Multicriteria Decision and Machine Learning Algorithms for Component Security Evaluation: Library-Based Overview

Components are the significant part of a system which plays an important role in the functionality of the system. Components are the reusable part of a system which are already tested, debugged, and experienced based on the previous practices. A new system is developed based on the reusable components, as reusability of components is recommended to save time, effort, and resources as such components are already made. Security of components is a significant constituent of the system to maintain the existence of the component as well as the system to function smoothly. Component security can protect a component from illegal access and changing its contents. Considering the developments in information security, protecting the components becomes a fundamental issue. In order to tackle such issues, a comprehensive study report is needed which can help practitioners to protect their system. %e current study is an endeavor to report some of the existing studies regarding component security evaluation based on multicriteria decision and machine learning algorithms in the popular searching libraries.


Introduction
Technology has made life easier but has exposed several security issues. Over the last few years with the development of Internet, the number of attacks has increased. Technology plays an inevitable role in human life. e Internet of ings (IoT) enables communication with different devices. e smart devices are connected to communicate, process, compute, and monitor diverse real-time scenarios. e devices are normally heterogeneous and have low memory and short power for processing. e concept of Internet of ings came with the challenges of privacy and security, as the conventional security protocol does not fit the devices of IoT. e information security of an organization is highly dependent on different types of information of the organization. Manager of the information security is not only concerned with the relevant information but also with the interdependencies among this information. Individuals, government, and organizations are facing risks of information security. ese risks can be damaged at a high level in terms of breach of confidentiality of sensitive data, financial loss, and loss of integrity and availability of data which is sensitive. Security of components plays an important role in the functionality of a system to run properly. Different studies are available for the security purpose [1][2][3][4][5]. e algorithms of ML have shown a considerable performance in different application fields such facial recognition, text recognition, spam detection, and so on. e applications of machine learning (ML) algorithms are obvious in different domain areas [2,[5][6][7][8][9][10][11].
e contribution of the proposed study is to present a comprehensive report on some of the existing state-of-the-art research studies for component security evaluation based on multicriteria decision and machine learning algorithms.
is study will support the researchers to extract the most useful insights of security to a particular domain to strengthen its existence and to avoid future hurdles. e organization of the paper is as follows. Section 2 presents the related work to the current research, in particular to multicriteria decision and machine learning algorithm applications for component security evaluation. Section 3 briefly shows multicriteria decision and machine learning approaches to the security evaluation. Section 4 shows the library-based analysis of the existing literature from different perspectives in the most popular libraries.

Related Work
Different approaches are being proposed by researchers to tackle the issue of security from different perspectives. Saranya et al. [6] presented the study of comparisons of different machine learning algorithms for intrusion detection system with applications in different areas such as smart city, Interenet of ings, fog computing, big data, and so on. e KDD-CUP dataset was used to test efficiency and compared with existing available research. For the information security products of cloud computing, a test evaluation system is established [1]. e security identification has a significant role in the field like Internet of ings in smart city. Manjia Tahsien et al. [8] presented an overview of the IoT architecture with a detailed review on machine learning algorithms, significance of IoT security with diverse types of attacks. e study proposed a model of the associated information management factors for the information security of organization. Firstly, they surveyed 136 articles to identify the information security factors, and secondly, a series of interviews with 19 experts from the industry to evaluate the relevancy of these factors. In third step, a complete model was developed [3]. e authors [12] conducted a detailed survey of the state-of-the-art IoT security, deep learning, and big data technology. Yuan and Luo [13] evaluated energy security of the Chinese provinces through analyzing the reasons and implementation of policy, with the help of MTGS and SPA-TOPSIS. Wijayarathna and Arachchilage [14] assessed the cognitive dimensions framework with the help of four security application programming interfaces, such as Bouncy Castle light weight Crypto API, Google Authentication API, OWASP Enterprise Security API, and Java Secure Socket Extension API. Wang et al. [9] presented a detailed overview of the security properties investigation of machine learning algorithms. ey have analysed the security model of ML to build up a blueprint for multidisciplinary area of research. After that, the attack methods and the strategies of defense against them are discussed. e study presented an overview of the weaknesses and strengths of the available evaluation methods used for usability and security for the websites of electronic commerce (E-commerce). e evaluation models from 2000 to 2018 have been reviewed for E-commerce [4]. Many burning issues like untrustworthy information, insecure platform, malicious propagation, and illegal cheating exist. Security and trustworthiness play an important role for the communication among social interactions of sharing information and communication. Zhang et al. [15] proposed an approach for crowed assessing the security and trustworthiness of open social networks based on signaling theory.
Mao et al. [16] proposed a system for building security dependency to measure the significance of security of a system from a wide perspective of the system. e effect of small-world and power-law distribution for the degree for in-and out-degree in security dependency network was observed. Halabi and Bellaiche [17] proposed an approach for measuring performance and assessment of services of security for Cloud on the basis of set of assessment measures using Goal-Question-Metric. Cheah et al. [18] devised a systematic framework for security testing for interfaces of automotive Bluetooth and applied a tool of proof-of-concept to carry out testing on vehicle with the help of the proposed framework. Nazir et al. [19] proposed a methodology for evaluating the security of software components using the analytic network process. is technique works in the situation of complexity where dependencies exist among different nodes of network. Cherdantsevaet al. presented an evaluation of a reference model of information assurance and security for summarizing the information required by the information assurance and security community [20]. Jouini et al. proposed a quantitative approach to security risk for information systems which is extendable, systematic, and modular.
e study aimed to effectively evaluate security threat in a comprehensive way [21]. e study considered an approach to attack of computer modeling and security assessment which is recommended to realize in advanced Security Information and Event Management (SIEM) systems. Subsorn and Limwiriyakul [23] examined the security of internet banking of 16 Australian banks for finding the shortcomings which were probably affecting the confidentiality of the bank customers. Furthermore, the study investigated 12 ai commercial banks and compared the results with those of the previous research. Kotenko and Chechulin [24] presented a framework for security assessment and attack modelling in security information and event management system.

Multicriteria Decision Making and Machine Learning Algorithms for Security Evaluation
Several techniques are being practiced in the literature for security evaluation [25][26][27]   (CloudCom)   Security and Communication Networks confidentiality and the issues are discovered. e applications of artificial intelligence, machine learning, and Blockchain for the issues of security for IoT are studied. Marwan et al. [10] proposed a ML based approach to secure the processing of data based on cloud environment. e support vector machines and fuzzy c-means clustering were used to classify the pixels of images in an efficient way. To reduce the disclosure of medical information, the module of CloudSec into the conventional architecture of two-layered was incorporated.
Katzir and Elovic [5] presented the adversarial resilience based on supervised machine learning algorithm for detection systems.
e study provides a definition of adversarial resilience with focus on system of multisensory fusion. Model robustness score was defined for evaluating the relative resilience of existing models, and then two      Security and Communication Networks novel feature selection algorithms for designing adversary aware classifiers were recommended. In network communication, one of the major concerns is the detection of intrusion. Different approaches are used for effective and efficient detection and prevention of intrusion and ensuring privacy and security. Four classifiers of machine learning algorithms that are, Naïve-Bayes, support vector machine, decision tree, and Random Forest using Apache Spark were used to evaluate the performance of intrusion detection in network [11]. Apart from this, several approaches exist for security evaluation such as analytic network process, analytic hierarchy process, fuzzy logic, IoT-based security evaluation, and feature-based birthmarks [19,28,29].

Library-Based Search for the Existing Research
Before, data security was simply a specialized concern and specialized representatives were answerable for data security issues inside an organization. us, in previous years, there was a shift of paradigm from the official innovation master to the obligation of administration and a more business-centred view ensuring data security. Nowadays, security supervisors are completely capable to consider and react to data security issues. Due to the move from a specialized to an administration point of view, the examination concentration additionally changed from specialized setting to investigating the administration job. Supervisors must have the option to accept specialized dangers just as different elements like human conduct into record to take the privilege and powerful activities to moderate threats. erefore, this examination has the reason to distinguish the key components and assess them and investigate between conditions to at last produce a thorough model to comprehend the security of data at multilevel nature and subsequently give high data security, the executive choices. Multicriteria and machine learning algorithms plays an important role in security of information. Mostly, the security of the IoT devices is evaluated through machine learning algorithms. e purpose of this section is to identify the existing available research from different popular libraries in order to extract meaning insights for practitioners. ese libraries mainly include ACM, Sciencedirect, IEEE, Springer, Wiley, and Tailor & Francis.
e query was considered as collection of different words. An individual word shows more materials which is very difficult to analyze.

Security and Communication Networks
So the query was considered as the collection of different words with the operator "AND" and "OR" to show all the relevant materials. e mentioned libraries were searched based on the following queries: ("software component" OR "component of software") AND ("security evaluation OR security assessing") AND ("multi criteria decision" OR "multi-criteria decision") AND ("machine learning"), and/or (software component OR component of software) AND (security evaluation OR security assessing) AND (multi criteria decision OR multicriteria decision) AND (machine learning) e reasons behind the two queries is that entering the first query gives less amount of materials while the second query gives huge amount of materials. e study attempts to select more articles to give more detail information to the research community. ese libraries were searched from different perspectives and the details are given in the following subsections. Figure 1 shows the relevant terminologies to the security. e following subsections briefly show the details of the search process in the selected famous libraries. e reason behind the selection of these libraries is that these are the most popular and well-known libraries. Googlescholar was not considered as there are more irrelevant materials and  there is no authenticity to the materials that is relevant or irrelevant. It shows all the available sources, which is then difficult to analyse.

Searching Process in IEEE.
e IEEE library was searched to find the relevant information regarding the applications of machine learning and multicriteria decision regarding security evaluation. Figure 2 shows the publication type and total number of publications related to the given search. ese publications are categorized into different areas such as decision making, learning, fuzzy theory, genetic algorithm, and operational research. e search process was further explored to find more relevant information of these studies. Figure 3 shows the places of conferences held. Figure 4 shows the year of conferences held. Figure 5 shows the total number of conferences heldS in the given year.

Searching Process in Sciencedirect Library.
After searching the library of IEEE, it was felt that the other famous libraries should also be searched to see the relevant materials published in the literature. Figure 6 shows the article type in the form of conference, journal, book chapter, and review articles along with the total number of publications.
e publications were then checked that which paper is published in which specific journal/conference. Figure 7 shows the title of publication where the paper is published along with the total number of papers. e searched papers were checked to show the year of publication that a paper is published in which particular year. Figure 8 shows the total number of publications in the given year.

Searching Process in Wiley Library.
e Wiley library was searched to find the relevant materials regarding particular search terms. is library does not contain more searching operations as compared to the other libraries. So, only the subjects related information along with the total number of publications is shown in Figure 9.

Searching Process in Tailor & Francis Library.
e Tailor and Francis library was searched to get the most relevant information. Figure 10 shows the subjects of publication along with the total number of publication in the given library in which engineering and technology is on top followed by other disciplines.

Searching Process in ACM Library.
e defined keywords were searched in the ACM library for obtaining relevant information. e ACM library contains several options to study the search results from different perspectives. ese perspectives include the publication name where the paper is published, publication types, proceedings, media format, and many others. Figure 11 shows the journal/magazine name along with the total number of papers published for the search process. Figure 12 shows the proceedings/book name along with the total number of publications in the ACM library. Figure 13 shows the proceedings series along with the total number of publications.
e search process in this library was further explored to show the media format that which is the e media format includes, PDF, image, HTML, Archive/Zip, and video. Figure 14 shows the media format of the publication in the ACM library. Figure 15 shows the event of the conferences along with the total number of publications. Figure 16 shows the content type along with the number of publications in the ACM library for the search process. e content types include research article, tutorial, column, monograph, prefatory, index, section, demonstration, interview, introduction, and short paper.

Searching Process in Springer Library.
e Springer library was searched to show the relevant materials published for the given query and keywords. is library contains different options for searching a particular query of keywords. Figure 17 shows the discipline and total number of publications. Figure 18 shows the content type and total number of publications in the Springer library. Figure 19 shows publications type of all publications and total number.

Conclusion
Security of components plays an important role in a system to function properly. e components are reusable parts of a system which are reused to save time, effort, and cost of developments. Components can be reused as they are already tested, debugged, and experienced. Component security can protect a component from illegal access, use, and change of its contents. Considering the developments in information security, protecting the components becomes a fundamental issue. To tackle this issues, a comprehensive study report is needed which can help practitioners to protect their system. e present study reports some of the available research regarding component security evaluation based on multicriteria decision and machine learning algorithms in the popular searching libraries. Different perspectives of the search process are shown to show the existence of the research related to the current research. Based on the available literature summarized in this paper, researchers can take help from it as evidence and can propose new ideas. In future, the proposed research can be extended to a more detailed analysis from different perspectives such as feature-based security evaluation and realtime security evaluation.