(Igor Sikorsky Kyiv Polytechnic Institute, 2024) Nakonechna, Yuliia; Savchuk, Bohdan; Kovalova, Anna
In the current environment, critical infrastructure has become the target of increasingly complex multi-stage cyber attacks characterized by sequential phases of infiltration, privilege escalation, and lateral movement within the target network. Traditional risk assessment methods often rely on assumptions of precise data availability and well-defined probabilities, which limit their applicability in real-world scenarios marked by uncertainty and imprecise information. This paper proposes an approach based on the use of fuzzy logic systems to assess the risks of multi-stage cyber attacks against networked critical infrastructure services. The proposed methodology takes into account the ambiguity and fuzziness of input data, expert judgments, and the dynamic progression of attacks. The result is a more flexible and adaptive risk assessment model that supports informed decision-making to enhance cybersecurity, prioritize countermeasures, and optimize the allocation of defensive resources.