Hybrid Computational Modeling for Web Application Security Assessment

Adil Hussain Seh,Jehad F.Al-Amri,Ahmad F.Subahi,Md Tarique Jamal Ansari,Rajeev Kumar,Mohammad Ubaidullah Bokhari and Raees Ahmad Khan

1Department of Information Technology,Babasaheb Bhimrao Ambedkar University,Lucknow,226025,Uttar Pradesh,India

2Department of Information Technology,College of Computers and Information Technology,Taif University,Taif,21944,Saudi Arabia

3Department of Computer Science,University College of Al Jamoum,Umm Al Qura University,Makkah,21421,Saudi Arabia

4Department of Computer Applications,Shri Ramswaroop Memorial University,Barabanki,225003,Uttar Pradesh,India

5Department of Computer Science,Aligarh Muslim University,Aligarh,202002,Uttar Pradesh,India

Abstract:Transformation from conventional business management systems to smart digital systems is a recurrent trend in the current era.This has led to digital revolution,and in this context,the hardwired technologies in the software industry play a significant role However,from the beginning,software security remains a serious issue for all levels of stakeholders.Software vulnerabilities lead to intrusions that cause data breaches and result in disclosure of sensitive data,compromising the organizations’reputation that translates into,financial losses as well.Most of the data breaches are financially motivated,especially in the healthcare sector.The cyber invaders continuously penetrate the E-Health data because of the high cost of the data on the dark web.Therefore,security assessment of healthcare web-based applications demands immediate intervention mechanisms to weed out the threats of cyber-attacks.The aim of this work is to provide efficient and effective healthcare web application security assessment.The study has worked with the hybrid computational model of Multi-Criteria Decision Making(MCDM)based on Analytical Hierarchy Process(AHP)and Technique for Order of Preference by Similarity to Ideal-Solutions (TOPSIS) under the Hesitant Fuzzy (HF) environment.Hesitant fuzzy sets provide effective solutions to address decision making problems where experts counter hesitation to make a decision.The proposed research endeavor will support designers and developers in identifying,selecting and prioritizing the best security attributes for web applications’development.The empirical analysis concludes that Robustness got highest priority amongst the assessed security attributes set followed by Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail.The results of this research endeavor depict that this proposed computational procedure would be the most conversant mechanism for determining the web application security.The study also establishes guidelines which the developers can refer for the identification and prioritization of security attributes to build more secure and trustworthy web-based applications.

Keywords: Healthcare web application;security assessment;hesitant fuzzy sets;AHP-TOPSIS

1 Introduction

The present day healthcare industry is one of the leading industries to adapt to the revolution of digitization.Switching from old paper-based system to digital data has made the health services accessible to everyone with the help of smart devices,internet connectivity and webbased applications.Digital healthcare services have led to enormous gains in the healthcare sector.Moreover,it is considered that e-health applications will reduce the healthcare service costs and minimize the extraneous consumptions [1].In the same league,the healthcare web applications provide provides efficient and usable services to its customers.The most commonly used and famous healthcare web applications are Google Health,Microsoft HealthVault,and Dossia [2].There are various Electronic Health Record (EHR) web based systems available at present.These are owned by different service providers in different countries.However,the security of these web applications is a serious concern,mostly for the customers who share their sensitive and valuable data with the healthcare service providers by using these web-based applications.

Web based application or web application is a type of software that is mostly stored on remote servers,accessed via internet and rendered on client’s web browser.Fast growing use of smart electronic devices and internet connectivity has put a great impact on web-based software development.Software marketing studies cite that in 2017,software market was $57.6 billion and in 2022 it will be $89.3 billion;that is an increment of 55% throughout the world [3].Thus,fulfilling this rapidly growing demand with efficient security mechanism is a challenging issue.Besides,designing and building secure software applications is in itself a complex task,but the multifold increase in intruders’ attacks and vulnerabilities make this task even more difficult.Development of web applications and security are not two different things.The concept of software security is as old as software itself.Software security is an essential aspect of software development process.But addressing security issues of software with traditional and informal methods increases the software vulnerabilities.As observed in several reports,it is believed that a hacking attack is carried out in every 39 s [3].Globally,it is reported that 54% of the business organizations faced at least one cyber-attack last year.Alarmingly,only 38% of these companies were able to resist the attacks [4-7].Data sensitivity of the healthcare industry makes it more susceptible to cyber invasions.According to a report published by HIPAA,510 healthcare data breaches were reported in 2019.303 of these intrusions were carried out through hacking and other IT incidents that comprised 59.41% of the total.Moreover,87.60% of the total breached records were exposed due to hacking/IT incidents in this year [4].From January to April 2020,145 healthcare data breaches have been reported and 82 of them are because of hacking/IT incidents;this accounts for 56.55% of the total [5].One of the reasons for continuously targeting healthcare data is the cost of a breached health data.For instance,while,the average cost estimated for a data breach in 2019 was $3.92 million the cost of a data breach in the healthcare sector was estimated to be $6.45 million [6].Such whopping costs and enormous profits are the lure factors for the hackers who are regularly devising new techniques to exploit the smallest of the vulnerabilities in the healthcare web applications.In this row,the healthcare data breach reports and other software vulnerability analysis studies point out the compelling need for improvised security assessment of healthcare web applications.

Security assessment of web applications is a continuous process that must be performed periodically by the experts to test the security preparedness of that product.It comprises the identification of software vulnerabilities and recommendations to prevent and resist against future attacks and reduce the possibilities of risk [8].Different security parameters are set by experts’opinions to perform software security assessment.Experts and researches use different MCMD approaches to evaluate security of software.As software security assessment is a decision-making problem [3].MCDM techniques have the ability to prioritize the security attributes according to their impact on the overall security of the software and identify the most relevant attributes [7].Prioritizing the security attributes and choosing the most relevant ones that must be focused on while designing and developing the web applications will help the practitioners to improve and maintain the web app security from the very beginning of the development lifecycle.Furthermore,this will also improve the lifespan of the web applications and reduce the total maintenance cost and time invested in the development [7].Hence,this work aims to evaluate the security of healthcare web applications owned by Indian hospitals through AHP-TOPSIS under the hesitant fuzzy-based environment.

Analytical hierarchical process,an MCDM technique,has a significant potential in addressing decision making problems that are of hierarchical nature.The proposed technique was first devised by T.L.Saaty in 1970.Since then,the technique has seen several refinements.It provides an effective approach for criteria’s (attribute) weight quantification.It helps the experts to find out the decision that best suits their goal and their problem-understanding instead of providing a correct decision.Furthermore,integrating hesitant fuzzy with this technique,makes it more efficient and helps to elicit more accurate results [9,10].Usually,experts encounter a hesitation while making a decision in AHP and cannot decide on a particular value because they might want to go beyond or beneath the values.However,these values are not available [11-15].In this situation,hesitant fuzzy sets play a vital role.Hesitant Fuzzy Sets help in representing decision-makers’hesitant preferences.HF-logic can be used to remove hesitancies that might occur in the decision making process,particularly when it is difficult to determine the membership of an element into a fixed set.The normal fuzzy logic cannot address such of issues [16-21].Thus,the hesitant Fuzzy collection has received considerable attention from scholars at home and abroad ever since it was put forward.Further,TOPSIS technique is also widely known for its characteristic of alternative ranking in the best possible way [3].Thus,integration of hesitant fuzzy logic with AHP-TOPSIS approach makes this study more efficient and effective for the evaluation of usable-security.

Hesitant fuzzy based AHP-TOPSIS has a significant ability to address MCDM problems that occur due to imprecise and uncertain information [22-26].In the problem-solving approach of MCDM domain,AHP under hesitant fuzzy environment produces more accurate weight of the attributes,thus generating more effective results [27-32].Hesitant fuzzy based TOPSIS is a more conversant approach for the ranking of alternatives in MCDM problem solving [13].In this work,seven security attributes are considered as criteria and ten web-based applications of hospitals as alternatives.Identification and selection of attributes is based on the experts’opinions and prominent research work.

The other sections of this study are organized as: Section 2 details the review of existing literature;Section 3 describes the security of healthcare web-based applications;Section 4 depicts the practiced methodology;Section 5 provides numerical calculations of the work,and Section 6 of the work enlists the conclusions of the study.

2 Review of the Existing Literature

Literature survey of the existing relevant studies is a significant tool for finding the actual research gap,and in identifying the objectives of the proposed study.From this analysis it was found that a good number of studies have already been completed on web applications’security assessment through different techniques and tools.Furthermore,different MCDM methods like F-AHP,TOPSIS and F-ANP with F-TOPSIS have been applied in different interested areas to find out the solutions for MCDM problems.These are few eminent and pertinent research studies:-

Sahu et al.[28] (2020)—Proposed a hesitant fuzzy based decision-making model to evaluate software durability of web-based applications.In this research study,they identified that trustworthiness and maintainability are two basic and fundamental attributes to preserve software durability of web applications.

Agarwal et al.[3] (2020)—Well known patterns commonly known as design tactics are practiced in this work to make an assessment of university’s different software systems fuzzy based ANP-TOPSIS.A unique set of security attributes with respect to security tactics perspective is identified and selected to assess the university’s software security.

Alenezi et al.[7] (2020)—The authors conducted a deep analytical study of security design tactics.Integrated multi-criteria fuzzy based AHP-TOPSIS technique has been applied to assess security design-tactics and prioritize the security tactic attributes.

Alharbe [11] (2020)—Proposed an integrated approach of fuzzy-Delphi and AHP to estimate usable-security of web-based hospital management software system.It provides guidelines to practitioners for identifying and prioritizing the usable-security factors while designing and building software products.

Kaur et al.[15] (2020)—The proposed study uses adaptive neuro fuzzy inference system for the identification and evaluation of security risk-factors during web application development.This study provides guidelines to the practitioners for assessing and prioritizing security risks of healthcare web-apps at the early stages of web application development for building secure software products.

Solangi et al.[9] (2019)—Devised a model for the selection of most pertinent renewable energy resource for electricity generation.In this work,Delphi-AHP and fuzzy based TOPSIS approaches are used to carry out this experiment.In this study,wind energy was found to be the most appropriate option for generating electricity in Pakistan.

Goutam et al.[16] (2019)—This work proposed a model for web application’s vulnerability estimation.Penetration testing is used as a tool to assess software vulnerabilities.Both manual and automatic testing has been performed on financial web applications for their security assessment.The study shows almost symmetric results generated from both the vulnerability testing approaches.

Sengul et al.[13] (2015)—Proposed a framework based on fuzzy-TOPSIS to rank the renewable-energy supply systems in Turkey.Shannon’s Entropy method has been applied to evaluate the weights of attributes.Tn this work,the hydro-power station was found to be the best renewable-energy supply system.

Qian et al.[26] (2013)—found out the applications of hesitant fuzzy sets in decision-making systems.The study shows that generalized HF sets is the best fit for the situations in which the decision makers hesitate in choosing because of several possible memberships with uncertainties.

Buyukozkan et al.[12] (2012)—The authors did an analytical study on healthcare electronicservice quality by using integrated fuzzy based AHP-TOPSIS methodology.The study found that specialization;interactivity,service accuracy,reliability and responsiveness are the main factors for o providing satisfactory and effective healthcare web services.

Sarfaraz et al.[14] (2012)—Applied AHP under fuzzy based environment for the selection of web development platform.In this study,LAMP,ASP.NET,and J2EE are evaluated as three web development platforms under the criteria set of security,compatibility,performance and licensing cost.LAMP platform has been found to be the best choice for web application development as compared to the two other platforms.

Lee et al.[8] (2000)—The authors employed ANP,a MCDM problem solving approach,for better selection in the context of information system projects.The study also applies goal programming to generate efficient results.Both the approaches are used because of multi-criteria and interdependency property.

Thus,it is clear that to address decision-making problems such as security attribute identification and assessment,AHP,TOPSIS and Fuzzy are reasonable assessment procedures.However,the shortcoming of fuzzy sets is that it doesn’t go beyond its membership’s value [27].While according to literature studied in this context,hesitant fuzzy sets cover this limitation and give more precise results.In addition,analysis of the literature reveals that there are very few studies that approach computational fuzzy based AHP,ANP,and TOSIS methodology to assess software security.However,we didn’t find any research study that assesses software security through integrated hesitant fuzzy based AHP-TOPSIS approach.Hence,our aim is to assess software security through the proposed computational approach for more fair and accurate results.Moreover,the method has been tested on real-time hospital software in Varanasi,India.

3 Healthcare Web Applications Security

Increasing use of internet,smart devices,and busy schedules of life has changed the priorities of both the individuals and organizations.Online digital services are highly recommended as well as practiced in different areas of life.Web based applications make these services easily accessible and serviceable.However,the security of these applications,carrying confidential data has become a critical issue and a persistent apprehension for both the stakeholders and developers [3].Web based Electronic Health Record (EHR) systems have gained consistent popularity in healthcare sector [17,29].The data repositories in the healthcare sector are highly sensitive and must not be breached upon [6].Nonetheless,there are numerous security challenges and issues found in healthcare applications [18].Fig.1 provides the architectural structure of EHR web-based systems.Thus,considering security and prioritizing security attributes at the initial phases of healthcare web application development has become a challenging and fascinating issue for the designers and developers.Literally,security is defined as “protection from both the internal and external attacks and threats” [3].Here,Security mainly ensures confidentiality,integrity,and availability of web-based software systems storing and processing sensitive and confidential healthcare data.

To improve the security and prioritize the security attributes of healthcare web applications,the authors of this study performed a case study on ten healthcare web applications of hospitals in Varanasi,India.The identification and selection of security attributes for the assessment of web applications is a unanimous judgment of experts’opinions and authors’experiences.The literature survey of the existing pertinent studies has a significant role in this process.For this work,seven security attributes with 10 different alternatives for the security assessment of healthcare web applications have been considered.Healthcare web applications of ten different hospitals in Varanasi have been selected as alternatives.They are symbolized as HWA-1,HWA-2,HWA-3,HWA-4,HWA-5,HWA-6,HWA-7,HWA-8,HWA-9,and HWA-10.Fig.2 given below represents the selected security attributes and their interdependency on each other.The seven selected security attributes of web application are defined as:

Figure 1:Web based EHR system

Authentication:It ensures that the claimed entity should provide all necessary information that will prove his/her claim [3].For example,enter the correct username and password for successful login.Strong authentication mechanism provides access to only authentic users of the system.This improves the confidentiality of information and information systems.

Encryption: It is the process of transforming the normal data (plan-text) into the encrypted form commonly known as cypher-text to protect data from illegitimate access and modification.Advanced encryption techniques ensure the improvement of overall security of a system but mainly focus on confidentiality and integrity of a system.Encrypted data is less susceptible to modification and disclosure.

Data Validation: It ensures the accuracy,consistency and completeness of data transferred among legitimate entities of a connected network [20].Thus,it implies that the integrity of data and can be estimated as proportion of valid data with respect to the available data.

Robustness: It defines the quality of error handling of a system during its execution process [21].ISO defines robustness as a degree of smallness in variability of a system’s function in various noisy conditions [22].Thus,degree of robustness of a system will directly affect the timeliness of a system.More robust systems are less susceptible to attacks such as flooding,and distributed denial of services.Hence,the attribute improves the quality of availability that is one of main component of CIA Triad [23].

Maintain Audit Trail: Literally,audit trail means a systematic tracing of detailed transactions of an item or record.But in computing,audit trail maintains a record of systems activities that has been made to a file or database.Thus,the healthcare web-based application system should also maintain audit trail to keep the users’actions and systems’records and their effects for future use when necessary [3].Maintaining audit trail will make the users of the system accountable.Hence,the attribute will improve the non-repudiation characteristic of the system.

Limit Access: It ensures that the different users of a system should be granted with different privileges according to their role and need.For system resource allocation,there should be a limit access protocol that provides resource access to its users on the basis of user’s needs.This protocol can be implemented on both the individual as well group level according to the structural need of the organization.

Revoke Access: Revoke access means repealing the granted privileges to a system’s user.It ensures that whenever there is any realization of potential threat or risk against the system or system resources,administrators of the system can severely limit or revoke the access to sensitive resources.

Thus,all the above discussed attributes are evidently vital for the healthcare web application security assessment.They provide enhanced security mechanism for designing and developing secure healthcare web application systems.Moreover,the selected attributes would also help the practitioners to improve the overall security mechanism of web applications if followed during the development process.

4 Adopted Methodology

The adopted research methodology provides a systematic step-wise procedure to carry out the experiment on healthcare web applications.For that,hesitant fuzzy AHP and fuzzy TOPSIS have been implemented to complete this work.AHP-TOPSIS are computational integrated approaches that come under the umbrella of MCDM problem solving domain [17].In this work,AHP-TOPSIS is practiced under the hesitant fuzzy logic environment that makes it apt for producing more accurate results.For difficulties where membership degrees cannot be openly cleared or judgment-creators do not decide on membership selection.Torra et al.[30] presented hesitant fuzzy sets,which were further upgraded by Rodriguez et al.[31].Hesitant fuzzy logic,as an advanced form of classical logic,has acquired utmost significance in those areas where solution of the problem may take any value from absolutely true to absolutely false.It can be absolutely true,partially true,absolutely false,or partially false.It comes with the ability to handle uncertainty of the information [9].Analytical hierarchical process,which is an MCDM problem solving technique,is the most suitable technique for addressing the problems that can produce multiple solutions having hierarchical nature.It analyzes the problem in a hierarchical fashion.AHP provides accurate calculations in case of the attributes’ subjective and objective values in comparison to other MCDM approaches [9,14,32].Furthermore,it measures the attributes’strength and consistency as determined by the decisions of the experts.TOPSIS is best known for alternative ranking in the MCDM problem domain.Its’working concept is found to be the best alternative among competitive alternatives set and rank all the available alternatives according to their performance scores [8,10].In this study,hesitant fuzzy-based AHP is first applied to determine the weights of criteria (factors/attributes) and then TOPSIS is practiced to produce the ranking of alternatives.Fig.3.Provides the step-wise working procedure undertaken for this research analysis.In the following sub-section,numerical formulae are provided that helped the researchers to make numerical analysis of this work.

Figure 3:Working diagram of hesitant fuzzy based AHP-TOPSIS

In this research endeavor,Hesitant Fuzzy-AHP methods have been proposed to estimate the priority of security attributes in web-based applications,and later by applying HF-TOPSIS approach,we have estimated their testing and impact on alternatives for similar characteristics.A step-wise depiction of the methodology in a precise way is listed below:

Step_1: Hierarchical model development for the different attributes is the initial step of proposed methodology.

Step_2: Taking help from Tab.1,decision makers used linguistic terms and pair-wise comparisons between those attributes were computed.

Table 1:Scale for HF-ANP technique

Step_3: Applying fuzzy wrappers [33] on transformed results.It is to be assumed that T0 has the lowest priority and Tg is has the highest priority in the specified linguistic scale,and the evaluations are between Ti and Tj such that T0 ≤Ti ≤Tj ≤Tg;attribute ordered weighted averaging has been computed as in Eq.(1).

where OWA specifies the method for ordered weighted averaging,W represents weight of attributes.Same way,after applying Eq.(1),experts find the trapezoidal numbers=(p,q,r,s)through Eqs.(2)-(5).

Taking help from Eqs.(6),(7),1st and 2nd type weights have been determined usingη.This is a number within the unit interval [0,1],by applying Eqs.(6),(7) respectively experts achieve these numbers.

1st type weights(W1=(w11,w12,...,w1n)):

2nd type weights(W2=(w21,w22,...,w2n)):

Step_4: By applying Eqs.(8),(9) experts compute the pair-wise comparison matrix (˜A) as

Step_5: Taking help from the Eq.(10),to identify Comparison matrix experts use it for defuzzification of matrix.

(l,m1,m2,h) in the specified Eq.(10),represents four components of a trapezoidal number,that is lower bound,upper middle bound,lower middle bound,and higher bound.Defuzzification provides precise values.

To calculate Consistency Ratio (CR) of those values experts apply Eqs.(11),(12) [4].

where,CI represents consistency index,RI is random index defined by saaty [32] that varies for altered n values.If value of Consistency Ration is＜0.1 then our determined matrix is consistent otherwise revise assessment from step_2.

Step_6: Here,experts of the domain apply Eq.(13) to compute the geometric mean for row values.

Step_7: Experts determine the most important criterion by assessing weigh of highest characteristics using Eq.(14).

Step_8: Analysis of the defuzzified values have been done by the experts by applying the Eq.(15).

Step 9: Taking help from the Eq.(16),experts of the domain defuzzified values have been transformed into Normalize weights.

Thereafter,HF-TOPSIS is used to find out the best alternative among the available alternatives set.As a dominantly practiced MCDM technique,TOPSIS has proved to be one of the best techniques to select the best alternative and helps the experts in addressing real-world problems [3].TOPSIS generated solutions are farthest away from the negative ideal solution and the nearest to the positive ideal solution [13].The base of the proposed technique is to use the envelopes for measuring the distance between H1s and H2s,for example.Given the envelopes,envp (H1s)=[Tp,Tq] andenvp(H2s)=[T*p,T*q],the distance is defined as Eq.(17).

Further,the procedure can be defined as:

Step_10: Here we assume for the beginning step that the concerned problem has E alternatives(C={C1,C2,...,CE})and n criteria(C={C1,C2,...,Cn})

Here,ex represents the practitioners and k depicts the numeric count of experts in TOPSIS approach.

The standard for HF-TOPSIS to assess criteria and effect of outcomes is specified as and lies between very bad and highly good scale:

r11=between medium and good (bt M&G)

r12=at most medium (am M)

r21=at least good (al G)

r22=between very bad and medium (bt VB&M)For each linguistic expression the comparative fuzzy envelope have been calculated respectively as [30]:

envpF(EGH (btM&G))=T (0.3300,0.5000,0.6700,0.8300)

envpF(EGH (amM))=T (0.0000,0.0000,0.3500,0.6700)

envpF(EGH (alG))=T (0.5000,0.8500,1.0000,1.0000)

envpF(EGH (btVB&M))=T (0.0000,0.3000,0.3700,0.6700)

Step_11: The aggregation of practitioners individual assessments(˜X1,˜X2,...,˜XK)have been taken and construction of summarized decision matrix X=[xij] is completed with the help of Eq.(18).

Step_12: The effective factor is represented byαb in TOPSIS assessment,where Aj depicts the most effective factor,and cost characteristic is represented byαc.Further,lowest relative alternatives for cost related preferences demand high accuracy.Thus,to make cost assessment and effective characteristics,these Eqs.(19)-(22) have been practiced [33]:

Step_13: Experts take help from the Eqs.(23),(24) to calculate the positive and negative ideal matrixes (M+andM-),respectively.

Step_14: By applying Eqs.(25),(26),the relative closeness score for each alternative have been computed.

where,

Step_15: Ordered ranking of the alternatives have been presented based on the corresponding relative closeness scores.

The above discussed systematic step-wise methodology will be adopted in this work to carry out a case study on healthcare web applications for security assessment.The next section of this work details the numerical calculations of this study.

5 Results and Numerical Analysis

Measuring the quality attribute of a web-based software which also includes security is not an easy task [3] because making quantitative evaluation of qualitative attribute is by rationale a complex work.Numerical analysis of this work will provide a quantitative evaluation of healthcare web application security.For that,the authors of this study undertook a case study on 10 different web-based healthcare applications for security assessment.AHP-TOPSIS,under the hesitant fuzzy environment,is approached to make this work more corroborative and efficient.To determine the security assessment of healthcare web applications,seven security attributes namely Authentication,Encryption,Data Validation,Robustness,Maintain Audit Trail,Limit Access,and Revoke Access were considered for this experiment.These attributes are symbolized as M1,M2,M3,M4,M5,M6,and M7,respectively,in the following tables.With the help of Eqs.(1)-(26)specified in Section 4 of this study,security assessment of healthcare web applications by applying AHP-TOPSIS under hesitant fuzzy environment has been examined as follows:

Firstly,taking help from the Eqs.(1)-(9) and considering Tab.1 as a standard scale,the authors of this study converted the linguistic terms to numeric values and then into HF based crisp numeric values.After that,for establishing pair-wise comparison matrix,numerical calculations are done and the final results are depicted in Tab.2.The intermediary operations to get Tab.2 results are the implementation of fuzzy wrappers with the help of Eq.(1);calculations of trapezoidal numbers C=(p,q,r,s) by applying Eqs.(2)-(5);and by practicing Eqs.(6),(7)first and second type weights have been determined with the involvement ofη,which represents a number between 0 and 1.Finally,by applying Eqs.(8),(9),the experts computed the pair-wise comparison matrix.Due to the constraint of word limit of this paper and less significance of the intermediately operations,they have not been represented here.

Table 2:Trapezoidal fuzzy pair-wise comparison matrix at level 1

Taking help from Eqs.(10)-(16),the defuzzified values and normalized weights of the level 1 attributes have been computed and the final results are represented in the Tab.3.The complete process for the calculation of Tab.3 goes through the following intermediately operations: first the pair-wise comparison matrixes have been converted into combined defuzzified values through defuzzification processes with the help of Eq.(10).Then the consistency index and consistency ration have been computed using the Eqs.(11),(12) to check matrix consistency.Our computed consistency ratio is CR=0.0712254,which is less than 0.1 that ensures our calculated matrix is consistent.After that geometric mean for row values and determination of the most important criterion have been calculated with the help of Eqs.(13),(14).Analysis of defuzzified values and conversion of these values to normalized weights have been done with the help of Eqs.(15),(16),respectively.

Table 3:Defuzzification and normalized weights

Table 4:Subjective cognition results of evaluators in linguistic terms

Table 5:The normalized fuzzy-decision matrix

This portion of the section provides a realistic assessment of evaluated results on highly sensitive healthcare web applications of Indian hospitals.After attaining the defuzzified and normalized weights of each attribute with the help of hesitant fuzzy based AHP technique,hesitant fuzzy based TOPSIS has been practiced to generate the global ranking of competitive alternatives.Taking help from standard scale in step_10 and Eq.(17) defined in the methodology sub-section,we took the inputs on the technological data of 10 healthcare web applications and the combinative results are depicted in the Tab.4.To obtain alternative ranking the attribute weights produced by hesitant fuzzy based AHP are given to TOPSIS approach under fuzzy environment.Taking help from step_10 (specified in methodology section) for intermediary operations and by applying Eq.(18) normalized fuzzy decision-matrix for seven attributes and ten competitive alternatives is established and presented in Tab.5.Practicing Eqs.(19)-(22) the normalized fuzzy decision-matrix cell values (performance-values) is multiplied by every attribute weight value,and a weighted fuzzy normalized decision-matrix is to be constructed which is depicted in Tab.6.Then by applying Eqs.(22),(23) to calculate positive and negative idealness of each alternative with respect to each attribute have been computed and the final results are shown in Tab.7.After that,Eqs.(25),(26)have been applied and relative closeness score for each alternative have been computed and the results are shown in Tab.8.

Table 6:The weighted normalized fuzzy-decision matrix

Table 7:Distance between alternatives and ideal solutions

Table 8:Relative closeness of the alternatives

On the basis of the preference score or relative closeness scores,the ranking of competitive alternatives (Ten healthcare web applications) is generated as: HWA-4,HWA-7,HWA-1,HWA-2,HWA-8,HWA-6,HWA-3,HWA-9,HWA-10,and HWA-5 in security assessment perspective.From this analysis it has been found that the security assessment performed on ten different healthcare web applications shows that HWA-4 provides better security mechanism to address main security issues and challenges on the basis of selected criteria.Further,analysis of the results shows that the identified attributes for software security assessment in this work have been prioritized in the following sequence through hesitant fuzzy TOPSIS technique: Robustness,Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail with the global normalized weights 0.2340,0.1840,0.1500,0.1440,0.1210,0.0850,and 0.0820,respectively.

6 Conclusion

The main objective of this work is to assess security of healthcare web applications through a computational MCDM technique named as AHP-TOPSIS under hesitant fuzzy environment.Identification and selection of security attributes used for evaluation has been done on the basis of experts’opinions and existing pertinent research outcomes.Fuzzy based AHP results shows that the Robustness attribute has got the highest priority followed by Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail.Hesitant fuzzy based TOPSIS generated ranking of alternatives (Healthcare web applications) depicts that HWA-4 has got the highest ranking,while the HWA-5 got the lowest ranking with performance score of 0.221125 examined with respect to the identified security attributes.Results show that HWA-4 provides comparatively more reliable and trustworthy security mechanism than the other nine available alternatives.This study will be helpful for healthcare web application security analysis and for the development of secure and trustworthy products.

From the results of the study,healthcare web application-4 (HWA-4) has optimally satisfied the security criteria that were employed in this study to evaluate the security of HWAs.Thus,it was found to be the best in providing reliable and trustworthy security mechanism against threats and attacks with a performance score of 0.314956.The main observations and results of the study are concluded in the following points.

· The security attributes’assessment through AHP under hesitant fuzzy environment prioritizes the security attributes in the following order: Robustness,Encryption,Authentication,Limit Access,Revoke Access,Data Validation,and Maintain Audit Trail with the global normalized weights 0.2340,0.1840,0.1500,0.1440,0.1210,0.0850,and 0.0820,respectively.

· The sequential order of other competitive alternatives according to their generated performance scores after HWA-4 is as: HWA-7,HWA-1,HWA-2,HWA-8,HWA-6,HWA-3,HWA-9,HWA-10,and HWA-5 with respect to identified weighted security attributes.

· Security of healthcare web applications is a serious issue and in this league,our work will provide adequate guidelines to the developers for building secure as well as reliable healthcare web applications.

· This work has been particularly completed with respect to healthcare web applications but it can also be practiced as a guideline for developing any type of secure web application.

· Research is a dynamic as well as an ongoing process.So,our security evaluation cannot challenge for the optimality of results,though our results are also accurate.Yet another reckoner in this regard is that there are other MCDM techniques that can be used for producing more efficient results.Nevertheless,our empirical estimations prove that we have also chosen a better technique for this assessment.

Acknowledgement: This research was supported by Taif University Researchers Supporting Project Number (TURSP-2020/211),Taif University,Taif,Saudi Arabia.

Funding Statement: This Project was funded by the Taif University Researchers Supporting Projects at Taif University,Kingdom of Saudi Arabia,under Grant Number: TURSP-2020/211.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.