**1. Introduction**

Cybersecurity attacks have been relevant since the appearance of the first computers. However, their evolution due to the level of techniques and tools has converted them into the world's main risk. The World Economic Forum [1] has classified cyberattack as one of the top ten worldwide risks. Its impact is considered more significant than a food crisis due to its scope in modern society and its probability of occurrence. Reactive solutions focus mainly on attack alleviation processes, while proactive solutions could predict possible cyberattacks and generate self-protection systems. This scenario has motivated companies and researchers in the cybersecurity field to look for alternatives for replacing reactive solutions with proactive ones. One approach used by specialized firms and researchers is to establish anomaly detection processes that discover possible attack patterns and identify attackers' behaviors. In the last three years (2019–2021), several contributions to anomaly detection have been developed in different domains such as SCADA systems, smart grids, smart cities, critical infrastructures, and Cyber-Physical Systems (CPS) [2].

The anomaly detection process requires identifying features or components that differ from typical behaviors [3]. In the initial phase of this anomaly detection process, modeling cybersecurity expert knowledge and cognitive processes are relevant for building better proactive solutions. However, the large volume of data generated by the different interconnected devices in the digital world makes the identification process more challenging to implement [4]. Several alternatives have been defined for supporting analysts' cognitive processes (i.e., augmented cognition) by using computational models that simulate the

**Citation:** Andrade, R.O.; Fuertes, W.; Cazares, M.; Ortiz-Garcés, I.; Navas, G. An Exploratory Study of Cognitive Sciences Applied to Cybersecurity. *Electronics* **2022**, *11*, 1692. https://doi.org/10.3390/ electronics11111692

Academic Editor: Krzysztof Szczypiorski

Received: 25 April 2022 Accepted: 23 May 2022 Published: 26 May 2022

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

cognitive processes performed by cybersecurity experts. The identification of security risk patterns based on the analysts' cognitive processes can be approached through the Observe–Orient–Decide–Act model (OODA) or the Monitor–Analyze–Plan–Execute model (MAPE-K) [5].

Researchers have proposed the automation and support of the cognitive processes defined in the OODA and MAPE-K models through different machine learning techniques [6]. In the same research line, we found that several works from 2019 to 2021 used convolution networks, K-means, or deep learning for detecting phishing, ransomware, and even attacks against smart grids [7].

Researchers have identified that the possible actions or strategies of adversaries can be studied using game theory models with incomplete information based on Stackelberg's proposals [8]. This approach could support identifying a possible future attack and the possible strategies used by the adversary. In this way, cybersecurity research's central objective is to expand security analysts' cognitive capacity through data analysis, machine learning techniques, and game theory in cybersecurity [9].

Researchers have proposed a more in-depth approach to improve the cybersecurity proposals, focused on the adversary to identify their behavioral characteristics that lead them to decide on a specific attack strategy [10]. Furthermore, this allows for identifying the techniques that the adversary could select and how to use them. This approach could enable cybersecurity analysts to anticipate and establish a more optimal defense mechanism. Research has included the psychological perspective to analyze the adversaries' behavior [11]. Incorporating Artificial Intelligence, Machine Learning, data analytics, and psychology, among other fields related to cognitive sciences in cybersecurity, has generated a new cybersecurity approach called cognitive security [12]. This approach goes one step ahead of security intelligence to propose the best defensive strategies and take advantage of both cognitive processes: cybersecurity analysts and adversaries [13].

This study aims to identify the fundamental concepts related to the application of cognitive sciences in cybersecurity for establishing defense strategies to minimize the impact of cyberattacks. For this reason, we developed an exploratory study based on two stages:


This study is structured as follows. Section 2 introduces and describes the theory that explains the components of the research problem under research. Section 3 provides the methodological procedure applied to judge the validity of the results of this study. Section 4 presents a proposal for a cognitive cybersecurity model. Finally, the Section 6 describes the main findings and the lines of future work.
