**2. Background**

#### *2.1. Adversarial and User Analysis*

In cyberattack scenarios, a competitive advantage by the adversary could exist in the first instance. Table 1 shows the adversary has valuable information such as personal user information, type of operating system, and user applications. Additionally, the adversary has information about the types of security vulnerabilities that can be exploited. The adversary has been trained in several cybersecurity areas, such as ethical hacking, vulnerability analysis, and reverse engineering. In this context, a user has a clear disadvantage, and from the perspective of game theory, we are faced with a game scenario with incomplete information from the user's side. The user does not know information related to the adversary, such as the type of cyberattack it could perform, which techniques will be used

to execute the attack, and which kind of resources are available. Establishing an optimal defense/security attack strategy requires more information from a user perspective [14].

**Table 1.** Comparative of resources adversarial versus user.


Alternatively, another drawback for the user is the stimulus that affects his/her decision criteria. For example, the COVID-19 pandemic has created a scenario where adversaries interact with web pages with drug procurement for the virus or access to free entertainment platforms [15]. In this context, the response time window in which the user must decide between clicking or abstaining from clicking is critical. For gathering information related to the adversary, pattern recognition techniques are used [7]. Meanwhile, decision-making models based on Bayesian networks [16] and diffusion models [17] are used for modeling user response time. Simmons et al. [18] propose the characterization of cyberattacks based on five major classifiers: attack vector, operational impact, attack target, defense, and informational impact. The adversary's characterization is based on two aspects: Risk adverseness and Experience level. Venkatesan et al. [19] propose that the modeling of the adversary behavior considers at least the following aspects:


At this point, incorporating cognitive sciences can improve the development of proactive cybersecurity solutions.

#### *2.2. Cognitive Sciences*

Research on cognitive sciences applied to cybersecurity acknowledges the importance of the human factor in cybersecurity; this is particularly relevant with the challenges generated by the growth of technologies such as cloud, mobile, IoT, and social networks [20,21]. Cognitive science could enhance the processes of perception, comprehension, and projection used by cybersecurity analysts to detect cyberattacks and establish future defense actions [9].

#### *2.3. Cognitive Process*

Currently, information is increasing fast, and the availability of processing data surpasses human capacities. According to [22], cognitive architectures and models have primarily been developed using Artificial Intelligence to serve as decision aids to human users. Analyzing the rational cognitive process can allow the design of the computational level of cognitive prediction. Cassenti et al. [23] mention that by using technology based on adaptive aids, the user's cognitive state can be obtained and difficulties detected at any stage of cognition. Additionally, Cassenti mentions that one missing element in technology models concerns the human learning process, providing feedback that allows technology to adapt to the user and accomplish goals. According to Cameron [24], cognitive strategies are mental processes developed by humans to regulate the thought processes inside the mind to achieve goals or solve problems (See, Figure 1).

**Figure 1.** Relation between Information, Technology aids, and Cognitive Processes.

#### *2.4. Cognitive Security*

Cognitive security is the ability to generate cognition for efficient decision-making in real-time by modeling human thought processes to detect cybersecurity attacks and develop defense strategies. Specifically, it responds to the need to build situational awareness of cybersecurity related to the environment of technology systems and the insights about itself. In addition, cognitive security allows programmers to develop defense actions by analyzing structured or unstructured information using cognitive sciences approaches, for instance, by incorporating Artificial Intelligence techniques such as data mining, machine learning, natural language processing, human-computer interaction, data analytics, big data, stochastic processes, and game theory. These emulate the human thought process for generating continuous learning, decision making, and security analysis [5].

#### *2.5. Prisma Methodology*

The PRISMA methodology is divided into four stages: identification, screening, eligibility analysis, and inclusion [25]. The identification stage includes the development of the following phases: study selection, inclusion and exclusion criteria, manual search, and duplicate removal. The screening stage consists of choosing papers according to relevant titles and abstracts. Next, the eligibility analysis stage includes the process of reading the full texts that accomplished the screening criteria. Finally, the inclusion stage consists of the relevant data extraction from full papers [26].

#### *2.6. Text Mining*

In this work, we applied text mining to execute the data analysis of selected papers. Text mining can be defined as mathematical analysis to deduce patterns and trends in the data. A classic exploration can detect these patterns because the relationships are very complex or large amounts of text where repetitive patterns, trends, or rules that explain the text's behavior are discovered. Text Mining's objective, an essential part of Data Science, is to help understand the content of a set of texts through statistics and search algorithms related to Artificial Intelligence [27]. In the text mining process, we obtain information from large amounts of text, with unstructured information and the context in which it was written, intending to extract non-obvious information. Text mining could conduct a qualitative research project with a large sample size similar to a quantitative research study [28].
