Fuzzy Based Threat Assessment Model (FTAM)

Abstract

Threat assessment is the process of identifying and characterizing a cybersecurity threat by evaluating and assessing its properties. This is a tool used by many organizations around the globe in order to evaluate their systems and perform a risk analysis against common threats. SAE J3061 guidelines provide a set of principles for automotive cybersecurity which includes threat identification, assessment, and analysis. This standard defines threat assessment as “an analysis technique that is applied in the concept phase to help identify potential threats to a feature and to assess the risk associated with the identified threats”. This paper presents an innovative, Fuzzy Based Threat Assessment Model (FTAM). FTAM leverages the threat characterization from established threat assessment models, while focusing on improving its assessment capabilities by using Fuzzy Logic. Through this methodology, FTAM is able to improve the efficiency and accuracy of the threat assessment process to determine the “degree” of the threat. This is different from using subjective assessment processes based on table look-ups or scoring like some of the current threat assessment models do. This paper provides an analysis on the design and performance of FTAM as well as benchmarking with other existing models.