Classification of Cyber Threat Detection Techniques for Next-Generation Cyber Defense via Hesitant Bipolar Fuzzy Frank Information

1  Introduction

Cybersecurity has turned into an essential part of modern digital life as cyber-attack’s frequency and complexity keep rising. Organizations worldwide are increasingly faced with threats like phishing, ransomware, denial-of-service attacks, advanced persistent threats, and others that bring about operations disruption, loss of sensitive data, and possible financial loss. The ability to detect and mitigate these threats in real-time has emerged as a critical requirement to ensure the security and integrity of digital systems. Advances in technology have, in turn, propelled threat detection techniques. Artificial intelligence and machine learning are critical in the sense that they analyze huge volumes of data to find anomalies and detect malicious activities. It can be said that techniques, such as behavior-based detection, signature-based detection, and anomaly detection, enhance the capabilities of cybersecurity systems. Moreover, real-time monitoring, adaptive algorithms, and predictive analytics are an integral part of modern threat detection frameworks. The growth of the cybersecurity market for threat detection is discussed in Fig. 1.

Figure 1: Estimated growth trajectory of the cybersecurity market for advanced threat detection solutions from 2023 to 2030

However, with these advancements and the sheer volume of data, as well as changing cyber threats, it proves to be difficult to design such systems that can detect threats consistently without producing false positives and false negatives. The presence of uncertainty and ambiguity while dealing with complex decision-making often fails to be handled effectively by traditional methods. These reasons have led to searching for more advanced techniques in handling multi-criteria evaluation and providing precise results in an uncertain environment. Classification of detection techniques becomes important in this context to understand the strengths, limitations, and applicability of each method. A well-structured classification framework helps organizations pick the best-suited detection strategy for their needs, which will make their cybersecurity measures efficient and effective. This manuscript presents a new approach to the classification of cyber threat detection techniques based on hesitant bipolar fuzzy (HBF) Frank operators. Using HBF logic, the proposed framework deals with the uncertainty and imprecision that arise in an evaluation process regarding detection techniques. The decision-making process is advanced using Frank operators. This enables an in-depth study of competitive techniques. This research will provide a strong and flexible classification system that will guide the development and deployment of optimized cyber threat detection strategies. Some key steps involved in cyber threat detection are data collection, processing, threat identification, classification or analysis, and mitigation strategy. Data is first collected from the networks and devices. Then it is processed for noise removal before further analysis. Threat identification helps to spot irregular activities or vulnerabilities. They classify or analyze threats, understand their types, and then estimate the probable impact. They finally develop strategies for mitigating threats to neutralize them so that such incidents may not happen in the future. These three steps make for a complete security system against cyber-attacks. Moreover, the cyber threat detection steps are discussed in Fig. 2.

Figure 2: Key stages in the cyber threat detection process, including identification, analysis, mitigation, and response strategies

Q: Why is the classification of cyber threat detection techniques necessary in today’s cybersecurity landscape?

The classification of cyber threat detection techniques is very important in today’s fast-changing cybersecurity landscape, especially with the increasing complexity and frequency of cyberattacks. As organizations face diverse threats, ranging from phishing and ransomware to advanced persistent threats, a structured classification enables the systematic evaluation of detection methods. It identifies the most effective techniques for specific scenarios, ensuring efficient resource allocation and improved protection. This provides an understanding of the existing methods’ shortcomings and strengths, leading to innovative new systems and highly developed and flexible detection mechanisms. Classifications are vital to modern, information technology societies because the loss or exploitation of digital data can cause far-reaching effects, ranging from minor annoyances to financial disasters and other disastrous ends. Moreover, Fig. 3 discusses the classification and rising market adoption of cyber threat detection techniques.

Figure 3: Increasing market adoption of advanced cyber threat detection techniques across industries, demonstrating growth from 2018 to 2024

1.1 Significance of HBF Framework in MCDM

The HBF approach represents a very important issue to MCDM techniques when considering uncertainty and imprecision associated with decision-making activities. Real-world decision-makers regularly meet situations where they are unaware of the exact values or prefer two alternatives in conflict under situations where multiple alternatives exist according to various criteria for evaluating the alternatives. The HBF framework can be used to express both positive and negative membership values and hesitancy. Therefore, the model would be more flexible and realistic for capturing the vagueness and ambiguity involved in decision-making. In MCDM, where one has to compare alternatives with multiple attributes, the HBF framework helps enhance the quality of the decision by being able to incorporate multiple conflicting criteria. It offers a means of articulating uncertain judgments and preferences to present a more subtle appreciation of how alternatives perform concerning one another. Under this framework, MCDM methodologies can generate more robust and more consistent results even when dealing with incomplete, uncertain, or inconsistent information. This also enhances the robustness of decision-making models, ensuring superior outcomes in complex, multi-attribute environments, including cybersecurity, resource allocation, or technological selection. The below Fig. 4 shows the capability and limitations of the proposed theory in MCDM.

Figure 4: Key advantages and limitations of hesitant bipolar fuzzy sets in MCDM applications

1.2 Taxonomy of Cyberattacks and Detection Methods

Organizations must depend on cyber threat detection as their core security element to spot and manage harmful activities that aim at their computer systems and networks. Information security expert teams use detection approaches that match attack characteristics among the different cyberattacks including malware infections and distributed denial-of-service (DDoS) attacks. System detection success depends on how well detection systems recognize abnormal behaviors that could signal potential malicious activities from typical normal activity patterns. An organization relies on signature-based detection and anomaly detection and behavioral analysis to track and analyze cybersecurity threats. The following part examines standard cyberattack types through a classification system along with detection strategy analysis for specific threat varieties.

(a)   DDoS (Distributed Denial-of-Service) Attacks: Attackers execute DDoS attacks through network service flooding with extremely high traffic volumes that blocks access for permitted users. Detection systems for DDoS attacks perform traffic pattern analysis together with anomaly detection algorithm automation. Security solutions compare present traffic data against typical baseline patterns in order to detect unusual spikes or irregular traffic patterns which signal possible DDoS attacks.

Example: The anomaly-based detection method detects the large amount of typical suspicious requests during a DDoS attack through which administrators can take preventive actions to block suspicious IP addresses.

(b)   Malware Detection: The goal of malware attacks is to breach and damage systems through various threats like viruses together with worms and ransomware. The detection of known malware through files and behaviors relies on signature-based methods that match database signatures. Behavioral detection methods monitor system activities for malicious behavior, such as unusual file modifications or unauthorized data access.

Example: Security software uses signature detection to recognize familiar malware types but behavioral analysis examines system activities for ransomware through monitoring of abnormal file encryption patterns.

(c)   Advanced Persistent Threats (APT): Following extensive durations APTs utilize professional methods to perform their advanced attacks for the theft of confidential information. The detection methods for APTs operate through signature-based detection together with anomaly detection and user behavior analytics (UBA). Recording methods analyze the small deviations between normal network traffic patterns and user behavior means when compared against typical patterns.

Example: Network traffic analysis and detection of users making unexpected file access during abnormal hours can help detect APTs.

(d)   Phishing Attacks: Social engineering through phishing tactics makes attackers trick users to hand over sensitive information such as password or financial data. The detection of phishing activities depends on machine learning together with natural language processing (NLP) to recognize abnormal email patterns and text along with unusual communication behaviors.

Example: The detection system analyzes email content for frequent suspicious indicators which include untrusted senders and suspicious links to warn users about possible phishing attempts.

1.3 Layout of the Manuscript

This manuscript is divided into several sections to make the content readable and understandable. In Section 1, we give an overview of the manuscript and explain what it is about and why. Section 2 discusses our research problem and the main contribution of our work in light of that problem. In Section 3, we present a review of previous literature to demonstrate how our work fits into and pushes forward the current research. Section 4 discusses fundamental concepts and operations that support this research. New aggregation operators are introduced and explained to facilitate the research in Section 5. Section 6 has described the MCDM technique used in this work; furthermore, the case study regarding cyber threat detection techniques for next-generation cyber defense systems is presented here. We compare our proposed approach against other related theories to highlight its robustness and effectiveness in Section 7. Finally, in Section 8, the manuscript is concluded by summarizing the key findings and the overall contributions of this work. A graphic representation of the above methodology is discussed in Fig. 5.

Figure 5: Graphical representation of the proposed manuscript

2  Research Problem and Contribution

With the escalating complexity of cyber threats, the most appropriate choice of cyber threat detection technique is a critical challenge for modern cybersecurity systems. Traditional methods of detection, which are mostly based on uncertainties and the dynamic nature of cyber threats, often provide inaccurate results. Existing decision-making models, such as fuzzy sets, hesitant fuzzy sets, or bipolar fuzzy sets, have shortcomings in dealing with conflicting information and the uncertainty involved in multi-criteria evaluations. This manuscript develops a classification framework for cyber threat detection techniques using the HBF framework to enhance the decision-making process by overcoming the shortcomings of conventional fuzzy logic systems. The HBF framework is required to classify cyber threat detection techniques since it is better suited for dealing with uncertainty, imprecision, and conflicting criteria than the traditional fuzzy approaches. Here we discuss underneath why it is particularly relevant to the classification process. Traditional fuzzy sets introduce a possibility of representing vagueness, but an element can have only a degree of membership, which would sometimes be too simple for imprecise information and incompleteness available in the problem. Moreover, in cyber threat detection, there are often quite many attributes to be tested regarding detection speed, accuracy, and scalability, with uncertain or incomplete information for each attribute, in turn making fuzzy sets inapplicable for accurate decision-making. While hesitant fuzzy sets extend fuzzy sets by allowing the possibility of multiple membership values for an element, they cannot still properly deal with situations that contain both positive and negative information. The introduction of positive and negative membership values in bipolar fuzzy sets makes it possible to include both the advantageous and disadvantageous aspects of alternatives. However, it faces the demerit that it cannot capture the entire uncertainty scale of the state of being uncertain. It fails to reveal the importance of criteria when decision-makers are uncertain or in disagreements on the set of criteria. The HBF framework amalgamates the merits of hesitant fuzzy sets and bipolar fuzzy sets. It allows the expression of more than one hesitant value both in positive and negative memberships. Thus, it takes care of inherent uncertainty and imprecision within decision-making processes. It is a framework that represents more accurately the decision environment in which criteria may conflict or are uncertain. This framework enables a more specific categorization in the context of cyber threat detection by considering the positive and negative attributes of the detection techniques involved.

2.1 Contribution

This paper aims to bridge the current gaps in existing frameworks and methodologies for cyber threat detection through a new theory supported by HBF Frank aggregation operators. To improve the classification of cyber threat detection techniques, we develop a set of novel aggregation operators such as hesitant bipolar fuzzy Frank weighted averaging (HBFFWA), hesitant bipolar fuzzy Frank ordered weighted averaging (HBFFOWA), hesitant bipolar fuzzy Frank weighted geometric (HBFFWG), and hesitant bipolar fuzzy Frank ordered weighted geometric (HBFFOWG) operators. These operators are specifically developed to address the challenges of uncertainty and imprecision in decision-making by integrating multiple criteria with both positive and negative evaluations. Using these HBFF operators, we introduce an MCDM methodology tailored for the classification and prioritization of cyber threat detection techniques. This methodology makes possible more precise and credible choices of methods for detection based on inconsistent and uncertain data. The given methodology provides a systematic means to assess the alternatives considering several performance criteria. Besides, we consider the same methodology for an illustrative case study in cyber threat detection techniques and illustrate how such aggregation operators enhance the decision-making capability in real-world scenarios related to cybersecurity. We also provide a comprehensive comparative analysis of the proposed method with existing approaches in the field. Finally, the manuscript concludes with insights into the effectiveness of the proposed framework and its potential for future applications in enhancing cybersecurity measures. The flow chart of main contributions is discussed in Fig. 6.

Figure 6: Main contributions flow chart such as aggregation operators, MCDM, case study and analysis

3  Literature Review

With the growing intensity of cyber-attacks, the detection as well as mitigation requirements are of high end. Hence, artificial intelligence and machine learning-based approaches to the development of effective as well as precise cybersecurity measures received much attention up till now. The methods proposed to attain better threat detection were neural networks, deep learning, and adaptive defense mechanisms. These studies underscore that the need lies in dynamic adaptation towards combating newer, ever-increasing cyber threats. Different related studies are discussed as; Labu and Ahammed [1] point out second-generation AI-oriented strategies for timely detection and reaction against cyber-attacks, based on the anticipation of intelligent system behavior to better proactively uncover emerging risks beforehand. For discussion, Shaukat et al. [2] have produced a comprehensive analysis that relates to the state-of-the-art techniques in cyber threat detection employing machine learning with insights into comparative performance across multiple scenarios. Bridging the theoretical advancement and application in real scenarios, this is enabling practitioners to choose models apt for specific security needs. Similarly, Balantrapu [3] discusses current trends and future directions in using machine learning for cybersecurity scalable and automated solutions that will be able to address the rising volume and complexity of cyberattacks. This also shows how cybersecurity is evolving from static rule-based systems to dynamic, self-learning algorithms. In addition, Lee et al. [4] propose a model of artificial neural networks through event profiles, showing the system’s ability to process large quantities of data without delay for identifying anomalies. Rajendran et al. [5] develop this type of story using deep learning along with anomaly detection techniques, and bring forth robust frameworks that are excellent at identifying complex and subtle patterns of malicious activity. Aminu et al. [6] work by integrating real-time threat intelligence into adaptive defense mechanisms and thus, a dynamic and responsive system is provided that not only detects threats but also adapts to their evolving nature. In addition to these recent developments, Maddireddy and Maddireddy [7] emphasize the use of deep learning models for the improvement of cybersecurity protocols, which shows how neural network architectures can improve detection accuracy and efficiency. Their study emphasizes the scalability of deep learning solutions in large-scale environments, providing robust defenses against known and unknown threats. Lakhno [8] has been the first to present an adaptive cyber threat detection system based on fuzzy feature clustering, which very effectively manages the uncertainties and incomplete data so often faced in cybersecurity. It thereby reveals the potential usefulness of fuzzy logic to construct robust and adaptable detection algorithms capable of functioning in vaguer than normal environments. Ullah et al. [9] with an innovative hybrid system combining transfer learning with multi-model image representation of cyber threats, that considerably strengthens detection precision as well as robustness of scalability of systems across the range of diversified dynamic landscapes.

3.1 MCDM Technique

The literature on MCDM techniques unfolds as reflective of their evolution, diversity in application, and importance in a multiplicity of domains. Massam [10] delivers a more fundamental survey on MCDM methods in the context of planning, exposing their ability to address complex decision-making scenarios, and accommodating diverse criteria. It reveals early conceptions of the scope of flexibility and adaptability in MCDM techniques in structuring and solving planning problems. On this basis, Zavadskas et al. [11] discuss the application of MCDM in business process information management. They pointed out the importance of integrating MCDM techniques to ensure the effectiveness of decision-making in information systems. Sahoo and Goswami [12] present a thorough review of advances in MCDM methods in their contemporary applications and future research directions. Their work highlighted that these methods keep evolving as more and more practical applications spring forth in everyday fields. Kumar et al. [13] showed how MCDM can contribute toward sustainable renewable energy development by directing critical decisions for resource allocation, technology choice, and policy formation toward accomplishing the long-term goals of sustainability at a global level. Alghamdi et al. [14] presented MCDM within the bipolar fuzzy environment that exposes how the fuzziness involved may be beneficial to the management of uncertainties when dealing with decision-making. Riaz et al. [15] have extended the scope of bipolar fuzzy MCDM by designing new distance measures and operators, which help enhance the accuracy and reliability of decision-making. This methodology maximizes the applicability of MCDM in bipolar assessment problems. Riaz et al. [16] also extended the cubic bipolar fuzzy Dombi aggregation operators to present a strong structure toward resolving the great MCDM complexities with greater degrees of fuzziness. The VIKOR MCDM approach experiences an extension by Gul [17] through his introduction of a bipolar fuzzy preference model based on δ-covering and bipolar fuzzy rough set theory. The research builds upon decision-making processes through its addition of uncertain preference structures that enable higher precision during alternative classification and choice determination. Bhol [18] examines MCDM techniques for cybersecurity applications and demonstrates their ability to handle security operations that include threat detection and risk evaluation. The analysis evaluates diverse MCDM techniques such as AHP and TOPSIS aligned with VIKOR by proving their effectiveness for cybersecurity solution evaluation. Ali [19] develops fairly aggregation operators that operate with complex p, q-rung ortho-pair fuzzy sets for solving real-world decision-making problems. The study develops a new method for combining vague data which results in better delivery of reliable decision outcomes. Kumar and Pamucar [20] conducted an extensive review of MCDM methodologies that have emerged from 2004 to 2024. Their comprehensive study evaluates numerous MCDM methodologies by investigating their basic concepts and their breakthroughs as well as their utilization across numerous sectors. Ali et al. [21] developed a decision-making methodology based on intuitionistic fuzzy soft information and Aczel-Alsina operational laws. A solution combining fuzzy logic elements with decision-making structures increases both flexibility and robustness in their system. The identification of suitable encryption algorithms through hesitant bipolar complex fuzzy Frank aggregation operators forms the basis of Mahmood et al.’s research [22]. MCDM techniques apply fuzzy logic for encryption algorithm selection according to their research because it lets users evaluate multiple performance criteria at once. Aslam et al. [23] use hesitant bipolar complex fuzzy Dombi aggregation operators to apply MCDM techniques during their study on cloud service provider selection. Waqas et al. [24] improve the process of cloud security selection. MCDM methodologies prove adaptable for security analysis through their research which presents structured evaluation methods for security measures. Multiple domains benefit from MCDM technique evolution through these research works which demonstrate widespread applications.

4  Fundamentals

In this section, we discuss the basic notion of HBFSs and their related operations and contributions.

Definition 1: [25] Let ₤ be an HBFS under the universal set Ʉ then,

₤={<ϰ˙,Ƀ₤(ϰ˙)>|ϰ˙∈Ʉ}={<ϰ˙,(Ƀ₤+(ϰ˙),Ƀ₤−(ϰ˙))>|ϰ˙∈Ʉ}(1)

where, Ƀ₤+(ϰ˙)={Ƀ₤j+(ϰ˙),j=1,2,...,𝓂}∈[0,1] and Ƀ₤−(ϰ˙)={Ƀ₤ḵ−(ϰ˙),ḳ=1,2,...,𝓃}∈[−1,0] are the set of finite values that show the positive and negative parts of the membership grade for each ϰ˙∈Ʉ. For easiness HBFN is identified by Ƀ=(Ƀ+,Ƀ−).

Definition 2: [25] Let Ƀ=(Ƀ+,Ƀ−),Ƀ1=(Ƀ1+,Ƀ1−) and Ƀ2=(Ƀ2+,Ƀ2−) be three HBFNs then,

1.Ƀc=(⋃ϗ˙+∈Ƀ+{(1−ϗ˙+)},⋃ϗ˙−∈Ƀ−,{(−1−ϗ˙−)})

2.Ƀ1∪Ƀ2=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{max(ϗ˙1+,ϗ˙2+)},⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{min(ϗ˙1−,ϗ˙2−)})

3.Ƀ1∩Ƀ2=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{min(ϗ˙1+,ϗ˙2+)},⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{max(ϗ˙1−,ϗ˙2−)})

Definition 3: [25] Let Ƀ,Ƀ1 and Ƀ2 be three HBCFNs and λ>0 then,

1.Ƀ1⊕Ƀ2=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{(ϗ˙1++ϗ˙2+−ϗ˙1+ϗ˙2+)},⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{(−ϗ˙1−ϗ˙2−)})

2.Ƀ1⊗Ƀ2=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{(ϗ˙1+ϗ˙2+)},⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{(ϗ˙1−+ϗ˙2−+ϗ˙1−ϗ˙2−)})

3.Ƀλ=(⋃ϗ˙+∈Ƀ+{(ϗ˙+)λ},⋃ϗ˙−∈Ƀ−{(−1+(1+ϗ˙−)λ)})

4.λɃ=(⋃ϗ˙+∈Ƀ+{(1−(1−ϗ˙+)λ)},⋃ϗ˙−∈Ƀ−{(−|ϗ˙−|λ)})

Definition 4: [25] Let Ƀ be an HBFN then the score and accuracy function are,

score¯¯(Ƀ)=12(1Lϗ˙+∑ϗ˙+∈Ƀ+ϗ˙+−1Lϗ˙−∑ϗ˙−∈Ƀ−ϗ˙−),score¯¯(Ƀ)∈[0,1](2)

accuracy¯¯(Ƀ)=12(1Lϗ˙+∑ϗ˙+∈Ƀ+ϗ˙++1Lϗ˙−∑ϗ˙−∈Ƀ−ϗ˙−),accuracy¯¯(Ƀ)∈[0,1](3)

Definition 5: [26] Let α_1,α_2 be two real numbers, then Frank t-norm and Frank t-conorm are defined by,

Frank(t−norm)(α_1,α_2)=logẞ⁡(1+(ẞα_1−1)(ẞα_2−1)ẞ−1),ẞ∈(0,+∞)(4)

Frank(t−conorm)(α_1,α_2)=1−logẞ⁡(1+(ẞ1−α_1−1)(ẞ1−α_2−1)ẞ−1),ẞ∈(0,+∞)(5)

4.1 HBF Frank Operational Laws

In this subsection, we discuss HBF operational laws based on Frank t-norm and Frank t-conorm.

Definition 6: Let Ƀ1 and Ƀ2 be two HBFNs and ẞ>1, λ>0 be any real numbers then the operations for HBFNs based on Frank t-norm and Frank t-conorm are defined as,

1.Ƀ1⊕Ƀ2=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{1−logẞ⁡(1+(ẞ1−ϗ˙1+−1)(ẞ1−ϗ˙2+−1)ẞ−1)},⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{−(logẞ⁡(1+(ẞ−ϗ˙1−−1)(ẞ−ϗ˙2−−1)ẞ−1))})

2.Ƀ1⊗Ƀ2=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{logẞ⁡(1+(ẞϗ˙1+−1)(ẞϗ˙2+−1)ẞ−1)},⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{−1+logẞ⁡(1+(ẞ1+ϗ˙1−−1)(ẞ1+ϗ˙2−−1)ẞ−1)})

3.λɃ1=(⋃ϗ˙1+∈Ƀ1+{1−logẞ⁡(1+(ẞ1−ϗ˙1+−1)λ(ẞ−1)λ−1)},⋃ϗ˙1−∈Ƀ1−{−(logẞ⁡(1+(ẞ−ϗ˙1−−1)λ(ẞ−1)λ−1))})

4.Ƀ1λ=(⋃ϗ˙1+∈Ƀ1+{logẞ⁡(1+(ẞϗ˙1+−1)λ(ẞ−1)λ−1)},⋃ϗ˙1−∈Ƀ1−{−1+logẞ⁡(1+(ẞ1+ϗ˙1−−1)λ(ẞ−1)λ−1)})

Theorem 1: Let Ƀ1 and Ƀ2 be two HBFNs, ẞ>1, and λ,λ1,λ2>0, then the following holds,

1.    Ƀ1⊕Ƀ2=Ƀ2⊕Ƀ1

2.    Ƀ1⊗Ƀ2=Ƀ2⊗Ƀ1

3.    λ(Ƀ1⊕Ƀ2)=λɃ1⊕λɃ2

4.    (Ƀ1⊗Ƀ2)λ=Ƀ1λ⊗Ƀ2λ

5.    λ1Ƀ1⊕λ2Ƀ1=(λ1+λ2)Ƀ1

5  HBF Frank Aggregation Operators

In this section, we proposed several new aggregation operators such as HBFFWA, HBFFOWA, HBFFWG, and HBFFOWG operators.

5.1 HBF Frank Arithmetic Aggregation Operators

Definition 7: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be a collection of HBFNs, then the HBFFWA operator is defined as,

HBFFWA(Ƀ1,Ƀ2,...,Ƀʑ)=ʑ⊕ҩ=1(₩ҩɃҩ)(6)

where, ₩=(₩1,₩2,...,₩ʑ)Ŧ be the weights of Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) with ₩ҩ∈[0,1] and ∑ҩ=1ʑ₩ҩ=1.

Theorem 2: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be the collection of HBFNs, then from above (6) we have,

HBFFWA(Ƀ1,Ƀ2,…,Ƀʑ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙ʑ+∈Ƀʑ+{1−logẞ⁡(1+∏ҩ=1ʑ(ẞ1−ϗ˙ҩ+−1)₩ҩ)},⋃ϗ˙1−∈Ƀ1−,...,ϗ˙ʑ−∈Ƀʑ−{−logẞ⁡(1+∏ҩ=1ʑ(ẞ−ϗ˙ҩ−−1)₩ҩ)})(7)

Proof: Based on mathematical induction methodology, for ʑ=2, we have □

HBFFWA(Ƀ1,Ƀ2)=₩1Ƀ1⊕₩2Ƀ2

=(⋃ϗ˙1+∈Ƀ1+{1−logẞ⁡(1+(ẞϗ˙1+−1)₩1(ẞ−1)₩1−1)},⋃ϗ˙1−∈Ƀ1−{−(logẞ⁡(1+(ẞ−ϗ˙1−−1)₩1(ẞ−1)₩1−1))})⊕(⋃ϗ˙1+∈Ƀ1+{1−logẞ⁡(1+(ẞ1−ϗ˙2+−1)₩2(ẞ−1)₩2−1)},⋃ϗ˙1−∈Ƀ1−{−(logẞ⁡(1+(ẞ−ϗ˙2−−1)₩2(ẞ−1)₩2−1))})

=(⋃ϗ˙1+∈Ƀ1+,ϗ˙2+∈Ƀ2+{1−logẞ⁡(1+∏ҩ=12(ẞ1−ϗ˙ҩ+−1)₩ҩ(ẞ−1)∑ҩ=12₩ҩ−1)}⋃ϗ˙1−∈Ƀ1−,ϗ˙2−∈Ƀ2−{−(logẞ⁡(1+∏ҩ=12(ẞ−ϗ˙ҩ−−1)₩ҩ(ẞ−1)∑ҩ=12₩ҩ−1))})

Hence (7) holds for ʑ=2. Next, we assume that (7) is true for some Ʀ then,

HBFFWA(Ƀ1,Ƀ2,…,ɃƦ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙Ʀ+∈ɃƦ+{1−logẞ⁡(1+∏ҩ=1Ʀ(ẞ1−ϗ˙ҩ+−1)₩ҩ(ẞ−1)∑ҩ=1Ʀ₩ҩ−1)},⋃ϗ˙1−∈Ƀ1−,...,ϗ˙Ʀ−∈ɃƦ−{−(logẞ⁡(1+∏ҩ=1Ʀ(ẞ−ϗ˙ҩ−−1)₩ҩ(ẞ−1)∑ҩ=1Ʀ₩ҩ−1))})

Next, we have to show (7) is true for ʑ=Ʀ+1.

HBFFWA(Ƀ1,Ƀ2,…,ɃƦ,ɃƦ+1)=HBFFWA(Ƀ1,Ƀ2,…,ɃƦ)⊕₩Ʀ+1ɃƦ+1

=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙Ʀ+∈ɃƦ+{1−logẞ⁡(1+∏ҩ=1Ʀ(ẞ1−ϗ˙ҩ+−1)₩ҩ(ẞ−1)∑ҩ=1Ʀ₩ҩ−1)}⋃ϗ˙1−∈Ƀ1−,...,ϗ˙Ʀ−∈ɃƦ−{−(logẞ⁡(1+∏ҩ=1Ʀ(ẞ−ϗ˙ҩ−−1)₩ҩ(ẞ−1)∑ҩ=1Ʀ₩ҩ−1))})

⊕

(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙Ʀ+∈ɃƦ+,ϗ˙Ʀ+1+∈ɃƦ+1+{1−logẞ⁡(1+(ẞ1−ϗ˙Ʀ+1+−1)₩Ʀ+1(ẞ−1)₩Ʀ+1−1)},⋃ϗ˙1−∈Ƀ1−,...,ϗ˙Ʀ−∈ɃƦ−,ϗ˙Ʀ+1−∈ɃƦ+1−{−(logẞ⁡(1+(ẞ−ϗ˙Ʀ+1−−1)₩Ʀ+1(ẞ−1)₩Ʀ+1−1))})

=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙Ʀ+∈ɃƦ+,ϗ˙Ʀ+1+∈ɃƦ+1+{1−logẞ⁡(1+∏ҩ=1Ʀ+1(ẞ1−ϗ˙ҩ+−1)₩ҩ(ẞ−1)∑ҩ=1Ʀ+1₩ҩ−1)},⋃ϗ˙1−∈Ƀ1−,...,ϗ˙Ʀ−∈ɃƦ−,ϗ˙Ʀ+1−∈ɃƦ+1−{−(logẞ⁡(1+∏ҩ=1Ʀ+1(ẞ−ϗ˙ҩ−−1)₩ҩ(ẞ−1)∑ҩ=1Ʀ+1₩ҩ−1))})(8)

Hence, (8) is true for ʑ=Ʀ+1. Therefore, (8) holds for ∀ʑ. If 0≤₩ҩ≤1, and ∑ҩ=1ʑ₩ҩ=1, then (8) converts to (7).

Definition 8: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be the collection of HBFNs, then the HBFFOWA operator is defined as,

HBFFOWA(Ƀ1,Ƀ2,...,Ƀʑ)=ʑ⊕ҩ=1(₩ҩɃφ(ҩ))(9)

where, ₩=(₩1,₩2,...,₩ʑ)Ŧ be the weights of Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ), ₩ҩ∈[0,1] and ∑ҩ=1ʑ₩ҩ=1. Also note that (φ(1),φ(2),…,φ(ʑ)) is the permutation of ҩ=1,2,...,ʑ with Ƀφ(ҩ−1)≥Ƀφ(ҩ)∀ҩ.

Theorem 3: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be the collection of HBFNs, then by utilizing the above (9) we have,

HBFFOWA(Ƀ1,Ƀ2,…,Ƀʑ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙ʑ+∈Ƀʑ+{1−logẞ⁡(1+∏ҩ=1ʑ(ẞ1−ϗ˙φ(ҩ)+−1)₩ҩ)},⋃ϗ˙1−∈Ƀ1−,...,ϗ˙ʑ−∈Ƀʑ−{−(logẞ⁡(1+∏ҩ=1ʑ(ẞ−ϗ˙φ(ҩ)−−1)₩ҩ))})(10)

5.2 HBF Frank Geometric Aggregation Operators

Definition 9: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be the collection of HBFNs, then the HBFFWG operator is defined as,

HBFFWG(Ƀ1,Ƀ2,…,Ƀʑ)=ʑ⊗ҩ=1(Ƀҩ)₩ҩ(11)

where, ₩=(₩1,₩2,...,₩ʑ)Ŧ be the weights of Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) with ₩ҩ∈[0,1] and ∑ҩ=1ʑ₩ҩ=1.

Theorem 4: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be the collection of HBFNs, then by using (11) we have,

HBFFWG(Ƀ1,Ƀ2,…,Ƀʑ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙ʑ+∈Ƀʑ+{logẞ⁡(1+∏ҩ=1ʑ(ẞϗ˙ҩ+−1)₩ҩ)}⋃ϗ˙1−∈Ƀ1−,...,ϗ˙ʑ−∈Ƀʑ−{−1+logẞ⁡(1+∏ҩ=1ʑ(ẞ1+ϗ˙ҩ−−1)₩ҩ)})(12)

Definition 10: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be the collection of HBFNs, then the HBFFOWG operator is defined as,

HBFFOWG(Ƀ1,Ƀ2,...,Ƀʑ)=ʑ⊗ҩ=1(Ƀφ(ҩ))₩ҩ(13)

where, ₩=(₩1,₩2,...,₩ʑ)Ŧ are the weights of Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ), ₩ҩ∈[0,1] and ∑ҩ=1ʑ₩ҩ=1. Moreover, φ(1),φ(2),…,φ(ʑ) is the permutation of ҩ=1,2,...,ʑ with Ƀφ(ҩ−1)≥Ƀφ(ҩ)∀ҩ.

Theorem 5: Let Ƀҩ=(Ƀҩ+,Ƀҩ−)(ҩ=1,2,3,...,ʑ) be a collection of HBFNs, then by using (13) we have,

HBFFOWG(Ƀ1,Ƀ2,…,Ƀʑ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙ʑ+∈Ƀʑ+{logẞ⁡(1+∏ҩ=1ʑ(ẞϗ˙φ(ҩ)+−1)₩ҩ)}⋃ϗ˙1−∈Ƀ1−,...,ϗ˙ʑ−∈Ƀʑ−{−1+logẞ⁡(1+∏ҩ=1ʑ(ẞ1+ϗ˙φ(ҩ)−−1)₩ҩ)})(14)

Note that the all above-defined operators must satisfy the properties of idempotency, boundedness, and monotonicity.

6  MCDM Methodology

In this section, we introduce the MCDM approach for the classification of cyber threat detection techniques for next-generation cyber defense based on the proposed HBF Frank operators.

Suppose there are Ϟ alternatives Ḁɀ(ɀ=1,2,...,Ϟ) and ƴ attributes Ʋμ(µ=1,2,...,ƴ) along with attribute weights ₩=(₩1,₩2,...,₩ƴ)Ŧ, ₩ƴ∈[0,1] and ∑μ=1ƴ₩μ=1. Now we assume that the HBF decision matrix is Ḏ=(Ǩɀμ)Ϟ×ƴ=(Ƀɀμ+,Ƀɀμ−)Ϟ×ƴ. Where, Ƀɀμ+∈[0,1] and Ƀɀμ−∈[−1,0].

Next, we have the following algorithm steps to solve the MCDM technique.

Step-1: In this step, we convert the cost type attribute into benefit type and for this, we have the following formula,

Ǩɀµ={(ϗ˙ɀµ+,ϗ˙ɀµ−)For benefit type of attribute(1−ϗ˙ɀµ+,−1−ϗ˙ɀµ−)For cost type of attribute

Step-2: Use the HBFFWA or HBFFWG operators that are given below to aggregate all the values,

HBFFWA(Ƀ1,Ƀ2,…,Ƀʑ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙ʑ+∈Ƀʑ+{1−logẞ⁡(1+∏ҩ=1ʑ(ẞ1−ϗ˙ҩ+−1)₩ҩ)},⋃ϗ˙1−∈Ƀ1−,...,ϗ˙ʑ−∈Ƀʑ−{−logẞ⁡(1+∏ҩ=1ʑ(ẞ−ϗ˙ҩ−−1)₩ҩ)})(15)

HBFFWG(Ƀ1,Ƀ2,…,Ƀʑ)=(⋃ϗ˙1+∈Ƀ1+,...,ϗ˙ʑ+∈Ƀʑ+{logẞ⁡(1+∏ҩ=1ʑ(ẞϗ˙ҩ+−1)₩ҩ)}⋃ϗ˙1−∈Ƀ1−,...,ϗ˙ʑ−∈Ƀʑ−{−1+logẞ⁡(1+∏ҩ=1ʑ(ẞ1+ϗ˙ҩ−−1)₩ҩ)})(16)