Quantifying vulnerabilities of network systems has been a highly controversial issue in the fields of network security and IoT. Much research has been conducted on this purpose; however, these have many ambiguities and uncertainties. In this paper, we investigate the quantification of vulnerability in the Department of Transportation (DOT) as our proof of concept. We initiate the analysis of security requirements, using Security Quality Requirements Engineering (SQUARE) for security requirements elicitation. Then we apply published security standards such as NIST SP-800 and ISO 27001 to map our security factors and sub-factors. Finally, we propose our Multi-layered Fuzzy Logic (MFL) approach based on Goal question Metrics (GQM) to quantify network security and IoT (Mobile Devices) vulnerability in DOT.

中文翻译：

---

多层模糊逻辑量化物联网漏洞

量化网络系统的漏洞一直是网络安全和物联网领域备受争议的问题。为此目的进行了大量研究；然而，这些有许多含糊不清和不确定性。在本文中，我们调查了交通部 (DOT) 中脆弱性的量化，作为我们的概念证明。我们启动安全需求分析，使用安全质量需求工程 (SQUARE) 进行安全需求获取。然后我们应用已发布的安全标准（例如 NIST SP-800 和 ISO 27001）来映射我们的安全因素和子因素。最后，我们提出了基于目标问题指标 (GQM) 的多层模糊逻辑 (MFL) 方法来量化 DOT 中的网络安全和物联网（移动设备）漏洞。