Cybersecurity encompasses the practices, technologies, and processes designed to protect networks, devices, and data from unauthorized access, attacks, and damage. In today's digital world, where a significant amount of information is stored online, cybersecurity has become increasingly important. This paper employs the AHP (Analytic Hierarchy Process) and FAHP (Fuzzy Analytic Hierarchy Process) methods to determine the importance of criteria related to active cyberattacks. The study identifies Social Engineering and Masquerade Attacks as the most critical threats. The research focuses on developing a systematic framework for prioritizing cyberattack prevention strategies by analyzing the relative significance of various attack types. Through an in-depth assessment of criteria such as attack frequency, potential damage, and mitigation complexity, the study highlights the utility of decisionmaking tools in cybersecurity planning. Using both qualitative and quantitative data, the findings emphasize the pressing need to address vulnerabilities associated with human error and identity exploitation. Furthermore, the paper outlines practical recommendations for integrating AHP and FAHP methodologies into organizational risk management processes, ensuring a proactive approach to cyber defense. By leveraging these analytical techniques, organizations can allocate resources more efectively and reinforce resilience against the most prevalent and damaging forms of cyberattacks.
In our increasingly digital world, the importance of cybersecurity cannot be overstated. Cybersecurity is essential for protecting computer systems, networks, and data from theft, damage, or unauthorized access. By investing in security, companies can ensure they remain safe and competitive in the market. As businesses, governments, and individuals rely more on technology, safeguarding information and ensuring the integrity of systems becomes paramount [1].
Cybersecurity encompasses a wide range of technologies and strategies used to defend against cyber threats. These threats can take various forms, including malware, phishing attacks, data breaches, and other cybercrimes. The goal of cybersecurity is to create a defense infrastructure capable of identifying, preventing, and responding to threats efectively.
With the always-on connectivity and advancements in technology today, threats rapidly exploit diferent aspects of technology. Any device in use nowadays is vulnerable to cyberattacks. For instance, in October 2016, a series of Distributed Denial of Service (DDoS) attacks targeted DNS servers, causing major web services to experience significant disruptions.
The increasing trend of remote work has led to a growing number of remote workers utilizing their infrastructures to connect with company systems. As the remote workforce expands, employees rely on their setups and networks to access company resources, which, if poorly planned and architected, can lead to insecure implementations. Similarly, the growth in companies allowing employees to bring their devices (BYOD) to work can result in security issues if not properly managed.
As the landscape of cyber threats continues to evolve, organizations must adopt a proactive approach to security. Humans are often the weakest link in the security chain, making old threats like phishing emails still impactful due to their psychological manipulation of users.
The storage, access, and management of data by both companies and private users have been transformed by cloud computing. While this convenience brings many benefits, it also raises concerns related to cyber threats. Cloud computing involves storing and accessing data files or software online instead of using physical hard disks or local servers. Although providers ofer strong security measures, it is equally important for individuals using these services to safeguard their files and operating devices [2].
In the present day, the widespread adoption of cloud computing by numerous companies is evident. Many begin their cloud journey in a hybrid environment, where Infrastructure as a Service (IaaS) takes center stage, while some organizations may leverage Software as a Service (SaaS) for specific solutions.
On-premise security remains vital as the foundation of any organization, where the majority of users access critical resources. When an organization expands its on-premise infrastructure by integrating with a cloud provider for IaaS, it must carefully assess potential threats and devise efective countermeasures through comprehensive risk assessments.
Personal devices, although not directly connected to on-premise resources, can still compromise company data if users access corrupted SaaS applications, click on suspicious email links, or if former employees or unauthorized users gain access to company data stored on personal devices. Using the same passwords across multiple emails and sites can also lead to compromised accounts.
Data security involves safeguarding digital information from unauthorized access, corruption, or theft at every stage of its existence. This comprehensive concept spans various aspects of information security [3, 4]: • Physical Security: Hardware storage devices and physical infrastructure are protected. • Administrative Controls: Policies, guidelines, and procedures are implemented.
• Logical Security: Software applications, databases, and networks are secured.
Properly implemented, robust data security strategies ensure that an organization’s information assets are protected against cybercriminal activities, insider threats, and human error, which are among the leading causes of data breaches today. Tools and technologies that enhance the organization’s visibility into the location and usage of its critical data are deployed. Protections such as encryption, data masking, and redacting sensitive files are applied. Additionally, reporting is automated to streamline audits and help adhere to regulatory requirements.
To ensure the integrity and availability of sensitive information, these four data security measures can be implemented: • Encryption: Algorithms are utilized to transform regular text characters into an unreadable format.
These keys play a crucial role in scrambling data, ensuring that only authorized users can access it. File and database encryption software act as a protective barrier, obscuring sensitive information through encryption or tokenization. Additionally, many encryption tools incorporate security key management features. • Data Erasure: Software is employed to thoroughly overwrite data on any storage device, ensuring it is more secure than conventional data wiping. It is confirmed that the data cannot be recovered. Data Masking: Real data is used for application development or training while protecting personally identifiable information (PII). This ensures that development can occur in compliance with privacy regulations. • Data Masking: Real data is used for application development or training while protecting personally identifiable information (PII). This ensures that development can occur in compliance with privacy regulations. • Data Resiliency: An organization’s ability to withstand and recover from various failures, including hardware issues, power outages, and other events that afect data availability, is ensured. Rapid recovery is essential to minimize impact.
A cyberattack is a malicious and deliberate attempt by an individual or organization to breach another individual’s information system. Usually, the attacker seeks some type of benefit from disrupting the victim’s network. Cyberattacks can be categorized into two categories: active and passive. The primary distinction lies in their impact on the target system’s resources. Passive cyberattacks involve attempts to gain access to the target’s system without directly afecting its system resources. In contrast, active cyberattacks can cause damage to the target’s system, such as data breaches or ransomware attacks. One common byproduct of a cyber attack is a data breach, where personal data or other sensitive information is exposed. An active attack is an activity in which a hacker attempts to make changes to data on the target or data route to the target. There are several diferent types of active attacks. However, in all cases, the threat actor takes some sort of action on the data in the system or the devices the data resides on. Attackers may attempt to insert data into the system or change or control data that is already in the system. In the sequel, some types of cyber attack will be emphasized [1, 2, 3, 4, 5]. • CA1: Social Engineering. Social engineering attacks manipulate individuals into disclosing sensitive information, downloading potentially harmful software, accessing questionable websites, transferring funds to malicious actors, or making other security-compromising errors. These actions can have significant repercussions for both personal and organizational security. • CA2: Masquerade attack. A masquerade attack is a detrimental and misleading cyber intrusion strategy, utilized by malicious actors to gain unauthorized access to networks, systems, or devices through the exploitation of stolen credentials or login data. By circumventing the existing digital infrastructure and deceiving authorization protocols to pose as legitimate system users, these threat actors can manipulate business transactions, perpetrate financial ofenses, and disrupt operational processes. Unlike numerous other cyberattacks, masquerade attacks are primarily centered on human-related system vulnerabilities. The acquisition of stolen login credentials or the utilization of phishing emails to gather suficient user information for unauthorized network entry is merely the initial stage of a masquerade attack. Once the target systems are breached, the potential for inflicting damage is virtually unbounded. • CA3: 3. DoS attack. A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer or other device unavailable to its intended users by interrupting the device’s normal functioning. DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal trafic is unable to be processed, resulting in denial-of-service to addition users. DoS attack can occur in two ways: 1. Flooding. The attacker floods the target computer with internet trafic to the point that the trafic overwhelms the target system. The target system is unable to respond to any requests or process any data, making it unavailable to legitimate users. 2. Malformed data. Rather than overloading a system with requests, an attacker may strategically send data that a victim’s system cannot handle. For example, a DoS attack could corrupt system memory, manipulate fields in the network protocol packets, or exploit servers.
A DoS attack is characterized by using a single computer to launch the attack.
On the other hand, a distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as a botnet DDoS attack. • CA4: Session hijacking attack. A session hijacking attack is also called a session replay attack. In it, the attacker takes advantage of a vulnerability in a network or computer system and replays the session information of a previously authorized system or user. The attacker steals an authorized user’s session ID to get that user’s login information. The attacker can then use that information to impersonate the authorized user.
A session hijacking attack commonly occurs over web applications and software that use cookies for authentication. With the use of the session ID, the attacker can access any site and any data that is available to the system or the user being impersonated. • CA5: Message modification attack. In a message modification attack, an intruder alters packet header addresses to direct a message to a diferent destination or to modify the data on a target machine. Message modification attacks are commonly email-based attacks. The attacker takes advantage of security weaknesses in email protocols to inject malicious content into the email message. The attacker may insert malicious content into the message body or header fields. 3.0.1. Preventing Cyber Attacks To prevent cyber attacks, it’s important to analyze the cybersecurity challenges that companies, governments, and individual users face today. It is necessary to obtain accurate data and research the state of the market. Not all companies use the same versions of operating systems or dedicated software, and this makes cybersecurity challenges harder. In other words, the most appropriate approaches to cybersecurity techniques are not specialized in certain industries. According to the Kaspersky Global IT Risk Report 2016, the main aspects of most data breaches are listed in the following order [6] • Viruses, malware, and trojans • Lack of diligence and untrained employees • Phishing and social engineering • Targeted attack • Crypto and ransomware
The cybersecurity community has been practicing these three aspects for quite some time. Because they are old and well-known suspects in cybersecurity. The biggest problem is not an insuficient investment in securing systems, but rather human error. The reason can be when someone clicks on a phishing link and downloads a malicious file, such as a virus, malware, or trojan, onto their computer. This approach is known as social engineering. When an attacker has planned what is a specific target that will be attacked in their minds, we’re talking about a targeted attack. Before attacking the systems, attackers spend time researching resources to perform public reconnaissance and gather important pieces of data. Attackers intend to steal and sell data on the dark web. Crypto and ransomware are creating a new level of challenge for cybersecurity analysts and organizations. In May 2017, the world faced the biggest ransomware attack in history. This ransomware is called WannaCry and exploits a known vulnerability in Windows SMBv1. Attackers used an exploit called EternalBlue, which was released in April 2017. The hacking group Shadow Brokers created this exploit. Some of the important works regarding the cyber securita criteria can be seen in [6, 7, 8, 9].
Let all fuzzy sets defined on the set of real numbers R be represented as (R). The number ∈ (R) is a fuzzy number if there exists 0 ∈ R so condition (0) = 1 holds, and = [︀ , () ≥ ]︀ is a closed interval for every ∈ [0, 1]. The membership function, a component of a triangular fuzzy number (TFN) , is a function : R → [0, 1], defined as [5, 10] () = ⎧ ( − )/( − ), ≤ ≤ , ⎨
( − )/( − ), ≤ ≤ ,
⎩ 0, otherwise,
(
For a given triangular number ˜ = (, , ) the left side of the membership function ˜ and it’s Assume two TFNs, ˜1 = (1, 1, 1), ˜2 = (2, 2, 2), and scalar > 0, ∈ R. The basic arithmetic operations (addition, subtraction, multiplication, scalar multiplication, and inverse element) are respectively defined as follows [11]: ˜1 ⊕ 2 = (1 + 2, 1 + 2, 1 + 2),
˜ ˜1 ⊖ 2 = (1 − 2, 1 − 2, 1 − 2),
˜ ˜1 ⊗ 2 = (1 · 2, 1 · 2, 1 · 2),
˜ · ˜1 = ( · 1, · 1, · 1), ˜ = ( − )/( − ); ( )− 1 = + ( − ), ∈ [0, 1],
˜ ˜ = ( − )/( − ); ( )− 1 = + ( − ), ∈ [0, 1].
˜
and the right side of the membership function ˜ and it’s inverse are given as
(
The total integral value, according to [12] as a combination of left and right integral values (˜) (˜) = (˜) + (1 − )(˜) = = 1 2 ∫︁ 1 0 ( )− 1 + (1 − )
˜ ( + + (1 − )) .
∫︁ 1 0 ( )− 1 ˜ where represents an optimism index. The optimistic ( = 1), balanced ( = 0.5) and pessimistic ( = 0) point of view are significant to obtain and rank criteria, while semi-pessimistic ( = 0.25) and semi-optimistic ( = 0.75) point of view are used when additional opinion is needed or more accurate results required [13].
In the sequel, the steps of the FAHP will be presented.
In general, the hierarchical structure has been organized vertically: the main goal is, as the most important component, at the top; the criteria that contribute to the goal are at the intermediate levels; and the sub-criteria are at the lowest level.
importance between criteria; = , ˜ = (
The fuzzy scale for constructing pairwise comparisons can be seen in [10].
Determining the pairwise comparison matrix ̃︀ in terms of TFNs. In this step, a positive fuzzy reciprocal ˜ comparison matrix ̃︀ = ( )× with a total of ( − level with elements from a lower level is developed. The fuzzy value ˜ represents the degree of relative
The graphic representation of the used FAHP scale with all three values (lower, median, and upper) is presented in Figure 1.
equations For a matrix = ( )× , the consistency index and consistency ratio are calculated using = ∑︁ ∑︁ ˜
= ∑︁ ∑︁ (︀ , , ︀) , ∑︁ ∑︁ ⎠ , ⎝ ∑︁ ∑︁ ⎠ =1 =1 , ⎝ ∑︁ ∑︁ ⎠ =1 =1 ⎞− 1⎞ ⎠ 0 2 4 6 8 10 12 , where max corresponds to a maximal eigenvalue of matrices and is a random index.
The value < 0.1 confirms the comparison matrix consistency, while otherwise the reason for inconsistency should be found and calculations repeated.
Using the triangular fuzzy numbers from the comparison matrix ̃︀ = (︀ ˜ × , applying
︀)
(
⊗ − 1 =1 =1 = ∑︁ ( , , ) ⊗ − 1, = 1, .
The defuzzification phase starts with the weighted vector in order to obtain the total integral value for the TFNs, ̃︀
In the normalization phase, the weight vectors * for criteria are obtained.
= (̃︀) =
1
2
︀( + + (1 − ))︀ , ∈ [0, 1], = 1, ,
* =
∑︀
=1
(
The weights for each sub-criterion are obtained by multiplying the weights of the criteria and sub-criteria. Then, arranging the obtained weights, the sub-criteria ranking is received.
We firstly discuss the criteria ranking using the previously described FAHP algorithm.
The comparison matrix is consistent since = 0.017, and = 0.015. In the sequel, Tables 1 and 2 present the comparison matrix and corresponding weights. In all cases, the criteria 1 named Social engineering is on the top of the ladder with the weight 0.416 in the AHP, and 0.378 in the balanced
Next place, with the highest weight 0.271 in the pessimistic FAHP case takes the criteria Masquerade attack. Being 1.59 times smaller than the leading one in the AHP, and 1.41 times in the optimistic FAHP case, criteria 2 justifies the second place [ 14]. Moderately important in the process of determining significant active cyber attacks is 3=DoS attack. At the bottom of the ladder, being 6.67 times less important than the leading one (AHP case), is criteria Message modification attack.
In the case of semi-pessimistic ( = 0.25) and semi-optimistic ( = 0.75) point of view, 5 has respectively 5.93 and 5.96 times smaller weight than 1. The graphical presentation of criteria ranking can be seen in Figure 2.
The internet has indeed transformed computing, expanding opportunities while also increasing vulnerabilities. This dual nature has made computer security more critical than ever, focusing on protecting Weights for the criteria in the AHP and FAHP case.
CA1 CA2 CA3 CA4 CA5
CA1 1 1/2 1/3 1/4 1/5
CA2 2 1 1/2 1/3 1/4
CA3 3 2 1 1/2 1/3
CA4
CA5 4 3 2 1 1/2 5 4 3 2 1 CA1 CA2 CA3 CA4 valuable data across various devices and networks. AHP and its generalizations in multi-criteria decisionmaking are particularly useful in navigating the complexities of security decision-making. Since its introduction by Saaty, AHP has provided a structured approach to quantify criteria weights, enabling more informed choices in security strategies. This methodology helps organizations prioritize risks and allocate resources efectively, ensuring that the most critical vulnerabilities are addressed. By applying AHP in security contexts, decision-makers can evaluate multiple factors—such as potential impact, likelihood of occurrence, and mitigation costs—systematically. This structured decision-making process is essential in today’s landscape, where the stakes are high and the threats are constantly evolving. As the most important criteria in this work, Social engineering, and Masquerade attacks stand out. With the constant increase in threats in the cyber world, the idea like the one presented in this paper could be used in the improvement of protocols deployed, for instance, smart cities security platforms, in machine learning security, and lightweight cryptography. The findings in this paper present a starting point for our continual research in the cyber security area. We also plan to add or remove certain factors or sub-factors. Furthermore, an extension to this research could focus on the practical application for the ranking of the alternatives.
This paper was supported by the Blockchain Technology Laboratory at Belgrade Metropolitan University, Belgrade, Serbia.
The authors have not employed any Generative AI tools.