[IEEE NAFIPS 2005 - 2005 Annual Meeting of the North American Fuzzy Information Processing Society - Detroit, MI, USA (26-28 June 2005)] NAFIPS 2005 - 2005 Annual Meeting of the North

NAFIPS 2005 - 2005 Annual Meeting of the North American Fuzzy Information Processing Society

Comparison of Computer Attacks:An Application of

Interval-based Fuzzy IntegrationF. Modave, M. Ceberio, X. Wang, G. Xiang, 0. Garay, R. Ramirez, R. Tejeda

University of Texas at El Paso500 West University AvenueEl Paso, Texas 79968-0518

{fmodave , mceberio}@cs.utep.edu

Abstract- In recent years, there has been a huge increase in thenumber of reported computer attacks. Hacking skills are not evennecessary anymore. Therefore, network and system protectionhave become critical issues for companies. In order to knowhow to protect a system, we need to understand what impactan attack may have, and more specifically, we need to orderattacks in terms of their impact on the system to be protected.To do so, attacks have to be classified with respect to a set ofwell defined criteria or attributes. This paper shows how wecan use 2-additive measures and integrals, that take intervalmonodimensional utility functions as inputs, and have intervalvalues can be used as accurate aggregation operators to classifynetwork attacks. Yet, the use of 2-additive measures, instead ofmore general fuzzy measures allows us to keep the complexityof the problem under control in 0(n2).

I. INTRODUCTION

In recent years, there has been a huge increase in thenumber of reported computer attacks. Virtually any computeror computer network connected to the Internet is exposed toattacks because of unavoidable vulnerabilities. Someone, withmalicious intention, may use these vulnerabilities to accessvaluable information that may be deleted, stolen, corrupted,or misused.

Therefore, network and system protection have becomecritical issues for companies. A significant amount of resourcesand money is spent into making machines and network moresecure. However, in order to develop optimal protection strate-gies, it is important to be able to evaluate the impact of anattack on a network, and more precisely, to be able to rankattacks in terms of their impact on the system to be protected.

Each attack impacts a network or a machine in a differentway. One attack may delete some files and modify others,another may limit the access to a network (for instance aDenial of Service attack). Therefore, comparing attacks canbe seen as a multi-criteria decision making, where the criteriaare network-specific (such as number of files deleted or stolen,number of minutes the server was down etc.)

In [12], we have shown that classifying attacks reducesto a multicriteria decision making problem (MCDM). It hasbeen shown (see [6], [8]) that traditional approaches suchas a weighted sum (or any other additive technique) are notappropriate for many MCDM problems. Therefore, we proposethe use of fuzzy integration to order preferences. However,

what we gain in precision of the representation by usingfuzzy integration instead of traditional techniques, is lost incomplexity. Therefore, we present the notion of 2-additivemeasures (first presented in [4]) to limit the complexity toa 0(n2) where n represents the number of criteria consid-ered. Eventually, in [1] and [12], to deal with the inherentimprecisions of measurements, we show how interval-valuedfuzzy integrals, that take interval Shapley values and intervalinteraction indices as inputs, can be used to order networkattacks. In this paper, we extend monodimensional utilityfunctions to interval values, because the impact of an attackon a single attribute is not always defined precisely.

II. FuzzY INTEGRATION AND MCDMA. Multicriteria decision makingWe consider classifying attacks as a multicriteria decision

making (MCDM) problem, where the set X C X1 x ... x Xnrepresents the set of possible computer attacks and the set Xirepresents the set of values for the criterion i. An approachto solve this problem is the so-called utility theory approachwhere we assume (note that this assumption is not very restric-tive) that for each criterion, there exists a monodimensionalutility function ui : Xi JIR such that:

Vxi,yi Xi , xi% i Yi X ui(xi) > ui(yi) (1)

where ui(xi) represents the impact of attack x based on thecriterion i. We try to find an aggregation operator 7- : ERJR such that:

Vx, y E X, x - y X u(x) > u(y)

where - is a preference relation overX and the utility functionu(x) = 'H(ul(xi), .. ,u,(xn)). So the problem reduces toidentify an aggregation operator that agrees with a decisionmaker's subjective preference.A very natural and simple choice for the aggregation oper-

ator is a weighted sum (or an additive function). The decisionmaker gives each criterion a weight ai which represents theimportance of each criterion such that:

n

Vx C X , u(x) = Zaiui(xi)i-=1

(2)

0-7803-9187-X/05/$20.00 02005 IEEE. 676

where ai c [0,1], and E=n1 ai = 1.Despite an attractive simplicity and low complexity, this

approach suffers a serious drawback as an additive approach isonly valid when the attributes are independent([8]). In practice,this is not realistic and therefore, we need to turn to non-additive approaches.B. Fuzzy measures and integrals

For the sake of our applications, we restrict ourselves tothe finite case. However, these definitions can be extended toinfinite sets (see [2]and [5] for a detailed presentation of fuzzyintegration).To define fuzzy integrals, we need a set of values of

importance, this set being the values of the fuzzy measurewith respect to which the fuzzy integral is computed. That is,we need a value of importance of each subset of attributes.

In the following definition, ]P(I) represents the power setof I.

Definition 1: Let I be the set of attributes (or any set in ageneral setting). A set function p : 'P(I) -* [0,1] is called afuzzy measure if it satisfies the three following axioms:(1) p(0) = 0: the empty set has no importance(2) /1(I) 1: the maximal set has maximal importance(3) /1(B) < p(C) if B, C c I and B c C: a new criterion

added cannot make the importance of a coalition (a setof criteria) diminish.

Therefore, in our problem where card(I) = n, we need avalue for every element of 'P(I) that is 21 values. Considering,the values of the empty set and of the maximal set are fixed,we actually need, 2' - 2 values or coefficients to definea fuzzy measure. So, there is clearly a trade-off betweencomplexity and accuracy. However, we will see that we canreduce the complexity significantly in order to guarantee thatfuzzy measures are used in practical applications.A fuzzy integral is a sort of weighted mean taking into

account the importance of every coalition of criteria.Definition 2: Let ,u be a fuzzy measure on (I, P(I)) and

an application f : I JIR+. The Choquet integral of f w.r.t,u is defined by: n

(C) j fdpl = Z(f(u7(i)) -f (a(i -1)))p(A(j))1i

where of is a permutation of the indices in order to havef(u(1)) < ... < f(u(n)), A(j) = {f(i), .. ., a(n)} andf(uf(O)) = 0, by convention.When there is no risk of confusion, we will write (i) for a(i).

It was shown in [9] that the Choquet integral with respectto fuzzy (or non-additive) measures can be used in MCDM asan aggregation operator on monodimensional utility functions.Under relatively general assumption, we can show that thereexists a unique fuzzy measure p over the set of criteria definedfor each attack such that:

Vx, y E X , x j y X u(x) > u(y)where

(3)

n

u(x) =E [u(i)(x(i)) -u(i_1)(x(j1j))]p(A(l)) (4)i=l

In our particular case, we say an attack x is more harmful thatthe attack y if and only if u(x) has a larger value than u(y).The drawback of this approach suggested by one of the

authors is that it is not constructive and that the complexitybecomes exponential due to the use of fuzzy measures insteadof weighted sum.

Let us start with a couple of definitions that will allow us toshow how to overcome the problem and limit the complexityto a O(n2).The global importance of a criterion is given by evaluating

what this criterion brings to every coalition it does not belongto, and averaging this input. This is given by the Shapley valueor index of importance (see [1 1], [3], [4]).

Definition 3: Let p be a fuzzy measure over I. The Shapleyvalue of index j is defined by:

v(j)=jE V(B)[tt(B U {j}) - p (B)]BCI\{j}

with -(B) = (III-IBI-1)! BI! IBI denotes the cardinal of B.The Shapley value can be extended to degree two, in order

to define the indices of interactions between attributes (see [4]and [?] for the original paper in japanese).

Definition 4: Let p be a fuzzy measure over I. The inter-action index between i and j is defined by:

I(i, j) = E: (,(B) -(pl(B U {i,jj})-BCI\{i,j}

p(B U {i}) - It(B U {j}) + 1(B))with (I(B) = (III1-BI-2)!j BI!(111-1)!The interaction indices belong to the interval [-1, +1] and* I(i, j) > 0 if the attributes i and j are complementary;* I(i, j) < 0 if the attributes i and j are redundant;* I(i, j) = 0 if the attributes i and j are independent.Interactions of higher orders can also be defined, however

we will restrict ourselves to second order interactions whichoffer a good trade-off between accuracy and complexity. Todo so, we define the notion of 2-additive measure.

Definition 5: A fuzzy measure ,u is called 2-additive if allits interaction indices of order equal or larger than 3 are nulland at least one interaction index of degree two is not null.

In this particular case of 2-additive measures, we can showthat ([4]):

Theorem 1: Let p be a 2-additive measure. Then the Cho-quet integral can be computed by:

(C) f1 fdl = j,j >0(f(i) A f(j))Iij +EZi.<o(f(i) V f(j)) Ii +

Ei=1 f (i)(I- Ej:"i I iii|). 5

Note that this expression justifies the above interpretation ofinteraction indices, as a positive interaction index correspondsto a conjunction (complementary) and a negative interactionindex corresponds to a disjunction (redundant).

677

In the weighted sum case, we assume that the decisionmaker can provide us with the weights she/he puts on eachcriterion. However, we know that this model is inaccuratewhen trying to deal with dependencies. We could use aChoquet integral instead, as we have seen that they are aconvenient and precise tool to model preferences. However,the complexity is very high. Therefore, in order to combinethe best of the two worlds, we can ask the decision maker togive the Shapley values, as well as the interaction indices, andthen use the reconstruction theorem 1 to obtain the aggregationoperator, which is a Choquet integral w.r.t. to a 2-additivemeasure. Of course, we have to assume the measure to be2-additive to use theorem 1. However, this is not a seriouslimitation as the importance and the 2-order interaction areenough to give a thorough semantic interpretation of theresults.

Nevertheless, such an approach raises an other problem.How can we expect the decision maker to give a precisevalue for the importance and interaction indices? In order toovercome this hurdle, we introduce the concept of intervaland see how it can be used efficiently to derive "interval ofpreferences".

III. INTERVALSA. Real Interval Arithmetic

Interval Arithmetic (IA) is an arithmetic over sets of realnumbers called intervals. IA has been proposed by Ramon E.Moore [10] in the late sixties in order to model uncertainty,and to tackle rounding errors of numerical computations.

Definition 6 (Real interval): A real interval is a closed andconnected set of real numbers. Every real interval x is denotedby [x. x], where its bounds are defined by x = inf x andx = sup x. In order to represent the real line with closedsets, JR is compactified in the obvious way with the infinities{-0o, +±o}. The set of real intervals is denoted EI.Given a subset p of R, the convex hull of p is the real intervalHul1 (p) = [inf p, sup p]. The width of a real interval x is thereal number w(x) = - x. Given two real intervals x and y,x is said to be tighter than y if w(x) < w(y).

Elements of E' define boxes. Given (Xl: ..X)T E En,the corresponding box is the Cartesian product of intervalsX x1 x ... x x,. By misuse of notation, the same symbolis used for vectors and boxes. The above-mentioned notionsare straightforwardly extended to boxes.IA operations are set theoretic extensions of the correspond-

ing real operations. Given x, y e E and an operation cE{+-,x, },we havexOy= Hull{xOy (x,y) E x x y}.Due to properties of monotonicity, these operations can

be implemented by real computations over the bounds ofintervals. For instance, given two intervals x = [a, b] andy= [c,d], we havex+y-[ +c, b+d ].

B. Interval ExtensionsIA is designed to represent outer approximations of real

quantities. The range of a real function f over a domain D,denoted by fU(D), can be computed by interval extensions.

Definition 7 (Interval extension): An interval extension ofa real function f: Df c iR -s JR is a function En-+ Esuch that:

VX C En, (X c Df CfU(X) ={f(x) IxE X} C (X)).

This inclusion formula is called Fundamental Theorem of IA.This definition implies the existence of infinitely many intervalextensions of a given real function. In particular, the weakestand tightest extensions are respectively defined by: X[-oc, +±x] and X s 4 Hull(fU(X)).The most common extension is known as the natural ex-

tension. Natural extensions are obtained from the expressionsof real functions, and are inclusion monotonic which meansthat given a real function f, its natural extension, denotedf, and two intervals x and y such that x C y, thenf(x) c f(y). Since natural extensions are defined by thesyntax of real expressions, two equivalent expressions of agiven real function f generally lead to different natural intervalextensions. In Figure 1, we see that both interval functionsdefine interval extensions of f. However, one function isclearly better.

-u ,u_D :2Ct _ U 5)a _ 0.25= oaluauol Or f=;x o-aluaio org

Fig. 1. Natural interval evaluations of two expressions of a real function f.

The overestimation problem, known as dependency problemof IA, is due to the decorrelation of the occurrences of avariable during interval evaluation. For instance, given x =[a, b] with a + b, we have x - x - [a - b, b - a] D 0.An important result is Moore's theorem known as the

theorem of single occurrences.Theorem 2 (Moore [10]): Let f be a real function, f

Df C R7 -* iR, such that (x1i ...Xn) 1-4 t(xl, xn)where t is a symbolic expression interpreted by f. If eachxi occurs only once in t, 1 < i < n, then

VX E EnI(X C Df =S fu(X) = f(X)) .

IV. INTERVALS OF PREFERENCES

As we have seen before, to define preferences over alterna-tives, the user is required to provide importance and interactionindices, but is more likely to establish intervals of values thanprecise values. In this section, we explain how such intervalinformation can be integrated in the scheme of computationof the Choquet integral, by extending its definition to IntervalArithmetic.

678

Since the user is not longer asked for precise values ofindices Iij and Ii, but for intervals , we consider intervals ofvalues of these indices, and we respectively denote them Iijand Ii, i, j e {1, ... , n}. As a consequence, the formula forthe computation of the Choquet integral is now given by:

(C:) jfdpu = E (f(i) A f(j))Iij +Ijj >0(fM fUIij I+~ (f(i) V f(j))II~~ +

Iij <0n

E (i) (i - 2E IIiij I) (6)i=l j74i

where the annotation (Cl) means that the interpretation of thisformula is performed using IA. As a consequence, the valueof the integral is an interval, which we hope is the tightest oneregarding the interval information provided by the user.

However, using IA means that overestimation of the rangeof real functions may occur, due to the above-mentioneddependency problem of IA. In particular, in the case ofEquation 6, every interval variable Iij occurs twice, withdifferent monotonicities (once positively, once negatively),which inevitably leads to overestimating the expected rangeof values. Therefore, the right part of the formula is rewrittenso as to obtain single occurrences only:

(CQ) f1fdp. =Eij,>0 ((i) A f(j)) --(f(i) + f(j))) IijEii <0 ( (fi) V fJ ) - I(f(i) + f())) '1 (7)+ ZE f(i)I

This formula contains only single occurrences of intervalvariables, which is a guarantee to obtain the exact range ofpossible values, given the intervals of preferences of the user.Two alternatives are then compared w.r.t. the corresponding

interval values of their interval integral of Choquet, as follows:

(CE) |fdl > (C:) /gdp dW

(Cl) jfdii > (CiD)jgdu (8)

This is interpreted as the alternative f is preferred to thealternative g. It is worth noting that if the decision makergives precise values for the importance and interaction indices,then the interval-based Choquet integral restricts to a standardChoquet integral and the intervals of preferences are realvalued numbers.

However, we should also emphasize the fact that the abovecase is an ideal case where the interval of preferences do notintersect and the preferences are clear. It may happen that:(CI) jfdu (Cn )j gd[ 0'We will make the assumption (not restrictive) that the decision maker can-

not give an interval whose interior contains 0, which would be a contradictoryinformation.

Results Criteria ScaleCopy What percents of files are copied? [0, 100%]

Are copied files important? [not important, impor-tant, very important]

Modify What percents of files are modified? [0, 100%]Are modified files important? [not important, impor-

tant, very important]Delete What percents of files are deleted? [0, 100%]

Are deleted files important? [not important, impor-. _____________________________ tant, very important]

TABLE IFILES DESTRUCTION

In such a case, we need to define a degree of preferencecorresponding to the intersection of the intervals. We coulduse a trivial solution which is to look at the upper bounds andgive preference to the highest upper bound, which correspondsto an optimistic behavior; or to look at the lower boundsand give preference the the highest lowest bound whichthen corresponds to a pessimistic behavior. However, manyother solutions between the very optimistic case and the verypessimistic case are possible. It is our feeling that we needto look simultaneously at the upper and lower bounds as wellas the width of the intervals. Indeed, in many situations, thedecision maker will exhibit some sort of aversion of riskand will want to have intervals as tight as possible, that isrestrict the degree of uncertainty. The definition of a degreeof preference and the semantics attached to it is part of ourfuture research.

V. CRITERIA IN COMPARING COMPUTER ATTACKS

A. Criter-iaIn [12], [7], we show that there are three main types of im-

pacts of computer and network attacks: loss of confidentiality,loss of integrity, and loss of availability. By analyzing somecommon attacks, for instance, denial of service, IP spoofing,password attacks, malicious codes, and so on, we found thatthe impacts can be classified as files destruction, servicesdegradation [13].

1) Files destruction: If an attacker obtains the privilegeto access to the system, then he (or she) can copy, modify,or delete some or all of the files [13]. The amount and theimportance of the files will affect the result of comparingattacks (see Table 1).

2) Services degradation: The other results of attacks is thatthe service either slows down or is unavailable. The reasonsthat cause this result are different. One is CPU utilization. IfCPU is operating at 100 %, everything would halt down. Thesecond one is that the system cannot support new processesand the user cannot run their own processes. The other reasonis that the disk storage of the system is consuming. Since thedisk has limit quota, if it is full by too many files with toolarge size, it cannot be accessed by the user. There are someother reasons, such that the process or the system shutdown. Ifthe process or system halts, the service would not be available[13]. There are several criteria used to check this result relatedto different reasons.(see Table 2).

679

Results Criteria ScaleService Degrada- CPU utilization [0, 100%]tion

Does the system support new [yes, no]process?Is the disk available? [full, not full]Does the process shut down? [yes, no]Does the system shut down? [yes, no]

TABLE IIPROCESS DEGRADATION

B. Attack evaluation

We have now obtained a set of realistic attributes to modelthe impact of an attack on a computer network. This list isnot exhaustive and should be obtained in conjunction with anetwork administrator or computer security expert.

The next step in the process is to obtained a set of mono-dimensional utility functions ui : Xi IR that will put allattributes on a common real scale (say the interval [0,1]). Weknow that this is not a restrictive assumption as only the order-separability of the set of values of attributes is needed.Once these functions are obtained (we can for instance take

a set of piecewise linear functions, in agreement with a securityexpert), we do the following:(1) obtain from experts the interval-valued Shapley values

and interval-valued interaction indices(2) reconstruct the interval-valued Choquet integral as seen

in the previous section(3) decide on an ordering strategy to compare intervals

VI. LIMITATIONS AND IMPROVEMENTS

In [1] and [12], when we evaluate attacks, we make animplicit assumption that an attack with respect to a singleattribute has a very specific impact, which is consistent overtime. In practice this is not the case. Each attack impacts anetwork or a machine in a different way and at a differenttime. We cannot say for sure what the impact of the attack is.In practical cases, we use interval-valued Monodimensionalutility functions instead of real-valued functions as the impactof an attack depends on the current state of the system atthe time of attack. Therefore, we need to extend the Choquetintegral with interval utilities, which means we should provethat both Equation 4 and Equation 6 work for interval-valuedf (i) and f (j). Since we use Equation 6 in practice, here weonly prove the extension of Equation 6.The general idea is that when we consider the interval-

valued f (i) or f (j) as one point, if the real-valued f fd,u isin the range of the interval-valued f fdji, then we say thatEquation 6 can be extended with interval utilities.

Here, considering the interval-valued f(i) or f(j) as onepoint means the width of the interval equals to 0, or thelower bounds and the upper bounds of the interval are same.There are several strategies to handle this, the easiest one is toconsider the lower bounds or the upper bounds of the interval.We can divide Equation 6 into three parts: complementary

part, redundant part and linear part.

For the linear part, it is clear that the real-valued result ofZn 1 f(i)(Ii - - Ejoi iIij ) is in the range of the interval-valued result, when we consider the interval f(i) as a realnumber.

For simplicity, let's only consider two criteria, cl and C2.If IC1C2 > 0, we only consider the complementary part.

While we only consider the redundant part if IC1C2 < 0.We denote f (cl), f(c2) the interval impact of criterion cl

and C2, real number f (ci) f(ci) = f (cl), f (C2) = f (c2) =f (C2)-

If f(ci) nf (C2)= 0, and f(c2) > f(cl), then f(cl) <f (C2). f(cl) A f(C2) = f(cj) f('c) A f(c2) = f(cl), too.It is clear that f(cl) is in the range of f(ci), similar as thecase of maximum.

For the fact that f(c1) n f(c2) = 0, we discuss thefollowing cases:(1) f(c2) < f(cl) and f(c2) > f(ci). There are several

solutions to get the minimum interval of two intervals.We choose one of them, that is

f(Ci) A f (c2) = f (ci)because it is more accurate no matter what numbers wecompare in the intervals. f (cl) Af(c2)= f (cl) when welook at the lower bounds and upper bounds respectively,where f(cl) is in the range of f (cl). Similar to the caseof maximum.-

(2) f (cl) > f (c2) and f (c]) < f (c2). Similarly, we pick thesafer strategy that

f(cl) A f(c2) = [f(c2). f(c)1).f(cl) A f(c2) = f(cl) when we look at the upperbound, while f(cl) A f(c2) = f(c2) when we look atthe lower bound. Both f(cl) and f(c2) are in the rangeof [f (c2), f (cl)].

Therefore, we show that 2-additive Choquet integral can beextended to interval utilities.

VII. CONCLUSIONIn this paper we have presented a simple yet efficient way to

use fuzzy integration and interval computations as a mean tocompare network attacks. We know that using traditional (i.e.additive) techniques of multicriteria decision making is notappropriate as in most practical cases when criteria are notindependent. Therefore, we propose to use fuzzy integrationto avoid this problem. The drawback of using fuzzy techniquesis the increase in complexity. However, this can easily beovercome by restricting ourselves to 2-additive measures. Another issue is that, it is unrealistic to expect an expert togive precise values for the Shapley values and the interactionsindices, and, the impact of an attack on a single attribute isnot always defined precisely, but we can combine the Choquetintegral with interval computation to avoid these problems.

In future work, we need to refine the ordering strategies ofintervals as this is our mean of comparison of attacks. Sets ofvalues of attributes should be set of probability distributions or

680

type-2 fuzzy sets to represent the uncertainty on the impact.Eventually, an expert may often not be able to give precisevalues, but the expert often knows an idea of where the valuesare mostly distributed, therefore, we also need to consider thecase where the expert provides a probability distribution andthen, design the corresponding ordering strategies of intervals.

REFERENCES

[1] M. Ceberio and F. Modave. An interval-valued, 2-additive choquetintegral for multicriteria decision making. In Proceedings of IPMU2004, Perugia, Italy, July 2004.

[2] G. Choquet. Theory of Capacities. Ann. Inst. Fourier 5, 1954.[3] D. Denneberg and M. Grabisch. Shapley value and interaction index.

Mathematics of operations research, submitted.[4] M. Grabisch. Fuzzy measures and integrals. Thleory and applications,

chapter The interaction and Mobius representations of fuzzy measureson finite spaces, k-additive measures: a survey. Physica Verlag, 2004.to appear.

[5] M. Grabisch, H. T. Nguyen, and E. A. Walker. Fundamentals ofUncertainty Calculi with Applications to Fuzzy Inference. KluwerAcademic Publisher, Dordrecht, 1995.

[6] D. Krantz, R. Luce, P. Suppes, and A. Tverski. Foundations ofMeasurement. Academic Press, 1971.

[7] T. A. Longstaff, J. T. Ellis, S. V. Hernan, H. F. Lipson, R. D. McMillan,L. Hutz-Pesante, and D. Simmel. The Froehlich / Kent Encyclopedia ofTelecommunications, volume 15, chapter Security of the Internet, pages231-255. 1997.

[8] F. Modave and M. Grabisch. Preferential independence and the Choquetintegral. In 8th Int. Conf on the Foundations and Applicatonis ofDecision under Risk and Uncertainty (FUR), Mons, Belgium, 1997.

[9] F. Modave and M. Grabisch. Preference representation by the Choquetintegral: the commensurability hypothesis. In Proc. 7th Int. Conf onInifornation Processing and Management of Uncertainty in Knowledge-Based Systems (IPMU), Paris, France, July 1998.

[10] R. E. Moore. Interval Analysis. Prentice-Hall, Englewood Cliffs, N.J.,1966.

[11] L. Shapley. A value for n-person games. In H. Kuhn and A. Tucker,editors, Contributions to the Theory of Games, Vol. II, number 28 inAnnals of Mathematics Studies, pages 307-317. Princeton UniversityPress, 1953.

[12] M. Ceberio, F. Modave, and X. Wang. Comparing Attacks: an ApproachBased on Interval Computation and Fuzzy Integration. In Proceedingof FUZZIEEE 2005, Reno, Usa, May 2005.

[13] J. Howard. An analysis of security incidents on the Internet 1989-1995.At http://www.cert.org/research/JHThesis/Chapterl 1.html, 1997.

681

Documents

[IEEE NAFIPS 2005 - 2005 Annual Meeting of the North American Fuzzy Information Processing Society - Detroit, MI, USA (26-28 June 2005)] NAFIPS 2005 - 2005 Annual Meeting of the North