I recently had an article published in Solutions Review titled “Fuzzy Logic: Bridging the Gap Between AI and Real Life Cyber Attacks" about the role Fuzzy Logic can play in cyber defense. While everyone in cyber security is talking about Artificial Intelligence (AI) and Machine Learning (ML) – to the extent that you’re probably sick of hearing about them, and rightfully so – fuzzy logic is a technology that can also play an important role in optimizing cyber defense.
What is Fuzzy Logic?
Invented in 1965 by UC Berkeley mathematician Lotfi Zadeh, the fuzzy logic approach proposes that computational logic is not the best logic to use when manipulating data representing subjective human ideas. Fuzzy logic uses mathematics to represent vague (or “fuzzy”- hence the name) and imprecise information and arrive at decisions.
Fuzzy logic sees computing through the lens of "degrees of truth" rather than the usual "true or false" (1 or 0) Boolean logic. In a way, it’s closer to “human” logic than other computational approaches.
Fuzzy Logic algorithms are actually all around us, from calibration of air conditioners to autopiloting airplanes to weather forecasting.
Fuzzy Logic in cybersecurity
In cybersecurity, fuzzy logic allows the algorithm to receive human expert inputs (intuition inputs in a linguistics representation) and weigh them as part of the inference process before making a decision. In this way we can know not only THAT the computer is displaying anomalous behavior, but also how that was decided, which features were involved, and what type of anomalous behavior exactly the computer is displaying.
The ability to inject human intuition in simple linguistic representation allows us to create new anomaly detection engines faster than with other AI approaches.
Fuzzy Logic allows security experts to influence decision models based on their past experience and intuition, without the need to be familiar with the underlining mathematical algorithm and ML processes. Fuzzy logic can be “injected” into the process via a free language (any language can be processed), making the security team more productive and effective while reducing frustration and busywork. While security professionals may not fully understand or care about fuzzy logic, they certainly can benefit from the results.
How empow uses fuzzy logic
We use fuzzy logic to effectively create an average baseline, which will let us identify anomalies. empow's NTA module implements a series of multi-vector expert engine algorithms – including patented fuzzy logic algorithms - where each expert engine is designed to emulate the human security expert in detecting a security threat category. This enables us to accurately detect security threats based on network anomalies.
The figure below illustrates empow’s security expert engine. In the “adaptive behavior functions” stage, fuzzy logic algorithms are implemented to help gauge the level of threat. In this way empow’s technology takes the level of intelligence implemented in the process another level up, adding its ‘intuitive’ abilities on top of AI and ML, to better filter out noise and identify real threats.