Authentication Methods Selection in Information Security through Hybrid AHP and EGT

Abstract

The information security leader frequently encounters the challenge of choosing the appropriate defence strategy. Effective multi-criteria decision-making (MCDM) is essential in the field of information security for determining the optimal strategies that involve more than one party. To address this challenge, we propose a hybrid model that combines the strengths of the Analytic Hierarchy Process (AHP) with Evolutionary Game Theory (EGT). The hybrid model helps the information security leader assess the criteria for security controls and make the optimal decisions to protect the organization's data. Initially, the AHP is utilized to assess the criteria of information security control. Subsequently, the priority of the alternatives is established through evaluating these criteria. Furthermore, we will construct a defence-attack circumstance using the EGT framework, which involves formulating strategies and determining payoffs for both the information security leaders and attackers involved. We utilize the replicator dynamic to examine the process of evolution in the game, resulting in the determination of the optimal strategy. A case study is conducted to determine the optimal strategy for information security leaders and attackers. The result indicates that the best defence strategy is password protection, followed by token-based and biometric-based protections. On the other hand, the optimal strategy for attackers is no attack, followed by attack and moderate attack. This study contributes to the multi-criteria decision-making (MCDM) problem’s solving by considering the dynamic aspect between both defender and attacker in the context of information security.