An application of fuzzy logistic regression for predicting CVSS severity category of industrial control systems

Abstract

Cybersecurity is rapidly gaining significance due to growing use of computers in daily life and business sectors. Likewise, industrial sector has also become more vulnerable to cyber threats exclusively with the onset of Industry 4.0, which is a digital transformation evolved with industrial control systems (ICS). Nowadays industrial organizations aim to build capacity towards protection of ICS to be cybersafe. To assess the effects of vulnerabilities in ICS, organizations utilize Common Vulnerability Scoring System (CVSS), which calculates severity categories/scores. In this study, we implemented a prediction model for CVSS vulnerability categorization of ICS. Although there exist many applicable methods to use in data analysis paradigm such as statistical regression, cluster and classification analysis, the categorical form of CVSS data based on verbal statements and the failure to satisfy basic statistical assumptions for classical models motivated us to focus on implementation of fuzzy logistic regression (FLR) model, which is one possible alternative method. We chose the FLR method to explore that it is applicable to ICS vulnerability data. Furthermore, the model was improved by employing metaheuristic algorithms to optimize the spread of fuzzy numbers representing input variables. This study is expected to contribute to practical application of vulnerability categorization of ICS.