Authentication Methods Selection in Information Security through Hybrid AHP and EGT

Authors

  • Bee Wah Loo Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia
  • Pei Ling Tan Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia
  • Siew Kian Tey Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia
  • Wan Yoke Chin Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia

DOI:

https://doi.org/10.37934/araset.50.2.171185

Keywords:

MCDM, AHP, EGT, Authentication, Information security

Abstract

The information security leader frequently encounters the challenge of choosing the appropriate defence strategy. Effective multi-criteria decision-making (MCDM) is essential in the field of information security for determining the optimal strategies that involve more than one party. To address this challenge, we propose a hybrid model that combines the strengths of the Analytic Hierarchy Process (AHP) with Evolutionary Game Theory (EGT). The hybrid model helps the information security leader assess the criteria for security controls and make the optimal decisions to protect the organization's data. Initially, the AHP is utilized to assess the criteria of information security control. Subsequently, the priority of the alternatives is established through evaluating these criteria. Furthermore, we will construct a defence-attack circumstance using the EGT framework, which involves formulating strategies and determining payoffs for both the information security leaders and attackers involved. We utilize the replicator dynamic to examine the process of evolution in the game, resulting in the determination of the optimal strategy. A case study is conducted to determine the optimal strategy for information security leaders and attackers. The result indicates that the best defence strategy is password protection, followed by token-based and biometric-based protections. On the other hand, the optimal strategy for attackers is no attack, followed by attack and moderate attack. This study contributes to the multi-criteria decision-making (MCDM) problem’s solving by considering the dynamic aspect between both defender and attacker in the context of information security.

Downloads

Download data is not yet available.

Author Biographies

Bee Wah Loo, Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia

loobw@tarc.edu.my

Pei Ling Tan, Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia

tanpeiling@tarc.edu.my

Siew Kian Tey, Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia

siewkian@tarc.edu.my

Wan Yoke Chin, Department of Mathematical and Data Science, Faculty of Computing and Information Technology, Tunku Abdul Rahman University of Management and Technology, Setapak, 53300 Kuala Lumpur, Malaysia

chinwy@tarc.edu.my

Published

2024-08-26

Issue

Section

Articles