Software Security Estimation Using the Hybrid Fuzzy ANP-TOPSIS Approach: Design Tactics Perspective

: Increasing the number of threats against software vulnerabilities and rapidly growing data breaches have become a key concern for both the IT industry and stakeholders. Developing secure software systems when there is a high demand for software products from individuals as well as the organizations is in itself a big challenge for the designers and developers. Meanwhile, adopting traditional and informal learnings to address security issues of software products has made it easier for cyber-criminals to expose software vulnerabilities. Hence, it is imperative for the security practitioners to employ a symmetric mechanism so as to achieve the desired level of software security. In this context, a decision-making approach is the most symmetrical technique to assess the security of software in security tactics perspective. Since the security tactics directly address the quality attribute concerns, this symmetric approach will be highly e ﬀ ective in making the software systems more secure. In this study, the authors have selected three main attributes and ﬁfteen sub-attributes at level 1 and level 2, respectively, with ten di ﬀ erent software of an institute as alternatives. Furthermore, this study uses a fuzzy-based symmetrical decision-making approach to assess the security of software with respect to tactics. Fuzzy Analytic Network Process (F-ANP) is applied to evaluate the weights of criteria and fuzzy-Symmetrical technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is used to determine impact of alternatives. The proposed symmetrical assessment in this study will be beneﬁcial for both the designers and developers to categorize and prioritize the security attributes and understand the importance of security tactics during software development life cycle.


Introduction
The increased use of information and communication technology [1] reveals that the use of software has also increased correspondingly. This has also led to an increase in the number of threats and attacks against software vulnerabilities. Hence, software security has become the main concern [2]. Physical devices, software and data assets of individuals, as well as organizations, are at risk [3] because of many reasons that mainly include following traditional and informal approaches to deal with software security issues. As per the Research and Markets' report, software market throughout the world will increase by 55%, from $57.6 billion in 2017 to $89.3 billion, in 2022 [4]. Thus, the increasing demand of software has made software security an even more serious and challenging issue for both the developers and users. Despite the increased spending on security services, the instances of attacks and data breaches have also grown rapidly. Every 39 s, there is a hacker attack and since 2013 the average number of stolen records from data breaches is more than 3.8 million per day [5]. According to an IBM report, the average cost of a data breach is $3.92 million and this cost is maximum in USA where a data breach would fetch $ 8.19 million [6].
Evidently, the well-known and proven security tactics and formal guidelines are not being adopted by the developers during symmetrical software development. The availability of security tactics to practitioners is as old as its introduction. Unfortunately, a lack of awareness about security tactics makes many developers follow their traditional and informal approaches to address software security issues [7]. So, identification of security requirements, symmetrical approaches and adoption of specific security tactics is important for the architects and developers to build secure software systems. The symmetrical technique of reusing well-proven solutions or design decisions that affect the control of a response of quality attribute in software architectures is commonly known as tactics [8,9]. It depicts that security tactics should be the main concern of architects and developers and focus should be on it to build a secure software system. Different symmetrical techniques have been used by researchers to assess the security of software and plenty of research work has been done to prioritize software security attributes. Research work has also been done on what security tactics is: its hierarchical classification and adoption [7,10]. However, authors of this work have not found any study that focuses on assessing the security of software in the security tactics perspective by employing the fuzzy-Analytic Network Process (ANP)-Symmetrical technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) approach. Hence our study, in particular, has assessed the security of software by using the symmetrical method of fuzzy-ANP-TOPSIS.
Fuzzy logic was first coined by Lotfi Zadeh [11] and it surmounts the limitations of traditional logic (Boolean logic) by taking some other cases in between the two extreme cases of truth which could either be true or false. By addressing imprecise information and considering uncertainties of a decision-making problem, it provides better results in decision-making problems [12]. To determine the weights of attributes (criteria) fuzzy-ANP is applied. ANP is a multi-criteria decision analysis approach used in decision-making problems [13][14][15][16]. It represents the dependencies among criteria or alternatives to solve the problems having dependencies and is represented by a network because interactions and dependencies among the factors of the problem are shown in a network. While to generate alternative ranking, fuzzy-TOPSIS is used. TOPSIS is the best-known approach for alternative ranking in MCMD problems. The main idea of TOPSIS is that the best alternative among all competitive alternatives should be at the minimum distance from a positive ideal solution (PIS) and have maximum distance from negative ideal solution (NIS) [17][18][19][20][21].
The core intent of this study is two-pronged: first, to bridge the gap between proven and well-known security tactics; second, actual implementation through the assessment of the security of software to provide guidelines for developing secure software systems. In addition, for assessment every organization has its own policies and procedures; so, assessing the security of software is a decision-making problem [22][23][24][25][26]. Hence, this evaluation will be very helpful for designers and developers to understand the attribute priorities and to make appropriate decisions while ensuring the security of software. Effective evaluation of security attributes is not only beneficial for security services of software but it improves the overall quality of software. The significant aspects of this study are: • Evaluate software security in a security design tactics perspective with the intent to provide guidelines for secure software development.
• Fuzzy-ANP and fuzzy-TOPSIS approach is used to assess the software security. Both approaches are well known and popular in the MCDM problem-solving domain. The proposed symmetrical technique in the study provides precise and efficient results while solving MCMD problems.

•
The attribute (criteria) set used in this study to assess software security in the security design tactics perspective through fuzzy-ANP and fuzzy-TOPSIS approach is unique. • Ten different software have been taken as alternatives for this case study to validate software security in the design tactics perspective.

•
This study's empirical initiative aims at providing insights about determining how formal and well-proven security design tactics are followed throughout the software development life cycle.
The remaining part of this research work is divided into the following sections: sub-Section Related Work provides an insight of previous related work; Section 2 discusses materials and methods and includes software security tactics and methodology as two different sub-sections; Section 3 gives the data analysis and results and contains a comparison through the fuzzy-ANP-TOPSIS method and sensitivity analysis as two sub-sections; Section 4 details the discussion of the proposed work, and Section 5 gives the conclusion of our work.

Related Work
Various studies are already available on assessing the security of web application software by using different approaches and symmetrical techniques. Meanwhile, to solve problems like multi-criteria decision making (MCDM) fuzzy-ANP, TOPSIS and fuzzy-ANP TOPSIS symmetrical techniques have also been used in different areas of interest. Some recent and important studies in this regard are: • Jungwoo Ryoo et al. (2015) estimated the gap between security tactics (architect's vision) and its actual implementation (source code) [7]. Security tactics are examined at the design level as well as implementation level and ideal solutions for the adoption of security tactics are provided. Open sources software has been taken for this assessment to access source code and documentation easily. • G.P. Garcia et al. (2014) did a study in which they applied a set of security tactics in software system designing [8]. Early Tsunami-warning alert system is used by authors for a case study to achieve the applicability of security tactics. Authors of this study provide a systematic approach to address security as a quality attribute during software designing, and also describe the importance of tactics in software designing. • Felipe Osses et al. (2018) presented a card game named as security tactics selection poker and a planning-porker based consensus building symmetrical technique that would help the developers to identify and select security tactics to satisfy maximum security requirements on the basis of priority and objectives [9]. The effectiveness of the symmetrical technique is examined in different scenarios by a security software team of 21 practitioners. • J.J. Zhao and S.Y. Zhao (2010) used three security assessment approaches viz. web content analysis, information security auditing, and computer security network mapping to assess e-government websites of US to determine the opportunities for website threats in their study [12]. The study shows that there is a gap between stated privacy and security policies and implemented security measures of most of the e-government websites, and maximum websites use SSL encryption for data transmission. The study suggests the best possible solutions to improve e-government websites. • Z. Ravasan and M.A. Zare (2018) proposed a hybrid model based on information system quality assessment and fuzz-ANP to evaluate the e-government website quality [13]. Six Iranian free trade zone portals were used to validate the proposed model and final evaluation results were determined. • S. Kr. Jha and R. K. Mishra (2018), in their paper, proposed a framework of component security to determine and predict the functional and non-functional security factors for the development of secure and reliable component-based software. Security issues were examined at three different levels-component level, interface level and at application level [14]. • G. Marquez and H. Astudillo (2019) conducted an experimental study to analyze the availability tactics that would be beneficial for security-design decisions in micro-service based systems (MBS) [15]. 17 Open source MBS were inspected by using their source code and documentation. It was found that fault prevention is mainly focused on availability tactics rather than fault identification and mitigation. • Keon Chul Park et al. (2014) derived the most appropriate and ideal method of authentication for smartphone banking service using ANP symmetrical technique [16]. The results of the analysis show that biometric authentication is most appropriate in the aspect of security, OTP is most appropriate in the aspect of convenience, and a public key certificate is most ideal in the aspect of cost. In the context of the overall performance in security, convenience and cost, OTP has been found to be the most ideal and appropriate authentication method. • Bijoyeta Roy, Santanu Kr. Misra (2018) did a study of fuzzy ANP and TOPSIS symmetrical techniques for best software selection [17]. Fuzzy-ANP is applied to determine the attribute weights and also measure their degree of interdependence on each other. Lastly, the criteria weights are given as input to the TOPSIS model to evaluate the final ranking of alternatives.

•
Wei Bai et al. (2017) examined the usable-security evaluation results in encrypted messages [18]. 52 participants for this evaluation were taken by the authors. The less-convenient key exchange model has been recognized by participants as more secure overall, but for most day-to-day activities, the key-directory approach has been considered as sufficient security.
From the review of relevant literature, the authors of the present study found that fuzzy-ANP and fuzzy-TOPSIS has been used in various studies to find the best ideal solutions in multi-criteria decision-making problems. There are also some studies that define security tactics with its goals, estimation of the gap between security tactics and its actual implementation, and identification and selection of security tactics to satisfy maximum security requirements [26][27][28][29][30]. However, we did not find any such study in which fuzzy-ANP and fuzzy-TOPSIS is used to assess the software security in a security-tactics perspective. Therefore, our research endeavor will make an assessment to evaluate 10 different software of an educational institute, Babasaheb Bhimrao Ambedkar University in Lucknow, India, in security tactics perspective by using fuzzy-ANP TOPSIS. This assessment mechanism will not only be more effective in developing secure software products but will also enable the higher education institutes to analyze their current software's security strength.

Materials and Methods
In this section, the authors discuss the concept and methodology used to implement the said concept in two different sub-sections. First, Section 2.1 discusses the concept named as software security tactics and other necessary concepts related to software security assessment. Section 2.2 provides a description of the methodology used in this study to implement the defined concept in Section 2.1. fuzzy-ANP and fuzzy-TOPSIS approach is discussed in Section 2.2 as a methodology to assess the security of software in the design tactics perspective.

Software Security Tactics
The literal meaning of security is being secure from all internal as well as external attacks or threats. Tactics literally means, "smartly-planned strategies to accomplish a definite goal". In the context of software architecture, security tactics is defined as "basic decisions (building-blocks) for software architecture that directly concerns the quality attribute of software" [7,19]. Security tactics are also defined as steps taken to enhance the quality attribute of software [8]. Security tactics provide guidelines for the conformity of quality attributes and adoption of these guidelines will help the developers to develop secure and trustworthy systems. Attack detection, resist against attacks, react to attacks, and recovery from attacks is the main objective of security tactics [20].
On the basis of security tactics, this study will assess the security of 10 different software of Babasaheb Bhimrao Ambedkar University (BBAU), Lucknow, UP, India. Analysis of previous high-quality research papers and other authentic relevant sources are used for attribute identification and selection for security assessment of 10 different software of the university. In this study, the authors consider three criteria at level 1, 15 sub-criteria at level 2 with 10 alternatives. Level 1 attributes detect attacks, resist attacks, and react and recover from attacks. Level 2 attributes detect intrusion, detect service denial, verify message integrity, detect message delay, verify repudiation as sub-attributes detect attacks, identification, authentication, authorization, encryption, limit access as sub-attributes of resist attacks, and revoke access, lock computer, inform actors, maintain audit trail, availability as sub-attributes of react and recover from attacks.
The ten software of the BBAU as alternatives are represented as US-1, US-2, US-3, US-4, US-5, US-6, US-7, US-8, US-9, and US-10 in this study. The attribute identification and selection for this study to assess software security in the security tactics perspective is fundamentally based on the Security Tactics Hierarchy Tree. Figure 1, presents Software Security Attributes in Security Tactics Perspective [31][32][33][34]. Further, verify repudiation is added as sub-attribute because repudiation allows any legitimate or illegitimate person to deny the performed action or transaction which can take software system in a catastrophic state. Moreover, repudiation is part of the STRIDE security threat model devised by IBM that maximizes its priority. The reaction to attacks and recovery from attacks are two separate sub-goals of security tactics [20]. However, in this study, these are taken together as a single attribute named "react and recover from attacks" because these two have a high level of dependency on each other, and after reacting to attacks we can achieve the recovery from attacks.  Resist Attacks (F2): resisting attacks means that a system should come up with a strong security mechanism that will help it to combat when any unauthorized or illegitimate user/process tries to access the system or system resources [9]. It includes Identification, authentication, and authorization, encryption, and limit access. These are the main attributes that will help software system designers and developers to make software systems attack resistive.
Identification (F21): identification occurs when a user, program or process claims an identity [10]. In other words, it is a representation of one's identity where the user or any other entity is not known.
Authentication (F22): authentication is a process of proving a user's claimed identity and it occurs when the users provide correct credentials to prove their identity [11].
Authorization (F23): authorization is a process of granting privileges to access the system Detect attacks (F1): detecting attacks means that a software system should provide a security mechanism that will help to identify the attacks when any illegitimate user tries to access the information or any information system. It includes detect intrusion, detect denial of services, verify message integrity, detect message delay, and verify repudiation [3].
Detect intrusion (F11): ensures that the security system should have the automatic ability to alert the admins whenever someone or something tries to compromise information system through malicious activities or through violation of security policies 4].
Detect denial of services (F12): it ensures that the security system should detect the malicious attacks that try to make the system or system resources unavailable to its authentic users [5].
Verify message integrity (F13): implies that the security system has the ability to verify the accuracy and completeness of the information sent by the sender [6].
Detect message delay (F14): ensures that the security system should have the ability to detect the reasons behind message delay or in other words detect the man-in-middle attacks [7].
Verify repudiation (F15): it ensures that there should be a strong mechanism that will prove that the activity performed by a particular user in the system is done by him/her when he/she refuses to accept [8].
Resist Attacks (F2): resisting attacks means that a system should come up with a strong security mechanism that will help it to combat when any unauthorized or illegitimate user/process tries to access the system or system resources [9]. It includes Identification, authentication, and authorization, encryption, and limit access. These are the main attributes that will help software system designers and developers to make software systems attack resistive.
Identification (F21): identification occurs when a user, program or process claims an identity [10]. In other words, it is a representation of one's identity where the user or any other entity is not known.
Authentication (F22): authentication is a process of proving a user's claimed identity and it occurs when the users provide correct credentials to prove their identity [11].
Authorization (F23): authorization is a process of granting privileges to access the system resources [12].
Encryption (F24): encryption means encoding of plain text (normal data) into cypher-text (encrypted data) to secure data from unauthorized users [13].
Limit access (F25): it defines that there should be a limit access protocol to access the system resources on the basis of user's needs. It can be defined at the group level or at the individual level [14].
React and recover from attacks (F3): react to an attack means that a software system should have a security mechanism that responds in a particular way when the system faces a potential attack, while recover from an attack means that the system should also have the ability to return to a normal state after facing a potential attack [15][16][17][18]. In other words, we can say that the system should provide normal services to its authentic users when or after facing a potential attack. The attributes that will help software designers and developers to make secure software systems that react to attacks and also recover from attacks are: revoke access, lock computer, inform actors, maintain audit trail, and availability.
Revoke access (F31): implies that when system admins realize any type of potential threat or attack, they can severely limit the access to sensitive resources [15].
Lock computer (F32): when there is a repeated failed login from a specific compute, admins can lock the specific computer for some specific time because continuous unsuccessful logins may indicate a malicious attack [15].
Inform actors (F33): malicious attacks sometimes need action by authentic users to execute their attacks, so the administrators shall inform the system users when the system has detected an attack [16].
Maintain audit trail (F34): the security system should also maintain audit trail automatically to keep the user actions and system records and their effects for future use when necessary [17].
Availability (F35): it ensures timely and reliable access to all the authentic users to access information and other resources when needed [18].

Methodology
Research methodology provides a framework within which a researcher conducts the research [21]. The research methodology used in this study to accomplish the goal of assessing the security of web application software in the perspective of design tactics is based on fuzzy ANP-TOPSIS, a symmetrical method of MCMD. Fuzzy-ANP is used to estimate the weights of the factors and their interdependence on each other in the ANP network. The TOPSIS symmetrical technique is finally used for the ranking of the alternates. A thorough explanation of these symmetrical techniques has been given below.
Fuzzy-ANP: fuzzy logic is an advanced form of traditional logic first coined by Lotfi Zadeh [11] which is based on mathematical fuzzy-set theory. Fuzzy-logic considers all uncertainties of a problem where it is difficult to determine the solution of the problem to be either completely true or completely false. It considers 0 and 1 as two extreme cases of truth and represents some other cases in between 0 and 1 to address and handle uncertain and imprecise information in decision-making problems [22]. The ANP is a multi-criteria decision analysis approach used in decision-making problems. It is the generalization of the AHP [23].
The analytic hierarchy process (AHP) method was devised by T.L. Saaty in 1980 for MCDM problems [24], but due to the limitation of not measuring the possible dependencies among the criteria [25], T.L. Saaty later introduced ANP to surmount the limitation of AHP [25,26]. ANP represents the dependencies among criteria or alternatives to solve the problems having dependencies [27]. AHP is represented by a hierarchy while ANP is represented by a network [23] because interactions and dependencies among the factors of the problem are shown in a network. ANP also determines the overall influence of these dependencies on the network. ANP also represents inter-dependencies among elements of the same cluster using loops and with other clusters of the same network along with feedback [23]. The fuzzy-ANP approach is the integration of fuzzy logic with ANP to handle imprecise information and make the results more precise and accurate.
Fuzzy-TOPSIS: TOPSIS was originally devised by Ching-Lai Hwang and Yoon as a multi-criteria decision analysis approach used to solve MCDM problems [28]. It is an improved form of displaced ideal solution concept given by Zelany. To address the rank reversal issue, TOPSIS has been found to be the best multi-criteria decision analysis approach which defines that when a non-optimal alternative is found, the alternative ranking can be changed [26]. The main idea of TOPSIS is that the best alternative among all competitive alternatives should be at the minimum distance from PIS and have maximum distance NIS [29]. PIS maximizes the benefit-criteria and minimize the cost-criteria while NIS minimizes benefit criteria and maximizes cost-criteria [30]. TOPSIS is the best-known approach for alternative ranking in MCMD problems.
In this research study, the authors use a hybrid approach of fuzzy-ANP TOPSIS to assess the security design tactics of software for precise, more accurate and efficient results. The step-by-step procedure for evaluating weightage and ranking through fuzzy-ANP-TOPSIS approach is specified below and Figure 2 depicts an overview of the overall working of fuzzy-ANP-TOPSIS approach.
According to Figure 2, the step-by-step procedure for evaluating weightage and ranking through fuzzy ANP-TOPSIS is specified as follows: Step1: First linguistic terms were converted into crisp numeric values and then a triangular fuzzy number (TFN). TFN can be defined as (p, q, r), where (p ≤ q ≤ r) and p, q, r are parameters indicating the smallest, the middle value, and the largest value in the TFN, respectively. Suppose A be a fuzzy number and its membership function can be defined as in Equations (1)-(2) and shown in Figure 3 [26].
Otherwise. According to figure 2, the step-by-step procedure for evaluating weightage and ranking through fuzzy ANP-TOPSIS is specified as follows: Step1: First linguistic terms were converted into crisp numeric values and then a triangular fuzzy number (TFN). TFN can be defined as (p, q, r), where (p ≤ q ≤ r) and p, q, r are parameters indicating the smallest, the middle value, and the largest value in the TFN, respectively. Suppose A be a fuzzy number and its membership function can be defined as in Equations (1)-(2) and shown in Figure 3 [26].
Otherwise.  First, views were taken from fifty academics and industry experts who had a wealth of expertise in security design and maintenance for each collection of attributes and related data. The experts were invited in a virtual meeting atmosphere to collate their viewpoints and were briefed about the size of the qualities with respect to various classes as well as the linguistic values. Authors accumulated network structure to determine the weights of security attributes with respect to design tactics, using the data collected. Software development experts provided the answers by assigning scores according to the scale shown in Table 1 to the attributes that influenced each other in a measurable way [20].  First, views were taken from fifty academics and industry experts who had a wealth of expertise in security design and maintenance for each collection of attributes and related data. The experts were invited in a virtual meeting atmosphere to collate their viewpoints and were briefed about the size of the qualities with respect to various classes as well as the linguistic values. Authors accumulated network structure to determine the weights of security attributes with respect to design tactics, using the data collected. Software development experts provided the answers by assigning scores according to the scale shown in Table 1 to the attributes that influenced each other in a measurable way [20]. Absolutely important (9, 9, 9) 2 4 6 8 Intermittent values between two adjacent scales (1, 2, 3) (3, 4, 5) (5, 6, 7) (7,8,9) The triangular fuzzy number is calculated from crisp numeric values by applying Equations (3)- (7) and represented as (p ij , q ij , r ij ) where, p ij denotes low value, q ij denotes mid-value and r ij denotes high-value. In addition, TFN [ηij] is defined as the following: where and J ijk represents the relative importance of the values between two factors mentioned in above-given equations; and given by the experts' decision. Where, a pair of attributes judged by experts is represented by i and j. TFN (η ij ) is estimated based on the geometric mean of expert's opinions for a particular comparison. In addition, equation 8 to 10 helps to aggregate triangular fuzzy number values. A1 and A2 are two TFNs, A1= (p 1 , q 1 , r 1 ) and A2= (p 2 , q 2 , r 2 ). The rules of operations on them are as: p 1 , q 1 , r 1 + p 2 , q 2 , r 2 = p 1 + p 2 , q 1 + q 2 , r 1 + r 2 (8) p 1 , q 1 , r 1 × p 2 , q 2 , r 2 = p 1 * p 2 , q 1 * q 2 , r 1 * r 2 (9) Step 2: pair-wise comparison matrix is constructed by using the responses received from the decision-makers. Calculation of the consistency index (CI) is done by using the formula in Equation (11) as follows: Where, CI: consistency Index and t: number of compared elements. Further estimation of the consistency ratio (CR), using a random index is as following: If CR < 0.1 then the generated matrix is reasonably consistent. Where, RI defines a random index. The random index is derived from Saaty [20].
Step 3: After obtaining a reasonably consistent matrix, TFN values are converted to quantifiable value by using defuzzification method. Defuzzification method applied in this work is taken from [16,17] as formulated in Equations (13)- (15), commonly known as alpha-cut method.
Step 4: ANP handles dependence within a cluster and among different clusters. This step is the formation of the super-matrix which is the result of the priority vector from the paired comparisons between groups including goal, factors, sub-factors, and alternatives.
Step 5: to determine the performance ranking of every alternative over every normalized factor, TOPSIS needs this formula for normalizing the whole decision matrix.
Step 6: estimation of positive-ideal solution I+ matrix and negative-ideal solution I_ matrix where, z + j is Max zij if j is an advantage factor and Max zij if j is a cost factor; z − j is Min zij if j is an advantage factor and Min zij if j is a cost factor?
Step 7: the next step is identifying the distance of each option value with respect to the positiveideal solution and the negative-ideal solution: Positive ideal solution: where, i = 1, 2, 3 . . . .m. Negative ideal solution: where, i = 1, 2, 3 . . . .m; where, D + j defines the distance to the positive-ideal solution for i option and D − i is the distance to the negative-ideal solution. Calculating the performance value for every alternative (Pi)- where, i = 1, 2, 3 . . . .m The above-described step-by-step procedure will be followed to assess the security of software in the security tactics perspective by using a symmetrical method of fuzzy-ANP-TOPSIS with a different number of alternatives. The next section performs a case study and gives the numerical analysis to achieve security tactics for software.

Data Analysis and Results
Estimation of the security strength of a software system quantitatively is complex as well as a challenging issue because security assessment is rationally a qualitative measure. During the software development process, the priority of quality attributes plays a very essential role to develop secure as well as usable software products. As a case study, this work contributes an approach for security assessment of university's software by using fuzzy ANP-TOPSIS. For the determination of security assessment in security tactics perspective, three criteria at Level-1 namely Detect attacks, Resist attacks, and React and recover from attacks are represented as F1, F2, and F3, respectively.
With respect to software security assessment in security tactics perspective at level 2: the attributes of detect attacks are detect intrusion, detect denial of services, verify message integrity, detect message delay, and verify repudiation and are represented as F11, F12, F13, F14, F15, respectively. The attributes of resist attacks are identification, authentication, and authorization, encryption, and limit access and are represented as F21, F22, F23, F24, F25, respectively. The attributes of react and recover from attacks are revoke access, lock computer, inform actors, maintain audit trail, and availability and are represented as F31, F32, F33,F34, and F35, respectively, in the tables given below. Software security assessment using fuzzy-ANP-TOPSIS has been examined by applying these Equations (1)-(20) as follows: With the help of standard Saaty scale shown in Table 1 and by applying Equations (1)-(9), authors of this paper converted the linguistic-terms into numeric values and then aggregated triangular fuzzy number values. Equations (3)-(6) were applied to convert crisp numerical values into fuzzy TFN numbers. Then the pair-wise comparison matrixes of the level-1 criteria is calculated and shown in Table 2. Thereafter, with the help of Equations (10) and (11), the consistency index and the random index has been calculated. The random index of a pair-wise comparison matrix is less than 0.1. This implies that our pair-wise matrix is consistent. In addition, Equations (7)-(9) are used for intermediately operations such as addition, multiplication, and reciprocal of fuzzy numbers, respectively. These intermediate operations are not shown in this study because it will increase the page limit of this study. In Table 3, local weights and normalized values of level-1 attributes are shown. By applying the same operations and Equations (1)-(9) that are used for level-1 attributes, local pair-wise comparison matrixes for sub-attributes of detect attacks, resist attacks, and react and recover from attacks at level-2 have been calculated and shown in Tables 2-5, respectively. Using Equations (12)- (14), the defuzzification of pair-wise comparison matrixes has been done with the help of the alpha-cut method and then normalized values and defuzzified local weights of these sub-attributes are shown in Tables 6-9, respectively.    The priorities derived from the different pair-wise comparisons are used to get an unweighted super-matrix. After the weighted super-matrix is calculated, the limit super-matrix is calculated. With the help of local weights, weighted super-matrix, and limit super-matrix, global weights and ranks of the attributes through the hierarchy are estimated, as shown in Table 10. Global weights of factors obtained by fuzzy-ANP are given to fuzzy-TOPSIS method as inputs to generate rank for each alternative. The performance using fuzzy-ANP-TOPSIS has been tested by applying these Equations (15)- (20) as follows: With the help of the Equations (16)- (20) defined in the methodology sub-section, we took the inputs on the technical data of ten software projects (BBA University's software projects) as shown in Table 11. For that, the Equation (16) has been used and normalized decision-matrix for 15 criteria and 10 alternatives have been constructed. Then each cell value (known as normalized performance value) of normalized decision-matrix is multiplied by weights of each criterion and a fuzzy weighted normalized decision-matrix has been obtained with the help of equation 16 and is shown in Table 12. Next, by applying Equation (17), the fuzzy positive-ideal solution (PIS) and fuzzy negative-ideal solution (NIS) have been determined. Then by applying Equations (18) and (19), the distance of each option value from the PIS and NIS is estimated and is represented in Table 13 under the column named D+I and D-I. Finally, by applying Equation (20), the performance value of each criterion has been calculated. The ranking of alternatives is obtained on the basis of the calculated performance score which has also been enlisted in Table 13.
The determined performance of ten institutional alternatives is as: US-1, US-6, US-7, US-9, US-2, US-10, US-5, US-4, US-8, and US-3. As per the assessment of this study, US-1 provides the best security mechanism in security tactics perspective among the 10 competitive alternatives.

Sensitivity Analysis
Sensitivity analysis is performed by changing the variables to examine the validity of results [36]. In this research work, the sensitivity analysis has been performed on resulted weights (variables). In this work, 15 factors are taken at last (2nd) level so the sensitivities are examined through 15 experiments. In each experiment, the satisfaction degree (CC-i) is calculated by making changes in weights of each factor while other factor's weight remains constant through the fuzzy-ANP-TOPSIS approach. Calculated results are shown in Table 14 and Figure 4.  In Table 14

Comparison of the Results
Applying different methods on the same data shows variations in results. Researches use   In Table 14

Comparison of the Results
Applying different methods on the same data shows variations in results. Researches use different symmetrical techniques to check the accuracy of results attained through projected symmetrical techniques [35,36]. In this study, the authors have used a fuzzy ANP-TOPSIS approach to examine the accuracy of the results obtained. In fuzzy ANP-TOPSIS, the process of data gathering and evaluation of that data is the same as that of the classical ANP-TOPSIS. However, for the fuzzy-ANP-TOPSIS, the fuzzification and defuzzification are required. Hence, for fuzzy ANP-TOPSIS, data is taken in its original numeric form and later converted into fuzzy numbers. The variations in the results of fuzzy and classical ANP-TOPSIS are shown in Table 15.  There are various real-life problems where we cannot decide that the solution to the problem is either completely true or completely false. If we do so it will provide imprecise and inefficient results. Fuzzy-logic considers all uncertainties of a problem and considers 0 and 1 as two extreme cases of truth and represents some other cases in between these two boundary values to address and handle ambiguous information in decision-making problems. Integrating fuzzy logic with ANP and TOPSIS makes this symmetrical technique more powerful. Moreover, this approach provides accurate results in dealing with similar problems [37]. In comparison, the classical ANP-TOPSIS does not address such ambiguities. Further, as evident from the results, fuzzy-ANP and classical-ANP strategies have extraordinary procedures.
The outcomes are unique, yet fundamentally the same. This empirical work has taken the Pearson's Correlation Method [37] for assessing the correlation between outcomes. The correlation coefficient shows the impact of the relationship between two values. The scale lies between −1 and +1 [37]. The value near to −1 shows the lower bonding between values, and the value near to +1 shows the tighter bonding between values. The Pearson correlation between the results of fuzzy-ANP and classical-ANP is 0.89176, which shows the strong correlation between the results achieved. As given in Table 15, the results with different approaches with the same dataset have been obtained, and these results show that the correlation between the results of fuzzy-ANP and classical-ANP is highly correlated.
The results of our study also show that the covered factors and their contribution to efficient security mechanisms in security tactics perspective are remarkable. Mamdouh Alenezi et al. recently published an article in which they assessed the security of software in a tactics perspective [38]. This article contained Fuzzy AHP-TOPSIS only. Due to network structure rather than tree structure, ANP methodology is better than the AHP methodology [37,38]. Therefore, in the current paper, the authors have taken design tactics as a contributor in the first level of the network, which improvises the results in the end. With the help of fuzzy-ANP-TOPSIS method, there is not a symmetric method for assessing software security in the design tactics perspective. Additionally, for testing the results, Mamdouh Alenezi et al. took eight alternatives only, whereas this paper has opted for ten alternatives to validate the results.

Discussion
Extensive use of computers, smartphones, electronic gadgets and other electromechanical devices has rapidly increased the demand for software throughout the world. A report on smartphone users (2019) shows that 3.3 billion people use smartphones in the whole world [31,35]. This figure was 1.31 billion in 2013 [32]. The number of active internet users has reached 4.33 billion as of July 2019, which is 56% of the total population of the world [33]. Meanwhile, in other sectors like business, health, education and government departments, the use of intelligent information systems has also shown rapid growth. Unfortunately, on the other side, the magnitude of attacks against software vulnerability and data breaches has also increased rapidly.
Moreover, reliance on informal and traditional procedures to address software security issues has further increased software vulnerabilities. Thus, providing software products to customers with ideal security mechanisms poses to be a daunting task for the present-day developers. The main goal of this study is to assess the security of software in security tactics perspective that will help the developers in prioritizing and selecting the security attributes to make secure software systems. In this league, the present study used an integrated fuzzy-ANP TOPSIS method of MCDM to estimate the software security in security tactics perspective.
Furthermore, the effectivity of the proposed symmetrical technique is convincingly established through a case study undertaken to evaluate 10 software of Babasaheb Bhimrao Ambedkar University. Unlike the fuzzy-AHP, fuzzy-ANP represents interactions and dependencies among attributes as well as alternatives with feedback [23][24][25]. Due to this it closely depicts the real-life problems and provides better results [23][24][25][26][27] and fuzzy logic addresses and handles the uncertain and imprecise information in decision problems very well [22]. Moreover, TOPSIS performs very well in ranking alternatives and choosing the best alternative among the available alternatives [28][29][30]. Therefore, a hybrid fuzzy-ANP-TOPSIS method is applied to get better results as compared to the other MCMD symmetrical techniques.

Pros
Assessment of software security in the security-tactics perspective is a way to evaluate the security attribute of a software system and provide guidelines for designers and developers.
Practitioners can take help from this study to prioritize and select attributes for software development to build secure systems.
Software security is a serious issue for both developers and stakeholders but still gets ignored. This study will provide sufficient understanding to practitioners to adopt security tactics instead of informal and traditional approaches while developing software systems to make them more secure.

Limitations
Our assessment can be sufficient for practitioners but not final because software security is a complex as well as dynamic task. Every day new challenges have been raised and faced by both developers and users.
Hybrid fuzzy-ANP-TOSIS is a suitable and significant approach for software security assessment but there may be better MCDM symmetrical techniques for MCMD problems.

Conclusions
This study employs a hybrid fuzzy-ANP-TOPSIS approach to assess the security of University's software in the perspective of security tactics. The hybrid fuzzy-ANP-TOPSIS approach provides an efficient way to evaluate any MCDM problem like software security assessment with different factors and alternatives. Software security factors are determined, their weights are calculated, alternative ranking is determined and overall software security is estimated. It has been concluded that alternative (US-1) provides the best reliable and durable security mechanism among all 10 competitive alternatives. Evaluation of software security of the university's software in security tactics perspective will provide guidelines and support practitioners to develop high-quality software products that will provide durable and reliable security mechanisms against all internal as well as external threats and attacks.
Author Contributions: All authors contribute equally to this article. All authors have read and approved the manuscript the final manuscript.