Analysis of the Stages of Military Cyber Operations using the COBRAC Method and p, q Quasirung Orthopair Fuzzy Decision Making Framework
DOI:
https://doi.org/10.31181/jopi31202550Keywords:
Military Operations, Cyber Operations, Cyber Attacks, Cyber Space, Cyber Security, MCDM, COBRAC, p, q Quasirung Orthopair Fuzzy NumbersAbstract
This study aims to analyze the phased structure of military cyber operations and reveal the relative importance of each stage based on expert evaluations. The analysis, which covers seven fundamental phases—reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), and actions on objectives—was conducted using the Comparisons between Ranked Criteria (COBRAC) method. The results demonstrate that operational success in military cyber activities is not solely determined by the direct impact on the target, but also by the preparatory processes that lead to such effects. The findings indicate that reconnaissance and weaponization are particularly critical in terms of strategic planning and technical capability development. The delivery and installation phases are also prominent, as they ensure the sustainability of the operation and persistence within the target system. In contrast, exploitation and C2 stages, while functionally important, appear to play a more flexible and instrumental role. The lowest score was assigned to the actions on objectives phase, suggesting that in military cyber operations, long-term access, intelligence gathering, and maintaining digital superiority are often prioritized over immediate destructive outcomes. To verify the reliability of the ranking results, a sensitivity analysis was performed using the p, q Quasirung Orthopair Fuzzy Decision-Making Framework, and the consistency of the outcomes was confirmed. Overall, the study offers a comprehensive perspective on the nature of military cyber operations and recommends that future research focus on modeling dynamic decision-making processes, conducting interdisciplinary analyses, and developing advanced decision support systems.
Downloads
References
O'Leary, M., O'Leary, M., & McDermott, C. (2019). Cyber operations. Apress. https://doi.org/10.1007/978-1-4842-4294-0
Baştan, Y., & Oran, F. Ç. (2024). Rus Dış Politikasında Siber Müdahale Yöntemi Olarak Dezenformasyon Operasyonları. Yönetim Bilimleri Dergisi, 22(53), 1205–1230. https://doi.org/10.35408/comuybd.1457165
Jensen, B., Valeriano, B., & Maness, R. (2019). Fancy bears and digital trolls: Cyber strategy with a Russian twist. Journal of Strategic Studies, 42(5), 58–80. https://doi.org/10.1080/01402390.2018.1559152
Willett, M. (2022). The Cyber Dimension of the Russia-Ukraine War. Survival, 64(5), 7–26. https://doi.org/10.1080/00396338.2022.2126193
Zhao, B., et al. (2023). Manufacturing Conflict or Advocating Peace? A Study of Social Bots Agenda Building in the Twitter Discussion of the Russia-Ukraine War. Journal of Information Technology & Politics, 21(2), 176–194. https://doi.org/10.1080/19331681.2023.2189201
Ottis, R., & Lorents, P. (2010). Cyberspace: Definition and Implication. International Conference on Information Warfare and Security, XII. Reading: Academic Conferences International Limited.
Schulze, M. (2020, May). Cyber in war: Assessing the strategic, tactical, and operational utility of military cyber operations. In 2020 12th International Conference on Cyber Conflict (CyCon) (Vol. 1300, pp. 183–197). IEEE. https://doi.org/10.23919/CyCon49761.2020.9131733
Lin, H. (2022). Russian cyber operations in the invasion of Ukraine. The Cyber Defense Review, 7(4), 31–46.
Wither, J. K. (2016). Making Sense of Hybrid Warfare. Connections, 15(2), 73–87. https://doi.org/10.11610/Connections.15.2.06
Mačák, K. (2021). Unblurring the lines: Military cyber operations and international law. Journal of Cyber Policy, 6(3), 411–428. https://doi.org/10.1080/23738871.2021.2014919
Brantly, A., & Smeets, M. (2020). Military operations in cyberspace. Handbook of military sciences, 1–16. https://doi.org/10.1007/978-3-030-02866-4_19-1
Erdoğan, M., Karaşan, A., Kaya, İ., Budak, A., & Colak, M. (2020). A fuzzy based MCDM methodology for risk evaluation of cyber security technologies. In *Intelligent and Fuzzy Techniques in Big Data Analytics and Decision Making: Proceedings of the INFUS 2019 Conference, Istanbul, Turkey, July 23-25, 2019* (pp. 1042–1049). Springer International Publishing. https://doi.org/10.1007/978-3-030-23756-1_123
Torbacki, W. (2021). A hybrid MCDM model combining DANP and PROMETHEE II methods for the assessment of cybersecurity in industry 4.0. Sustainability, 13(16), 8833. https://doi.org/10.3390/su13168833
AbdelMouty, A. M., & Abdel-Monem, A. (2023). Neutrosophic MCDM methodology for assessment risks of cyber security in power management. Neutrosophic Systems with Applications, 3, 53–61. https://doi.org/10.61356/j.nswa.2023.18
Alhakami, W. (2023). Computational study of security risk evaluation in energy management and control systems based on a fuzzy MCDM method. Processes, 11(5), 1366. https://doi.org/10.3390/pr11051366
Bouramdane, A. A. (2023). Cyberattacks in smart grids: Challenges and solving the multi-criteria decision-making for cybersecurity options, including ones that incorporate artificial intelligence, using an analytical hierarchy process. Journal of Cybersecurity and Privacy, 3(4), 662–705. https://doi.org/10.3390/jcp3040031
Mohamed, R., & Ismail, M. M. (2023). Evaluation of Cyber Insecurities of the Cyber Physical System Supply Chains Using α-Discounting MCDM. Infinite Study. https://doi.org/10.61356/j.nswa.2023.98
Yang, Z. (2025). Evaluation of Intrusion Detection Systems in Cyber Security using Fuzzy OffLogic and MCDM Approach. Neutrosophic Sets and Systems, 85, 343–360.
Bhol, S. G. (2025). Applications of Multi Criteria Decision Making Methods in Cyber Security. Cyber-Physical Systems Security, 233–258. https://doi.org/10.1007/978-981-97-5734-3_11
Pamucar, D., Simic, V., Görçün, Ö. F., & Küçükönder, H. (2024). Selection of the best Big Data platform using COBRAC-ARTASI methodology with adaptive standardized intervals. Expert Systems with Applications, 239, 122312. https://doi.org/10.1016/j.eswa.2023.122312
Biswas, S., Pamucar, D., & Simic, V. (2024). Technology adaptation in sugarcane supply chain based on a novel p, q Quasirung Orthopair Fuzzy decision making framework. Scientific Reports, 14(1), 26486. https://doi.org/10.1038/s41598-024-75528-5
Roy, S., Sharmin, N., Acosta, J. C., Kiekintveld, C., & Laszka, A. (2022). Survey and taxonomy of adversarial reconnaissance techniques. ACM Computing Surveys, 55(6), 1–38. https://doi.org/10.1145/3538704
Yadav, T., & Rao, A. M. (2015, August). Technical aspects of cyber kill chain. In International Symposium on Security in Computing and Communication (pp. 438–452). Springer International Publishing. https://doi.org/10.1007/978-3-319-22915-7_40
Dargahi, T., Dehghantanha, A., Bahrami, P. N., Conti, M., Bianchi, G., & Benedetto, L. (2019). A Cyber-Kill-Chain based taxonomy of crypto-ransomware features. Journal of Computer Virology and Hacking Techniques, 15, 277–305. https://doi.org/10.1007/s11416-019-00338-7
Zhao, L. (2024). Navigating the Cyber Kill Chain: A modern approach to pentesting. Applied and Computational Engineering, 38, 170–175. https://doi.org/10.54254/2755-2721/38/20230549
Allodi, L. (2017, October). Economic factors of vulnerability trade and exploitation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1483–1499). https://doi.org/10.1145/3133956.3133960
Kazimierczak, M., Habib, N., Chan, J. H., & Thanapattheerakul, T. (2024). Impact of AI on the Cyber Kill Chain: A Systematic Review. Heliyon. https://doi.org/10.1016/j.heliyon.2024.e40699
Bahrami, P. N., Dehghantanha, A., Dargahi, T., Parizi, R. M., Choo, K. K. R., & Javadi, H. H. (2019). Cyber kill chain-based taxonomy of advanced persistent threat actors: Analogy of tactics, techniques, and procedures. Journal of Information Processing Systems, 15(4), 865–889.
Matto, G. (2024). The Cyber Kill Chain Model and Its Applicability on The Protection of Students Academic Information Systems (SAIS) in Tanzanian HEIs. https://doi.org/10.51519/journalisi.v6i1.676
Gardiner, J., Cova, M., & Nagaraja, S. (2014). Command & Control: Understanding, Denying and Detecting—A review of malware C2 techniques, detection and defences. arXiv preprint arXiv:1408.1136.
Muller, L. P. (2024). Cybersecurity in practice: The vigilant logic of kill chains and threat construction. European Journal of International Security, 1–21. https://doi.org/10.1017/eis.2024.27
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Hakan Ayhan Dağıstanlı (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
