COGNITIVE APPROACH IN INFORMATION AND CYBER SECURITY
DOI:
https://doi.org/10.28925/2663-4023.2025.29.945Keywords:
information security; cybersecurity; cognitive modeling; cognitive analysis; cognitive synthesis; fuzzy cognitive map; cognitive skills; information protection.Abstract
In the field of information and cybersecurity, one of the most important and critical challenges is the human factor, because no software or technical tool can fully compensate for the lack of awareness of information and cyber risks, appropriate behavior and a responsible attitude to information protection. The introduction of cognitive science theories into the field of cyber security will increase the level of effectiveness of protection strategies. Cognitive modeling contributes to the creation of mathematical models that simulate the processes of human thinking, decision-making and behavior, which brings the transition from reactive protection to a proactive approach. This article is devoted to the study of the implementation of the cognitive approach in security systems. Based on the analysis of scientific literature, the main definitions of cognitive science are highlighted, in particular, the concepts of cognitive modeling, cognitive analysis and synthesis, types of cognitive models, fuzzy cognitive map. The advantages of cognitive theories in various sectors of society are outlined. It has been proven that cognitive modeling can be applied in the field of cybersecurity to understand and predict the behavior of both attackers and protective systems. The following cognitive models in cyber systems are described: symbolic modeling (rule-based modeling) is used to build intrusion detection systems (IDS) that analyze network traffic for known attacks; network modeling (modeling using neural networks) includes anomaly detection systems that analyze typical network behavior; Bayesian models (probabilistic modeling) help predict risks and the probability of a successful attack on a specific system; agent-based modeling is used to simulate cyberattacks and test the resilience of systems. It was determined that the use of hybrid models that combine the above is effective. The challenges of implementing cognitive modeling in the security field are highlighted. These are the difficulties associated with the need for large volumes of qualitative data on the behavior of attackers, the complexity of modeling human behavior, and ethical issues. The results of the study can be used as educational material for students of the specialty F5 Cybersecurity and Information Protection.
Downloads
References
Kostiuk, Yu. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Yu. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N.V., & Skladannyi, P. M. (2023). Enterprise information and cyber security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Bone, J. (2016). Cognitive Risk Framework for Cybersecurity: Bounded Rationality: Executive Summary: Part I. EDPACS, 54(5), 1–11. https://doi.org/10.1080/07366981.2016.1247564
Shevchenko S., Zhdanova Y., Shevchenko H., Nehodenko О., аnd Spasiteleva S. (2023) Information Security Risk Management using Cognitive Modeling Cybersecurity Providing in Information and Telecommunication Systems, V. 3550. с. 297-305. ISSN 1613-0073
Shevchenko S., Zhdanova Y., Kryvytska, O. Shevchenko, H. аnd Spasiteleva S. (2024) Fuzzy cognitive mapping as a scenario approach for information security risk analysis Cybersecurity Providing in Information and Telecommunication Systems II 2024, 3826. с. 356-362. ISSN 1613-0073
Shevchenko S., Zhdanova Y., Skladannyi, P., & Petrenko, Т. (2024). Fuzzy cognitive maps as a tool for visualizingincident response scenarios in security systems. Cybersecurity: Education, Science, Technique, 2(26), 417–429. https://doi.org/10.28925/2663-4023.2024.26.707
Bone, James. (2016). Cognitive Risk Framework for Cybersecurity, Part II https://www.corporatecomplianceinsights.com/cognitive-risk-framework-cybersecurity-part-2/
Bone, James. (2024). Cognition in Cybersecurity Situational Awareness. Cognitive risk institute, 1(1) 10.13140/RG.2.2.23490.59842. https://www.researchgate.net/publication/379076804_Cognition_in_Cybersecurity_Situational_Awareness
Roberto, O Andrade, Sang Guun Yoo. (2019) Cognitive security: A comprehensive study of cognitive science in cybersecurity. Journal of Information Security and Applications 48. https://doi.org/10.1016/j.jisa.2019.06.008
Yuning Jiang, Yacine Atif, (2021) A selective ensemble model for cognitive cybersecurity analysis, Journal of Network and Computer Applications, Volume 193. https://doi.org/10.1016/j.jnca.2021.103210.
Onopriyenko, M. (2011) The phenomenon of cognitive science and technology. Proceedings of the State University "Kyiv Aviation Institute". Vol.: Philosophy. Cultural Studies: collection of scientific papers. 1, 68-72. http://nbuv.gov.ua/UJRN/Vnau_f_2011_1_18
Dictionary of Education Terms. https://minicoursegenerator.com/dictionary-of-education-terms/en/letter/a
Sun, R. The Cambridge Handbook of Computational Psychology. New York: Cambridge University Press, 2008. – 753 p
Milyavsky, Yu. L. Identification and control of complex systems based on models of impulse processes of cognitive maps: dissertation … Dr. Tech. Sci.: 01.05.04 System analysis and theory of optimal solutions / Milyavsky Yuri Leonidovich. – Kyiv, 2019. – 297 p.
Sun, R., (2020). Cognitive Modeling, In P. Atkinson, S. Delamont, A. Cernat, J.W. Sakshaug, & R.A. Williams (Eds.), SAGE Research Methods Foundations. https://doi.org/10.4135/9781526421036869642
Frischkorn, G. T., & Schubert, A. L. (2018). Cognitive Models in Intelligence Research: Advantages and Recommendations for Their Application. Journal of Intelligence, 6(3), 34. https://doi.org/10.3390/jintelligence6030034
Farrell, S., & Lewandowsky, S. (2018). Computational modeling of cognition and behavior. Cambridge University Press. https://doi.org/10.1017/CBO9781316272503
Kosko Bart. (1986) Fuzzy Cognitive Maps. International Journal of Man-Machine Studies. 24, 65–75. http://katedrawiss.uwm.edu.pl/sites/default/files/download/202006/kosko_fcm_fuzzy_cognitive_maps.pdf
Quffa, Abdallah & Abu-Naser, Samy. (2025). A Rule-Based Expert System for Cybersecurity Threat Detection: Evolution, Applications, and the Hybrid AI Paradigm. 10.13140/RG.2.2.21026.49606
Priyanka Dixit, Sanjay Silakari. Deep Learning Algorithms for Cybersecurity Applications: A Technological and Status Review, Computer Science Review, Volume 39, 2021, https://doi.org/10.1016/j.cosrev.2020.100317
Chao, J., & Xie, T. (2024). Deep Learning-Based Network Security Threat Detection and Defense. International Journal of Advanced Computer Science and Applications
José A. Perusquía & Jim E. Griffin & Cristiano Villa. (2022) Bayesian Models Applied to Cyber Security Anomaly Detection Problems, International Statistical Review, International Statistical Institute, vol. 90(1), pages 78-99
Veksler, V. D., Buchler N., Hoffman B. E., Cassenti D. N., Sample C. & Sugrim S. (2018). Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users. Frontiers in Psychology 9. 10.3389/fpsyg.2018.00691
Veksler V. D., Buchler N., LaFleur C. G., Yu Michael S., Lebiere C., Gonzalez C. (2020) Cognitive Models in Cybersecurity: Learning From Expert Analysts and Predicting Attacker Behavior. Frontiers in Psychology VOL 11. URL: https://www.frontiersin.org/articles/10.3389/fpsyg.2020.01049/full#B34
Sikora, L. S., Lysa, N. K., Pavluk, O. M., Sabat, V. I., & Fedevych, O. Yu. (2023). Information and logical-cognitive approaches to the formation of cybersecurity of ecotechnogenic infrastructures of the region taking into account the level of risks. Scientific Bulletin of UNFU, 33(1), 71–81. https://doi.org/10.36930/40330110
L. Ashiku and C. Dagli, "Agent Based Cybersecurity Model for Business Entity Risk Assessment," 2020 IEEE International Symposium on Systems Engineering (ISSE), Vienna, Austria, 2020, pp. 1-6, doi: 10.1109/ISSE49799.2020.9272234
Milov, O. & Kostyak, M. & Milevskyi, Stanislav & Pogasiy, S. (2019). Tools for modeling agents' behavior in information and communication systems. Control, navigation and communication systems. Collection of scientific papers. 6. 63-70. 10.26906/SUNZ.2019.6.063
Francia III, G.A., Francia, X.P., Bridges, C. (2021). Agent-Based Modeling of Entity Behavior in Cybersecurity. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_1
Jeongkeun Shin, Kathleen M. Carley, and L. Richard Carley. (2023). Integrating Human Factors into Agent-Based Simulation for Dynamic Phishing Susceptibility. In Social, Cultural, and Behavioral Modeling: 16th International Conference, SBP-BRiMS 2023, Pittsburgh, PA, USA, September 20–22, 2023, Proceedings. Springer-Verlag, Berlin, Heidelberg, 169–178. https://doi.org/10.1007/978-3-031-43129-6_17
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Світлана Шевченко, Юлія Жданова, Аріна Гаркушенко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
