Integrated Decision Support System of AHP and EGT for Information Security Control Analysis

Abstract

As the new technologies are developing rapidly, information security’s criminals become more intelligent, and evasive. The information security officer feels challenged in assessing the security control’s criteria, and to make the optimal decision to protect the organization’s data system. In this paper, we propose a hybrid model of Analytic Hierarchy Process (AHP) and Evolutionary Game Theory (EGT) to demonstrate the information security scenario, hence, to solve the problem faced. Firstly, the AHP is applied to evaluate the criteria of information security control. The priority of the alternatives is then determined based on the evaluation of the criteria. Secondly, we model the defence-attack situation by the EGT, where the strategies and payoffs for both parties will be formulated. We apply the replicator dynamic to analyze the evolution process of the game, henceforth the optimal strategy is decided. A case study is presented to demonstrate the application of the hybrid model in solving the information security problem.