全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元
投递稿件

查看量下载量

相关文章

更多...

Prioritizing Defense in Depth Measures Using Artificial Intelligence (AI) and the Expected Utility Hypothesis

DOI: 10.4236/jis.2025.162012, PP. 227-251

Keywords: Artificial Intelligence (AI), Expected Utility Hypothesis (EUH), Information Assurance, Defense in Depth, Information Technology, Network Security, Cybersecurity

Full-Text   Cite this paper   Add to My Lib

Abstract:

The purpose of this research was to determine whether Artificial Intelligence (AI) and the Expected Utility Hypothesis can be effectively applied to the prioritization of defense in-depth security tools and procedures to reduce cyber threats. The way this was determined, or methods used in this study consisted of using AI (Microsoft CoPilot) to rank the current top 10 cybersecurity threats and the cybersecurity defense in depth utilities that are designed to reduce those threats. The methods further involved using the Likert Scale Model to create an ordinal ranking of the cybersecurity threats. The defense in depth utilities and procedures were then compared to see whether AI (CoPilot), the Likert scale and the Expected Utility Hypothesis could be effectively applied to prioritize and combine the measures to reduce cyber threats. The results of this research reject the H0 null hypothesis that AI and the Expected Utility Hypothesis does not affect the relationship between prioritization and combining of defense in depth utilities and procedures (independent variables) and related cyber threats (dependent variables).

 References

[1]  Microsoft Copilot. (2025) Expected Utility Hypothesis. Microsoft Copilot.
[2]  Ewing, C. (2010) Engineering Defense-in-Depth Cybersecurity for the Modern Substation. Proceedings of the 12th Annual Western Power Delivery Automation Conference, Spokane, 13-15 April 2010, 1-5.
[3]  Carey, M.J. and Paulsen, G.B. (2017) System and Method for Simulating Network Security Threats and Assessing Network Security. U.S. Patent Application No. 14/ 837,033.
[4]  Fabro, M. (2006) Control Systems Cyber Security: Defense in Depth Strategies (No. INL/CON-07-12804). Idaho National Laboratory (INL).
[5]  Cleghorn, L. (2013) Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth. Journal of Information Security, 4, 144-149.
https://doi.org/10.4236/jis.2013.43017
[6]  Mell, P.M., Shook, J. and Harang, R. (2017) Measuring and Improving the Effectiveness of Defense-in-Depth Postures. Proceedings of the 2nd Annual Industrial Control System Security Workshop.
[7]  Rathore, S., Sharma, P.K., Loia, V., Jeong, Y. and Park, J.H. (2017) Social Network Security: Issues, Challenges, Threats, and Solutions. Information Sciences, 421, 43-69.
https://doi.org/10.1016/j.ins.2017.08.063
[8]  Goztepe, K., Kilic, R. and Kayaalp, A. (2014) Cyber Defense in Depth: Designing Cyber Security Agency Organization for Turkey. Journal of Naval Science and Engineering, 10, 1-24.
[9]  Schneier, B. (2006) Security in the Cloud. www.schneier.com/blog/archives/2006/02/security_in_the.html
[10]  Meier, K.J., Favero, N. and Zhu, L. (2015) Performance Gaps and Managerial Decisions: A Bayesian Decision Theory of Managerial Action. Journal of Public Administration Research and Theory, 25, 1221-1246.
https://doi.org/10.1093/jopart/muu054
[11]  Weisberg, S. (2005). Applied Linear Regression (Vol. 528). John Wiley & Sons.
[12]  Bernoulli, D. (1738) Specimen theoriae novae de mensura sortis. Commentarii Academiae Scientiarum Imperialis Petropolitanae, 5, 175-192.
[13]  Haddawy, P. (1999) An Overview of Some Recent Developments in Bayesian Problem-Solving Techniques. AI Magazine, 20, 11-19.
[14]  El-Khameesy, N. and Mohamed, H.A.R. (2013) A Proposed Model for Datacenter in-Depth Defense to Enhance Continual Security. International Journal of Information Technology and Computer Science, 5, 55-67.
https://doi.org/10.5815/ijitcs.2013.04.07
[15]  Zou, K.H., Tuncali, K. and Silverman, S.G. (2003) Correlation and Simple Linear Regression. Radiology, 227, 617-628.
https://doi.org/10.1148/radiol.2273011499
[16]  Zou, Y., Zhu, J., Wang, X. and Hanzo, L. (2016) A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends. Proceedings of the IEEE, 104, 1727-1765.
https://doi.org/10.1109/jproc.2016.2558521
[17]  Nilsson, D.K. and Larson, U.E. (2009) A Defense-in-Depth Approach to Securing the Wireless Vehicle Infrastructure. Journal of Networks, 4, 552-564.
https://doi.org/10.4304/jnw.4.7.552-564
[18]  Bass, T. and Robichaux, R. (n.d.). Defense-in-depth Revisited: Qualitative Risk Analysis Methodology for Complex Network-Centric Operations. 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277), 1, 64-70.
https://doi.org/10.1109/milcom.2001.985765
[19]  IBM. (2023) Spear Phishing vs. Phishing: What’s the Difference?
https://www.ibm.com/think/topics/spear-phishing-vs-standard-phishing
[20]  CrowdStrike. (2022) What’s the Difference between Spear Phishing vs. Phishing?
https://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/spear-phishing-vs-phishing/
[21]  Liu, M.X., Zhang, Q.Y., Zhao, H. and Yu, D.M. (2008) Network Security Situation Assessment Based on Data Fusion. First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008), Adelaide, 23-24 January 2008, 542-545.
https://doi.org/10.1109/wkdd.2008.35
[22]  Conti, G. and Abdullah, K. (2004) Passive Visual Fingerprinting of Network Attack Tools. Proceedings of the 2004 ACM workshop on Visualization and Data Mining for Computer Security, New York, 45-54.
https://doi.org/10.1145/1029208.1029216
[23]  Microsoft (2025) Responsible AI Validation Checks for Declarative Agents.
https://learn.microsoft.com/en-us/microsoft-365-copilot/extensibility/rai-validation
[24]  Stryker, C. (2024) What Is Artificial Intelligence (AI). IBM.
https://www.ibm.com/topics/artificial-intelligence
[25]  Fortinet: Fortinet. AI in Cybersecurity: Key Benefits, Defense Strategies, & Future Trends.
https://www.fortinet.com/resources/cyberglossary/artificial-intelligence-in-cybersecurity
[26]  Forbes: Vellante, D. (2025) The State of AI Cybersecurity in 2025 and beyond.
https://www.forbes.com/sites/danielvellante/2025/02/10/the-state-of-ai-cybersecurity-in-2025-and-beyond/
[27]  CrowdStrike (2025) 2025 Global Threat Report. CrowdStrike, Inc.
https://www.crowdstrike.com/en-us/global-threat-report/
[28]  Chen, J. (2021) Expected Utility: Definition, Calculation and Examples. Investopedia Expected Utility: Definition, Calculation, and Examples.
[29]  Microsoft (2025) Security Copilot Use Cases for Security and IT Roles.
https://learn.microsoft.com/en-us/copilot/security/use-case-role-overview
[30]  Von Neumann, J. and Morgenstern, O. (1944) Theory of Games and Economic Behavior. Princeton University Press.
[31]  Sharpe, W.F. (1964) Capital Asset Prices: A Theory of Market Equilibrium under Conditions of Risk. The Journal of Finance, 19, 425-442.
https://doi.org/10.1111/j.1540-6261.1964.tb02865.x
[32]  ThreatLocker (2024). Dangers of AI in Cybersecurity You Need to Know about.
https://www.threatlocker.com/blog/dangers-ai-cybersecurity
[33]  Palo Alto Networks (n.d.) What Are the Risks and Benefits of Artificial Intelligence (AI) in Cybersecurity?
https://www.paloaltonetworks.com/cyberpedia/ai-risks-and-benefits-in-cybersecurity
[34]  National Institute of Standards and Technology (2025) Using Enterprise Risk Management (ERM) and the NIST Cybersecurity Framework (CSF) for Cybersecurity Risk Management (NIST IR 8286B).
https://csrc.nist.gov/pubs/ir/8286/b/upd1/final
[35]  Cooper, C.R. and Schindler, P.S. (2008) Business Research Methods. 10th Edition, McGraw-Hill.
[36]  Cyclops Security (2025) Case Study: Uncovering Risk.
https://blog.cyclops.security/case-study-uncovering-risk
[37]  ArXiv (2025) Optimal Resource Allocation to Cybersecurity and Cyber Insurance: A Comparative Analysis Using EUT and PT.
https://arxiv.org/abs/2411.18838
[38]  National Commission for the Protection of Human Subjects (1979) Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research. Department of Health and Welfare.
[39]  Chen, P., Desmet, L. and Huygens, C. (2014) A Study on Advanced Persistent Threats. In: De Decker, B. and Zúquete, A., Eds., Communications and Multimedia Security. CMS 2014. Lecture Notes in Computer Science, Vol. 8735, Springer, 63-72.
https://doi.org/10.1007/978-3-662-44885-4_5
[40]  Dictionary, Merriam-Webster (2015) An Encyclopedia Britannica Company.
http://www.merriam-webster.com/dictionary
[41]  Singh, A. and Bora, M.S. (2013) Cyber Threats and Security for Wireless Devices. Journal of Environmental Science, Computer Science, and Engineering & Technology, 2, 595-601.
[42]  Rouse, M. (2007) Defense in Depth.
https://www.techtarget.com/searchsecurity/definition/defense-in-depth
[43]  Cobb, M. (2014) Firewall.
http://searchsecurity.techtarget.com/definition/firewall
[44]  Cole, B. (2014) What Is an Intrusion Detection System (IDS)?
http://searchcompliance.techtarget.com/definition/intrusion-detection-systems-IDS
[45]  Mallik, A., Ahsan, A., Shahadat, M. and Tsou, J. (2019) Man-in-the-Middle-Attack: Understanding in Simple Words. International Journal of Data and Network Science, 3, 77-92.
https://doi.org/10.5267/j.ijdns.2019.1.001
[46]  Merriam-Webster (2020) Password. Merriam-Webster.com Dictionary.
https://www.merriam-webster.com/dictionary/password
[47]  Merriam-Webster. (2020) Public-Key. In Merriam-Webster.com Dictionary.
https://www.merriam-webster.com/dictionary/public-key
[48]  Pavlyushchik, M.A. (2014) System and Method for Detecting Malicious Code Executed by Virtual Machine. U.S. Patent No. 8,713,631.

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133