multicriteriadecisionandmachinelearningalgorithmsfor...

Review ArticleMulticriteria Decision and Machine Learning Algorithms forComponent Security Evaluation: Library-Based Overview

Jibin Zhang ,1 Shah Nazir,2 Ansheng Huang ,1 and Abdullah Alharbi3

1Materials Corporation of Petro China Southwest Oil & Gasfield Company, Chengdu 610017, China2Department of Computer Science, University of Swabi, Swabi, Pakistan3Department of Information Technology, College of Computers and Information Technology, Taif University, Taif 21944,Saudi Arabia

Correspondence should be addressed to Ansheng Huang; [email protected]

Received 14 June 2020; Revised 1 July 2020; Accepted 3 July 2020; Published 10 September 2020

Academic Editor: Amir Anees

Copyright © 2020 Jibin Zhang et al. %is is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Components are the significant part of a system which plays an important role in the functionality of the system. Componentsare the reusable part of a system which are already tested, debugged, and experienced based on the previous practices. A newsystem is developed based on the reusable components, as reusability of components is recommended to save time, effort, andresources as such components are already made. Security of components is a significant constituent of the system to maintainthe existence of the component as well as the system to function smoothly. Component security can protect a componentfrom illegal access and changing its contents. Considering the developments in information security, protecting thecomponents becomes a fundamental issue. In order to tackle such issues, a comprehensive study report is needed which canhelp practitioners to protect their system. %e current study is an endeavor to report some of the existing studies regardingcomponent security evaluation based on multicriteria decision and machine learning algorithms in the popularsearching libraries.

1. Introduction

Technology has made life easier but has exposed severalsecurity issues. Over the last few years with the devel-opment of Internet, the number of attacks has increased.Technology plays an inevitable role in human life. %eInternet of %ings (IoT) enables communication withdifferent devices. %e smart devices are connected tocommunicate, process, compute, and monitor diversereal-time scenarios. %e devices are normally heteroge-neous and have low memory and short power for pro-cessing. %e concept of Internet of %ings came with thechallenges of privacy and security, as the conventionalsecurity protocol does not fit the devices of IoT. %einformation security of an organization is highly de-pendent on different types of information of the orga-nization. Manager of the information security is not only

concerned with the relevant information but also withthe interdependencies among this information. Indi-viduals, government, and organizations are facing risksof information security. %ese risks can be damaged at ahigh level in terms of breach of confidentiality of sen-sitive data, financial loss, and loss of integrity andavailability of data which is sensitive. Security of com-ponents plays an important role in the functionality of asystem to run properly. Different studies are available forthe security purpose [1–5]. %e algorithms of ML haveshown a considerable performance in different applica-tion fields such facial recognition, text recognition, spamdetection, and so on. %e applications of machinelearning (ML) algorithms are obvious in different do-main areas [2, 5–11].

%e contribution of the proposed study is to present acomprehensive report on some of the existing state-of-the-

HindawiSecurity and Communication NetworksVolume 2020, Article ID 8886877, 14 pageshttps://doi.org/10.1155/2020/8886877

mailto:[email protected]

https://orcid.org/0000-0003-2348-0070

https://orcid.org/0000-0003-2891-1423

https://creativecommons.org/licenses/by/4.0/

https://creativecommons.org/licenses/by/4.0/

https://doi.org/10.1155/2020/8886877

art research studies for component security evaluation basedon multicriteria decision and machine learning algorithms.%is study will support the researchers to extract the mostuseful insights of security to a particular domain tostrengthen its existence and to avoid future hurdles.

%e organization of the paper is as follows. Section 2presents the related work to the current research, inparticular to multicriteria decision and machine learningalgorithm applications for component security evalua-tion. Section 3 briefly shows multicriteria decision andmachine learning approaches to the security evaluation.Section 4 shows the library-based analysis of the existingliterature from different perspectives in the most popularlibraries.

2. Related Work

Different approaches are being proposed by researchers totackle the issue of security from different perspectives.Saranya et al. [6] presented the study of comparisons ofdifferent machine learning algorithms for intrusion de-tection system with applications in different areas such assmart city, Interenet of %ings, fog computing, big data,and so on. %e KDD-CUP dataset was used to test effi-ciency and compared with existing available research. Forthe information security products of cloud computing, atest evaluation system is established [1]. %e securityidentification has a significant role in the field like Internetof %ings in smart city. Manjia Tahsien et al. [8] presentedan overview of the IoT architecture with a detailed reviewon machine learning algorithms, significance of IoT se-curity with diverse types of attacks. %e study proposed amodel of the associated information management factorsfor the information security of organization. Firstly, theysurveyed 136 articles to identify the information securityfactors, and secondly, a series of interviews with 19 expertsfrom the industry to evaluate the relevancy of thesefactors. In third step, a complete model was developed [3].%e authors [12] conducted a detailed survey of the state-

of-the-art IoT security, deep learning, and big datatechnology.

Yuan and Luo [13] evaluated energy security of theChinese provinces through analyzing the reasons andimplementation of policy, with the help of MTGS and SPA-TOPSIS. Wijayarathna and Arachchilage [14] assessed thecognitive dimensions framework with the help of four se-curity application programming interfaces, such as BouncyCastle light weight Crypto API, Google Authentication API,OWASP Enterprise Security API, and Java Secure SocketExtension API. Wang et al. [9] presented a detailed overviewof the security properties investigation of machine learningalgorithms. %ey have analysed the security model of ML tobuild up a blueprint for multidisciplinary area of research.After that, the attack methods and the strategies of defenseagainst them are discussed. %e study presented an overviewof the weaknesses and strengths of the available evaluationmethods used for usability and security for the websites ofelectronic commerce (E-commerce). %e evaluation modelsfrom 2000 to 2018 have been reviewed for E-commerce [4].Many burning issues like untrustworthy information, in-secure platform, malicious propagation, and illegal cheatingexist. Security and trustworthiness play an important role forthe communication among social interactions of sharinginformation and communication. Zhang et al. [15] proposedan approach for crowed assessing the security and trust-worthiness of open social networks based on signalingtheory.

Mao et al. [16] proposed a system for building securitydependency to measure the significance of security of asystem from a wide perspective of the system. %e effect ofsmall-world and power-law distribution for the degree forin- and out-degree in security dependency network wasobserved. Halabi and Bellaiche [17] proposed an approachfor measuring performance and assessment of services ofsecurity for Cloud on the basis of set of assessment measuresusing Goal-Question-Metric. Cheah et al. [18] devised asystematic framework for security testing for interfaces ofautomotive Bluetooth and applied a tool of proof-of-concept

Figure 1: Relevant terminologies for security.

2 Security and Communication Networks

to carry out testing on vehicle with the help of the proposedframework. Nazir et al. [19] proposed a methodology forevaluating the security of software components using theanalytic network process. %is technique works in the sit-uation of complexity where dependencies exist amongdifferent nodes of network. Cherdantsevaet al. presented anevaluation of a reference model of information assuranceand security for summarizing the information required bythe information assurance and security community [20].Jouini et al. proposed a quantitative approach to security riskfor information systems which is extendable, systematic, andmodular. %e study aimed to effectively evaluate securitythreat in a comprehensive way [21]. %e study considered anapproach to attack of computer modeling and security as-sessment which is recommended to realize in advancedSecurity Information and Event Management (SIEM)

systems. Subsorn and Limwiriyakul [23] examined the se-curity of internet banking of 16 Australian banks for findingthe shortcomings which were probably affecting the confi-dentiality of the bank customers. Furthermore, the studyinvestigated 12 %ai commercial banks and compared theresults with those of the previous research. Kotenko andChechulin [24] presented a framework for security assess-ment and attackmodelling in security information and eventmanagement system.

3. Multicriteria Decision Making and MachineLearning Algorithms for Security Evaluation

Several techniques are being practiced in the literature forsecurity evaluation [25–27]. %ese techniques evaluate thesecurity from different perspectives. A number of machine

0 2 4 6 8 10 12 14 16 18

Decision making

Learning (artificial intelligence)

Fuzzy set theory

Genetic algorithms

Operations research

Optimisation

Pattern classification

Internet

Pareto optimisation

Analytic hierarchy process

Cloud computing

Evolutionary computation

Power engineering computing

Bayes methods

TOPSIS

Decision support systems

Decision trees

Neural nets

Pattern clustering

Recommender systems

Renewable energy sources

Resource allocation

Sampling methods

Uncertainty handling

Internet of things

No. of publications

Publ

icat

ion

type

Figure 2: Publication type and total number.

Security and Communication Networks 3

12

3

4

5

6

7

89

101112

13

14

15

16

17

1819 20

Hanoi

Hang kong

Lodz

Medea, Algeria

MuscatN

ante

s

New

Delh

i, Ind

ia

Ottawa, O

N, Can

adaParis, F

rance

Penang

Prague

Taichung, Taiwan

Taipel, Taiwan

Washington, D

C

Wellington, N

ew Zealand A

lmat

y, Ka

zakh

stan

Amm

an

Boca Rato

n, FL, U

SA

Budva, Montenegro

Chittagong, Bangladash

Figure 3: Places of conferences held.

2018

2019

2017

2016

2020

(CloudCom)

(FiCloud)

TENCON

(ICBOSC)

IEEE Access (AIC

T)

(AIV

R)(E

EM)

(ICASS)

(ICFEC)

(ICISET)

(ISIICT)

(MCSoC)

(RCIS)

(CEC)

(FUSIO

N)

(IC

C)

(ICI

N)

(ICM

CIS)(ICM

LA)(ICMLOE)

IEEE Access

IEEE Transactions on Cybernetics

Figure 4: Name and year of conferences held.


learning algorithms are used for the detection of intrusionaffecting the system of organizations. Shafiq et al. [7] pro-posed a novel framework and used BoT-IoT identificationdataset and 44 features with the help of machine learningalgorithm. After this, five effective machine learning algo-rithms are considered for the detection of anomaly and

malicious traffic with performance of evaluation measures ofmachine learning algorithm. An approach of bijective softestand its algorithm is applied to find effectiveness of machinelearning algorithm. Mohanta et al. [2] reported the tech-nology of IoT and its applications in different areas. %esecurity issues such as integrity, availability, and

20162017

20182019

2020

1

3

108

1

1 2 3 4 5

YearNo

Figure 5: Total number of conferences held in the given year.

0 200 400 600 800 1000 1200Review articles

Research articlesBook chapters

Conference abstracts

Number of paper

Figure 6: Article type total number of publication.

0 20 40 60 80 100 120 140

Future generation computer systems

Journal of network and computer applications

Journal of systems and so�ware

Computers & security

Expert systems with applications

Computer networks

Computer communications

Fuel and energy abstracts

Renewable and sustainable energy reviews

Information and so�ware technology

No. of publications

Publ

icat

ion

title

Figure 7: Publication title along with total number of publication.


confidentiality and the issues are discovered. %e applica-tions of artificial intelligence, machine learning, andBlockchain for the issues of security for IoT are studied.Marwan et al. [10] proposed a ML based approach to securethe processing of data based on cloud environment. %esupport vector machines and fuzzy c-means clustering wereused to classify the pixels of images in an efficient way. Toreduce the disclosure of medical information, the module of

CloudSec into the conventional architecture of two-layeredwas incorporated.

Katzir and Elovic [5] presented the adversarial resil-ience based on supervised machine learning algorithm fordetection systems. %e study provides a definition ofadversarial resilience with focus on system of multisensoryfusion. Model robustness score was defined for evaluatingthe relative resilience of existing models, and then two

0

50

100

150

200

250

300

350

400

450

2015 2016 2017 2018 2019 2020 2021

No.

of p

aper

Year

Series1Linear (Series1)

Figure 8: Total number of papers published in the given year.

050

100150200250300350400450

No.

of p

ublic

atio

ns

Subject

Acc

ount

ing

Agr

icul

ture

Ant

hrop

olog

yA

quac

ultu

re, fi

sher

ies &

fish

scie

nce

Arc

hite

ctur

e & p

lann

ing

Biom

edic

al en

gine

erin

gBu

sines

s & m

anag

emen

tCh

emic

al &

bio

chem

ical

engi

neer

ing

Chem

istry

Civi

l eng

inee

ring

& co

nstr

uctio

nCo

mm

unic

atio

n &

med

ia st

udie

sCo

mpu

ter s

cien

ceCu

ltura

l stu

dies

Den

tistr

yD

evel

opm

ent s

tudi

esEa

rth

scie

nce

Econ

omic

sEd

ucat

ion

Elec

tric

al &

elec

tron

ics e

ngin

eerin

gEn

ergy

Envi

ronm

enta

l stu

dies

Fina

nce &

inve

stmen

tsFo

od sc

ienc

e & te

chno

logy

Gen

eral

use

r com

putin

gG

eogr

aphy

Hea

lth &

hea

lth ca

reH

istor

yIn

dustr

ial e

ngin

eerin

gLa

w &

crim

inol

ogy

Life

scie

nces

Mat

eria

ls sc

ienc

eM

athe

mat

ics

Mec

hani

cal e

ngin

eerin

gM

edic

al sc

ienc

eN

anot

echn

olog

yN

ursin

g &

mid

wife

ryPh

iloso

phy

Phys

ics

Polit

ical

scie

nce

Poly

mer

scie

nce &

tech

nolo

gyPs

ycho

logy

Secu

rity

man

agem

ent

Soci

olog

ySt

atist

ics

Test

prep

Vet

erin

ary

med

icin

e

Figure 9: Subjects along with the number of publications.


Subject

020406080

100120140160180

200

No.

of p

ublic

atio

ns

Engi

neer

ing

& te

chno

logy

Econ

omic

s, fin

ance

, bus

ines

s & in

dustr

yCo

mpu

ter s

cien

ceM

edic

ine,

dent

istry

, nur

sing

& al

lied

heal

thBu

ilt en

viro

nmen

tBe

havi

oral

scie

nces

Polit

ics &

inte

rnat

iona

l rel

atio

nsEa

rth

scie

nces

Geo

grap

hyBi

osci

ence

Envi

ronm

ent &

agric

ultu

reH

uman

ities

Law

Educ

atio

nSo

cial

scie

nces

Mat

hem

atic

s & st

atist

ics

Dev

elop

men

t stu

dies

Urb

an st

udie

sEn

viro

nmen

t and

susta

inab

ility

Info

rmat

ion

scie

nce

Are

a stu

dies

Art

sH

ealth

and

soci

al ca

reSp

orts

and

leisu

rePh

ysic

al sc

ienc

esFo

od sc

ienc

e & te

chno

logy

Tour

ism, h

ospi

talit

y an

d ev

ents

Com

mun

icat

ion

studi

esLa

ngua

ge &

lite

ratu

reM

useu

m an

d he

ritag

e stu

dies

Figure 10: Subjects along with the number of publications.

0 10 20 30 40 50 60 70 80 90

ACM computing surveys

ACM SIGGRAPH computer graphics

�e journal of machine learning research

ACM SIGSOFT so�ware engineering notes

ACM transactions on autonomous and adaptive systems

ACM SIGMIS database: the DATABASE for advances in information systems

ACM transactions on knowledge discovery from data

ACM SIGPLAN notices

ACM SIGOPS operating systems review

IEEE/ACM transactions on networking

ACM transactions on intelligent systems and technology

Communications of the ACM

ACM SIGCOMM computer communication review

IEEE/ACM transactions on computational biology and bioinformatics

Proceedings of the ACM on interactive, mobile, wearable and ubiquitous technologies

No. of publications

Jour

nal/m

agaz

ine

Figure 11: Journal/magazine name and number of publication.


novel feature selection algorithms for designing adversaryaware classifiers were recommended. In network com-munication, one of the major concerns is the detection ofintrusion. Different approaches are used for effective andefficient detection and prevention of intrusion and en-suring privacy and security. Four classifiers of machinelearning algorithms that are, Naı̈ve–Bayes, support vector

machine, decision tree, and Random Forest using ApacheSpark were used to evaluate the performance of intrusiondetection in network [11]. Apart from this, several ap-proaches exist for security evaluation such as analyticnetwork process, analytic hierarchy process, fuzzy logic,IoT-based security evaluation, and feature-based birth-marks [19, 28, 29].

0 2 4 6 8 10 12 14 16 18

The handbook of multimodal-multisensor interfaces

Declarative logic programming

The handbook of multimodal-multisensor interfaces

ACM oral history interviews

CCS’19: proceedings of the 2019 ACM SIGSAC conference oncomputer and communications security

Frontiers of multimedia research

CCS’15: proceedings of the 22nd ACM SIGSAC conference oncomputer and communications security

CHI’18: proceedings of the 2018 CHI conference on human factors incomputing systems

ISCA’19: proceedings of the 46th international symposium on computerarchitecture

ITICSE-WGR’15: proceedings of the 2015 ITiCSE on working groupreports

ITiCSE-WGR’97: the supplemental proceedings of the conference onintegrating technology into computer science education: working group

reports and supplemental proceedings

MobiCom’19: the 25th annual international conference on mobilecomputing and networking

MobiSys’09: proceedings of the 7th international conference on mobilesystems, applications, and services

SACMAT’20: proceedings of the 25th ACM symposium on accesscontrol models and technologies

SOSP’09: proceedings of the ACM SIGOPS 22nd symposium onoperating systems principles

The continuing arms race

WSC’19: proceedings of the winter simulation conference

FMSE’03: proceedings of the 2003 ACM workshop on formal methodsin security engineering

KDD’04: proceedings of the tenth ACM SIGKDD internationalconference on knowledge discovery and data mining

SSRS’03: proceedings of the 2003 ACM workshop on survivable andself-regenerative systems: in association with 10th ACM conference on

computer and communications security

No. of publications

Proc

eedi

ng/b

ook

nam

e

Figure 12: Proceeding/book name and number of publication.


4. Library-Based Search for theExisting Research

Before, data security was simply a specialized concern andspecialized representatives were answerable for data securityissues inside an organization. %us, in previous years, therewas a shift of paradigm from the official innovationmaster tothe obligation of administration and a more business-cen-tred view ensuring data security. Nowadays, security su-pervisors are completely capable to consider and react todata security issues. Due to the move from a specialized to anadministration point of view, the examination concentrationadditionally changed from specialized setting to investi-gating the administration job. Supervisors must have theoption to accept specialized dangers just as different ele-ments like human conduct into record to take the privilege

and powerful activities to moderate threats. %erefore, thisexamination has the reason to distinguish the key compo-nents and assess them and investigate between conditions toat last produce a thorough model to comprehend the se-curity of data at multilevel nature and subsequently give highdata security, the executive choices.

Multicriteria and machine learning algorithms plays animportant role in security of information. Mostly, the se-curity of the IoT devices is evaluated through machinelearning algorithms.%e purpose of this section is to identifythe existing available research from different popular li-braries in order to extract meaning insights for practitioners.%ese libraries mainly include ACM, Sciencedirect, IEEE,Springer, Wiley, and Tailor & Francis. %e query wasconsidered as collection of different words. An individualword shows more materials which is very difficult to analyze.

0 5 10 15 20 25 30

SIGGRAPH: international conference on computer graphics andinteractive techniques

CCS: computer and communications security

ICSE: international conference on so�ware engineering

KDD: knowledge discovery and data mining

MOD: international conference on management of data

COMM: ACM SIGCOMM

ITiCSE: innovation and technology in computer science education

AAMAS: international conference on autonomous agents andmultiagent systems

ASIA CCS: ACM symposium on information, computer andcommunications security

SPLASH: systems, programming, and applications

WWW: international world wide web conference

FSE: foundations of so�ware engineering

GECCO: genetic and evolutionary computation conference

NSPW: new security paradigms and workshop

CCGRID: cluster, cloud and grid computing

MobiSys: mobile systems, applications, and services

WSC: winter simulation conference

CODASPY: data and application security and privacy

MM: international multimedia conference

SAC: symposium on applied computing

No. of publications

Proc

eedi

ngs s

erie

s

Figure 13: Proceeding series and number of publication.


So the query was considered as the collection of differentwords with the operator “AND” and “OR” to show all therelevant materials. %e mentioned libraries were searchedbased on the following queries:

(“software component” OR “component of software”) AND(“security evaluation OR security assessing”) AND (“multicriteria decision” OR “multi-criteria decision”) AND(“machine learning”), and/or (software component ORcomponent of software) AND (security evaluation ORsecurity assessing) AND (multi criteria decision OR multi-criteria decision) AND (machine learning)

%e reasons behind the two queries is that entering thefirst query gives less amount of materials while the secondquery gives huge amount of materials. %e study attempts toselect more articles to give more detail information to theresearch community. %ese libraries were searched fromdifferent perspectives and the details are given in the fol-lowing subsections. Figure 1 shows the relevant terminol-ogies to the security.

%e following subsections briefly show the details of thesearch process in the selected famous libraries. %e reasonbehind the selection of these libraries is that these are themost popular and well-known libraries. Googlescholar wasnot considered as there are more irrelevant materials and

PDF86%

Image1% HTML

7%

Archive/Zip3%

Video3%

Figure 14: Media format and number of publication.

SA’17, 5SA’16, 5

SPLASH’16, 4

CCS’19, 4

SIGMOD/PODS’15, 3

ITICSE’15, 3

ICSE’18, 3CCS’15, 3CCS’18, 3

Asia CCS’19, 3

ICMI’16, 2

GECCO’16, 2

FAT∗’20, 2

CSCW’17, 2

CODASPY’18, 2CIKM’19, 2 CHI’18, 2

CCS03, 2CCGrid’17, 2 AAMAS’11, 2

Figure 15: Conference event and number of publication.


there is no authenticity to the materials that is relevant orirrelevant. It shows all the available sources, which is thendifficult to analyse.

4.1. Searching Process in IEEE. %e IEEE library wassearched to find the relevant information regarding theapplications of machine learning and multicriteria decisionregarding security evaluation. Figure 2 shows the publica-tion type and total number of publications related to thegiven search. %ese publications are categorized into dif-ferent areas such as decision making, learning, fuzzy theory,genetic algorithm, and operational research.

%e search process was further explored to find morerelevant information of these studies. Figure 3 shows theplaces of conferences held.

Figure 4 shows the year of conferences held.Figure 5 shows the total number of conferences heldS in

the given year.

4.2. Searching Process in Sciencedirect Library. Aftersearching the library of IEEE, it was felt that the other fa-mous libraries should also be searched to see the relevantmaterials published in the literature. Figure 6 shows thearticle type in the form of conference, journal, book chapter,and review articles along with the total number ofpublications.

%e publications were then checked that which paper ispublished in which specific journal/conference. Figure 7shows the title of publication where the paper is pub-lished along with the total number of papers.

%e searched papers were checked to show the year ofpublication that a paper is published in which particular

year. Figure 8 shows the total number of publications in thegiven year.

4.3. Searching Process in Wiley Library. %e Wiley librarywas searched to find the relevant materials regardingparticular search terms. %is library does not contain moresearching operations as compared to the other libraries. So,only the subjects related information along with the totalnumber of publications is shown in Figure 9.

4.4. Searching Process in Tailor & Francis Library. %e Tailorand Francis library was searched to get the most relevantinformation. Figure 10 shows the subjects of publicationalong with the total number of publication in the givenlibrary in which engineering and technology is on top fol-lowed by other disciplines.

4.5. SearchingProcess inACMLibrary. %edefined keywordswere searched in the ACM library for obtaining relevantinformation. %e ACM library contains several options tostudy the search results from different perspectives. %eseperspectives include the publication name where the paper ispublished, publication types, proceedings, media format,and many others. Figure 11 shows the journal/magazinename along with the total number of papers published forthe search process.

Figure 12 shows the proceedings/book name along withthe total number of publications in the ACM library.

Figure 13 shows the proceedings series along with thetotal number of publications.

%e search process in this library was further ex-plored to show the media format that which is the

0

50

100

150

200

250

300

350

400

450

No.

of p

ublic

atio

ns

Content type

Rese

arch

artic

le

Tuto

rial

Colu

mn

Mon

ogra

ph

Pref

ator

y

Inde

x

Sect

ion

Dem

onstr

atio

n

Inte

rvie

w

Intr

oduc

tion

Shor

t pap

er

Figure 16: Content type and total number of publication.


particular format of publication. %e media format in-cludes, PDF, image, HTML, Archive/Zip, and video.Figure 14 shows the media format of the publication inthe ACM library.

Figure 15 shows the event of the conferences along withthe total number of publications.

Figure 16 shows the content type along with the numberof publications in the ACM library for the search process.%e content types include research article, tutorial, column,monograph, prefatory, index, section, demonstration, in-terview, introduction, and short paper.

4.6. Searching Process in Springer Library. %e Springer li-brary was searched to show the relevantmaterials published for

the given query and keywords. %is library contains differentoptions for searching a particular query of keywords. Figure 17shows the discipline and total number of publications.

Figure 18 shows the content type and total number ofpublications in the Springer library.

Figure 19 shows publications type of all publications andtotal number.

5. Conclusion

Security of components plays an important role in a systemto function properly. %e components are reusable parts of asystem which are reused to save time, effort, and cost ofdevelopments. Components can be reused as they are al-ready tested, debugged, and experienced. Component

0 100 200 300 400 500 600 700

Computer science

Engineering

Medicine & public health

Business and management

Economics

Energy

Political science and international relations

Environment

Law

Social sciences

Finance

Life sciences

Biomedicine

Philosophy

Geography

Earth sciences

Education

Physics

Mathematics

Psychology

Materials science

Popular science

Chemistry

Cultural and media studies

Linguistics

Criminology and criminal justice

History

Science, humanities and social sciences, multidisciplinary

Statistics

Religious studies

Pharmacy

No. of publications

Disc

iplin

e

Figure 17: Discipline and total number of publications.


security can protect a component from illegal access, use,and change of its contents. Considering the developments ininformation security, protecting the components becomes afundamental issue. To tackle this issues, a comprehensivestudy report is needed which can help practitioners toprotect their system. %e present study reports some of theavailable research regarding component security evaluationbased on multicriteria decision and machine learning al-gorithms in the popular searching libraries. Different per-spectives of the search process are shown to show theexistence of the research related to the current research.Based on the available literature summarized in this paper,researchers can take help from it as evidence and canpropose new ideas. In future, the proposed research can beextended to a more detailed analysis from different per-spectives such as feature-based security evaluation and real-time security evaluation.

Conflicts of Interest

%e authors declare that there are no conflicts of interestregarding the publication of this paper.

References

[1] H. H. Song, “Testing and evaluation system for cloud com-puting information security products,” in Proceedings of the3rd International Conference on Mechatronics and IntelligentRobotics (ICMIR-2019), pp. 84–87, Kunming, Yunnan, China,May 2019.

[2] B. K. Mohanta, D. Jena, U. Satapathy, and S. Patnaik, “Surveyon IoT security: challenges and solution using machinelearning, artificial intelligence and blockchain technology,”Internet of 9ings, vol. 11, Article ID 100227, 2020.

[3] R. Diesch, M. Pfaff, and H. Krcmar, “A comprehensive modelof information security factors for decision-makers,” Com-puters & Security, vol. 92, Article ID 101747, 2020.

[4] N. A. B. Mohd and Z. F. Zaaba, “A review of usability andsecurity evaluation model of ecommerce website,” in Pro-ceedings of the Fifth Information Systems International Con-ference 2019, pp. 1199–1205, Surabaya, Indonesia, July 2019.

[5] Z. Katzir and Y. Elovici, “Quantifying the resilience of ma-chine learning classifiers used for cyber security,” ExpertSystems with Applications, vol. 92, pp. 419–429, 2018.

[6] T. Saranya, S. Sridevi, C. Deisy, T. D. Chung, andM. K. A. Ahamed Khan, “Performance analysis of machinelearning algorithms in intrusion detection system: a review,”Procedia Computer Science, vol. 171, pp. 1251–1260, 2020.

[7] M. Shafiq, Z. Tian, Y. Sun, X. Du, andM. Guizani, “Selection ofeffective machine learning algorithm and Bot-IoTattacks trafficidentification for internet of things in smart city,” FutureGeneration Computer Systems, vol. 107, pp. 433–442, 2020.

[8] S. Manjia Tahsien, H. karimipour, and P. spachos, “Machinelearning based solutions for security of internet of things(IoT): a survey,” Journal of Network and Computer Appli-cations, vol. 161, Article ID 102630, 2020.

[9] X. Wang, J. Li, X. Kuang, Y.-a. Tan, and J. Li, “%e security ofmachine learning in an adversarial setting: a survey,” Journalof Parallel and Distributed Computing, vol. 130, pp. 12–23,2019.

[10] M. Marwan, A. Kartit, and H. Ouahmane, “Securityenhancement in healthcare cloud using machine learn-ing,” Procedia Computer Science, vol. 127, pp. 388–397,2018.

[11] M. Belouch, S. El Hadaj, and M. Idhammad, “Performanceevaluation of intrusion detection based on machine learningusing Apache Spark,” Procedia Computer Science, vol. 127,pp. 1–6, 2018.

[12] M. A. Amanullah, R. A. A. Habeeb, F. H. Nasaruddin et al.,“Deep learning and big data technologies for IoT security,”Computer Communications, vol. 151, pp. 495–517, 2020.

[13] J. Yuan and X. Luo, “Regional energy security performanceevaluation in China using MTGS and SPA-TOPSIS,” Scienceof the Total Environment, Article ID 133817, vol. 696, pp. 1–11,2019.

[14] C. Wijayarathna and N. A. G. Arachchilage, “Using cognitivedimensions to evaluate the usability of security APIs: anempirical investigation,” Information and Software Technol-ogy, vol. 115, pp. 5–19, 2019.

[15] Z. Zhang, J. Wen, X. Wang, and C. Zhao, “A novel crowdevaluation method for security and trustworthiness of onlinesocial networks platforms based on signaling theory,” Journalof Computational Science, vol. 26, pp. 468–477, 2017.

[16] W. Mao, Z. Cai, D. Towsley, Q. Feng, and X. Guan, “Securityimportance assessment for system objects and malware de-tection,” Computers & Security, vol. 68, pp. 47–68, 2017.

[17] T. Halabi and M. Bellaiche, “Towards quantification andevaluation of security of cloud service providers,” Journal ofInformation Security and Applications, vol. 33, pp. 55–65,2017.

[18] M. Cheah, S. A. Shaikh, O. Haas, and A. Ruddle, “Towards asystematic security evaluation of the automotive Bluetoothinterface,” Vehicular Communications, vol. 9, pp. 8–18, 2017.

[19] S. Nazir, S. Shahzad,M. Nazir, andH. U. Rehman, “Evaluatingsecurity of software components using analytic networkprocess,” in Proceedings of the 11th International Conferenceon Frontiers of Information Technology (FIT), pp. 183–188,Islamabad, Pakistan, December 2013.

Chapter, 1072

Article, 881

Conference paper, 166

Reference work entry, 30

Protocol, 1

Other, 31

Figure 18: Content type and total number of publication.

050

100150200250300350

Proceedings Journals Newsletters Books Reports Magazines

No.

of p

ublic

atio

ns

Publication type

Figure 19: All publications and total number.


[20] Y. Cherdantseva, J. Hilton, O. Rana, and W. Ivins, “A mul-tifaceted evaluation of the reference model of informationassurance & security,” Computers & Security, vol. 63,pp. 45–66, 2016.

[21] M. Jouini, L. B. A. Rabai, and R. Khedri, “A multidimensionalapproach towards a quantitative assessment of securitythreats,” in Proceedings of the Procedia Computer Science the6th International Conference on Ambient Systems, Networksand Technologies, pp. 507–514, London, UK, December 2015.

[22] I. Kotenko and A. Chechulin, “Computer attack modeling andsecurity evaluation based on attack graphs,” in Proceedings ofthe 7th IEEE International Conference on Intelligent DataAcquisition and Advanced Computing Systems, pp. 614–619,Berlin, Germany, September 2013.

[23] P. Subsorn and S. Limwiriyakul, “A comparative analysis ofinternet banking security in %ailand: a customer perspec-tive,” Procedia Engineering, vol. 32, pp. 260–272, 2012.

[24] I. Kotenko and A. Chechulin, “Common framework for attackmodeling and security evaluation in SIEM systems,” inProceedings of the IEEE International Conference on GreenComputing and Communications, Conference on Internet of9ings, and Conference on Cyber, pp. 94–101, Besançon,France, 2012.

[25] M. Li, S. Nazir, H. U. Khan, S. Shahzad, and R. Amin,“Modelling features-based birthmarks for security of end-to-end communication system,” Security and CommunicationNetworks, vol. 2020, 2020.

[26] H. U. Rahman, A. U. Rehman, S. Nazir, I. U. Rehman, andN. Uddin, “Privacy and security—limits of personal infor-mation to minimize loss of privacy,” in Proceedings of theFuture of Information and Communication Conference,pp. 964–974, San Francisco, CA, USA, March 2019.

[27] B. A. Sassani, M. Alkorbi, N. Jamil, M. A. Naeem, andF. Mirza, “Evaluating encryption algorithms for sensitive datausing different storage devices,” Scientific Programming,Article ID 6132312, vol. 2020, pp. 1–9, 2020.

[28] B. Liao, Y. Ali, S. Nazir, L. He, and H. U. Khan, “Securityanalysis of IoT devices by using mobile computing: a sys-tematic literature review,” IEEE Access, vol. 8, p. 1, 2020.

[29] S. Nazir, S. Shahzad, S. Mahfooz, and M. N. Jan, “Fuzzy logicbased decision support system for component securityevaluation,” International Arab Journal of Information andTechnology, vol. 15, pp. 1–9, 2015.


multicriteriadecisionandmachinelearningalgorithmsfor...

Documents