Fuzzy Logic: Making Decisions From Landing Planes to Cybersecurity

A clever chap named Albert Einstein once said: “So far as the laws of mathematics refer to reality, they are not certain. And so far as they are certain, they do not refer to reality.”

Fuzzy logic is a tool that lets us use mathematics to represent vague and imprecise information — hence the term fuzzy — and to arrive at decisions. Fuzzy logic algorithms are almost everywhere. They make it possible for planes to land safely, for the AC in your home to calibrate its temperature, and even for your laundry machine to spin the right number of cycles to get your clothes clean.

An industry that has begun using fuzzy logic effectively is cybersecurity. The day of a security analyst is full of decisions — dozens, sometimes hundreds of them. Whether he or she is determining if a binary file is a threat to the organization, or choosing the appropriate response to a security threat, the security analyst is the one who makes the call. These decisions often need to be made “subjectively” — there is often no clear cut right or wrong answer. The human brain makes these kinds of decisions all the time, but automating the process is not straightforward — this is where Fuzzy Logic can come in handy.

Classical logic is based on the principle that each proposition is either True or False. This approach isn’t appropriate for all cases. For example, the Sorites Paradox (or “Paradox of the Heap”) tells the story of a heap of sand, and begs the question: How many grains of sand does it take to make a heap of sand? Since one grain of sand does not make a heap, it follows that two grains do not; and if two do not, then three do not; and so on. This reasoning leads to the absurd conclusion that no number of grains of sand make a heap. These unclear boundaries of application can sometimes be referred to as fuzzy. This is where non-classical logic comes handy and defines fuzzy logic (or “multi-valued logic”).

So how does fuzzy logic actually work? A fuzzy logic system collects inputs from environments, such as communication signals, and “fuzzifies” them, meaning determines to which behavioral groups they belong and their “membership” level in each one. With fuzzy logic, an input can be assigned to multiple behavioral groups (in the fuzzy language it’s called a “membership function”), each with a different weight, or membership level (the membership level doesn’t have to necessarily be “1”). For example, seven failed authentication attempts can be considered 0 percent or low possibility to be a threat, 70 percent medium possibility to be a threat, and 30 percent high possibility to be a threat. It then uses an inference process to correlate all fuzzified inputs, based on linguistics expert rules (made by a subject matter expert in the relevant problem domain, for our example an experienced security analyst), and the membership levels. Lastly, it generates a crisp, single decision output based on a “de-fuzzification” process — as decisions need to be very clear and actionable.

The father of fuzzy logic was Lotfi Zadeh, a UC Berkeley mathematician who introduced the concept in 1965. He based his theory on the reasoning that computational computer logic was not the appropriate logic to be applied when manipulating data representing subjective human ideas.

Let’s go back and use an example from the cybersecurity arena to demonstrate how fuzzy logic can help there: User entity anomaly. Detecting this behavior is a challenging task because user behavior is not always predictable, and certainly cannot be measured in a binary way. Users anomalous behavior can only be determined by analyzing multiple features of his or her activity. The values of behavior are not Boolean, they have a range — for example, the location from which the user is connecting, the type of applications he is usually using and when, and the users’ peer group behavior (if he is a part of a group of people that might engage in a common behavior), and more. There is no single element that can determine if a user’s behavior is 100 percent malicious or not. The “qualification” of user activity as a high, medium, or low threat is a decision made in a grey zone, and fuzzy logic can play an important role in this process.

By applying fuzzy logic for decision making, we can utilize the human expertise and experience for designing a customized ruleset. The security field usually requires experienced and professional security analysts to be the decision makers. A human being is always comfortable making conversation in natural language. The representation of human knowledge can be done with the help of following natural language expression − IF antecedent THEN consequent.

For example: IF location is within a 4 km radius from the office AND login hour is midnight AND user is in a maintenance group, THEN there’s a high possibility it’s a maintenance issue being solved from the user’s home.

One other important role fuzzy logic can play is implementing a true Artificial Intelligence or AI system. AI has been around since the1950s and presents various approaches. No approach is 100 percent effective, and we need a tool to help us decide which approach is preferred. Just to name a few types of AI which require decision making to be effective: evolutionary systems, deep neural nets, neural networks, logic systems, genetics algorithms, and much more.

Fuzzy logic can actually unify multiple AI approaches in order to integrate human expertise (through the linguistics expert rules) and produce a more accurate decision. Another advantage of fuzzy logic is its flexibility. Any changes that need be made in the algorithm are handled by modifying fuzzy linguistic rules and not by formulating new mathematical functions, meaning it doesn’t require a heavy investment of R&D resources.

We’ll conclude with this thought by the Father of fuzzy logic Lotfi Zadeh:

“As complexity rises, precise statements lose meaning and meaningful statements lose precision.”

Thanks to him, we have fuzzy logic to help us out of the labyrinth, and better protect our data.