Curvature-based sparse rule base generation for fuzzy rule interpolation

Tan, Yao; Shum, Hubert P. H.; Chao, Fei; Vijayakumar, V.; Yang, Longzhi

doi:10.3233/jifs-169978

Cited by 10 publications

(6 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SSDEEP/SDHASH) and Fuzzy C-Means (FCM) clustering [7]. In the future, this proposed fuzzy analysis approach could be automated by generating sparse fuzzy rules based on the pre-eminent results of FCM [31] and employing an adaptive fuzzy rule interpolation technique [32], [33], [34], [35]. Moreover, this sparse fuzzy rule base can be updated dynamically by employing dynamic fuzzy rule interpolation (D-FRI) method [36], [37], [38], [39], [40], [41], [42].…”

Section: Discussionmentioning

confidence: 99%

Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules

Naik

Jenkins

Savage

et al. 2019

2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)

Self Cite

View full text Add to dashboard Cite

Ransomware is currently one of the most significant cyberthreats to both national infrastructure and the individual, often requiring severe treatment as an antidote. Triaging ransomware based on its similarity with well-known ransomware samples is an imperative preliminary step in preventing a ransomware pandemic. Selecting the most appropriate triaging method can improve the precision of further static and dynamic analysis in addition to saving significant time and effort. Currently, the most popular and proven triaging methods are fuzzy hashing, import hashing and YARA rules, which can ascertain whether, or to what degree, two ransomware samples are similar to each other. However, the mechanisms of these three methods are quite different and their comparative assessment is difficult. Therefore, this paper presents an evaluation of these three methods for triaging the four most pertinent ransomware categories WannaCry, Locky, Cerber and CryptoWall. It evaluates their triaging performance and run-time system performance, highlighting the limitations of each method.

show abstract

Section: Discussionmentioning

confidence: 99%

Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules

Naik

Jenkins

Savage

et al. 2019

2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…For future improvements, it is important to evaluate the proposed method with a threshold value of the similarity scores to establish the effect of these similarity scores and further enhance the fuzzy hashing algorithm itself, thus increasing the clustering performance of FCM. This proposed fuzzy analysis approach could be automated by generating sparse fuzzy rules based on the best results of FCM [31] and employing an adaptive fuzzy rule interpolation technique [32], [33], [34], [35]. Moreover, this sparse fuzzy rule base can be updated dynamically by employing dynamic fuzzy rule interpolation (D-FRI) method [36], [37], [38], [39], [40], [41], [42].…”

Section: Discussionmentioning

confidence: 99%

Cyberthreat Hunting - Part 2: Tracking Ransomware Threat Actors using Fuzzy Hashing and Fuzzy C-Means Clustering

Naik

Jenkins

Savage

et al. 2019

2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)

Self Cite

View full text Add to dashboard Cite

Threat actors are constantly seeking new attack surfaces, with ransomeware being one the most successful attack vectors that have been used for financial gain. This has been achieved through the dispersion of unlimited polymorphic samples of ransomware whilst those responsible evade detection and hide their identity. Nonetheless, every ransomware threat actor adopts some similar style or uses some common patterns in their malicious code writing, which can be significant evidence contributing to their identification. The first step in attempting to identify the source of the attack is to cluster a large number of ransomware samples based on very little or no information about the samples, accordingly, their traits and signatures can be analysed and identified. Therefore, this paper proposes an efficient fuzzy analysis approach to cluster ransomware samples based on the combination of two fuzzy techniques fuzzy hashing and fuzzy c-means (FCM) clustering. Unlike other clustering techniques, FCM can directly utilise similarity scores generated by a fuzzy hashing method and cluster them into similar groups without requiring additional transformational steps to obtain distance among objects for clustering. Thus, it reduces the computational overheads by utilising fuzzy similarity scores obtained at the time of initial triaging of whether the sample is known or unknown ransomware. The performance of the proposed fuzzy method is compared against k-means clustering and the two fuzzy hashing methods SSDEEP and SDHASH which are evaluated based on their FCM clustering results to understand how the similarity score affects the clustering results.

show abstract

“…In order to improve both interpretability and accuracy, various concepts have been studied to optimize the fuzzy rule base (Cordón and Herrera, 2000; Gacto et al , 2011; Tan et al , 2019). A complete set of fuzzy rules can increase accuracy, but decrease the rule interpretability (Cordón, 2011), whereas reducing the number of rules and linguistic variables can increase interpretability (Zhou and Gan, 2008).…”

Section: Literature Reviewmentioning

confidence: 99%

Fuzzy-logic-based support tools for initial screening of manufacturing reshoring decisions

Hilletofth

Sequeira

Tate

2021

IMDS

View full text Add to dashboard Cite

PurposeThis paper investigates the suitability of fuzzy-logic-based support tools for initial screening of manufacturing reshoring decisions.Design/methodology/approachTwo fuzzy-logic-based support tools are developed together with experts from a Swedish manufacturing firm. The first uses a complete rule base and the second a reduced rule base. Sixteen inference settings are used in both of the support tools.FindingsThe findings show that fuzzy-logic-based support tools are suitable for initial screening of manufacturing reshoring decisions. The developed support tools are capable of suggesting whether a reshoring decision should be further evaluated or not, based on six primary competitiveness criteria. In contrast to existing literature this research shows that it does not matter whether a complete or reduced rule base is used when it comes to accuracy. The developed support tools perform similarly with no statistically significant differences. However, since the interpretability is much higher when a reduced rule base is used and it require fewer resources to develop, the second tool is more preferable for initial screening purposes.Research limitations/implicationsThe developed support tools are implemented at a primary-criteria level and to make them more applicable, they should also include the sub-criteria level. The support tools should also be expanded to not only consider competitiveness criteria, but also other criteria related to availability of resources and strategic orientation of the firm. This requires further research with regard to multi-stage architecture and automatic generation of fuzzy rules in the manufacturing reshoring domain.Practical implicationsThe support tools help managers to invest their scarce time on the most promising reshoring projects and to make timely and resilient decisions by taking a holistic perspective on competitiveness. Practitioners are advised to choose the type of support tool based on the available data.Originality/valueThere is a general lack of decision support tools in the manufacturing reshoring domain. This paper addresses the gap by developing fuzzy-logic-based support tools for initial screening of manufacturing reshoring decisions.

show abstract

Curvature-based sparse rule base generation for fuzzy rule interpolation

Cited by 10 publications

References 41 publications

Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules

Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules

Cyberthreat Hunting - Part 2: Tracking Ransomware Threat Actors using Fuzzy Hashing and Fuzzy C-Means Clustering

Fuzzy-logic-based support tools for initial screening of manufacturing reshoring decisions

Contact Info

Product

Resources

About