. In conclusion, "AI-enhanced Cybersecurity Risk Assessment with Multi-Fuzzy Inference" presents a compelling and well-executed solution that promises to significantly enhance the efficacy of cybersecurity risk management. The MFIS framework’s ability to capture partial memberships and cross-domain interactions offers a more faithful, adaptive, and explainable foundation for prioritizing cyber-defense investments. Given its demonstrated capability to deliver expert-aligned assessments without increasing operational complexity, making it a viable "drop-in replacement" for organizations, this paper makes a substantial contribution to the field. It represents a significant step forward in bridging the gap between theoretical risk modeling and practical, actionable cybersecurity strategy.


Full Text

You need to be logged in to view the full text and Download file of this article - AI-enhanced Cybersecurity Risk Assessment with Multi-Fuzzy Inference from Journal of ICT Research and Applications .

Login to View Full Text And Download

Comments


You need to be logged in to post a comment.