A SYSTEMATIC MAPPING STUDY OF CYBERSECURITY VULNERABILITIES, ATTACKS, AND MITIGATION STRATEGIES

Kanika Khanna

doi:10.29121/shodhkosh.v4.i2.2023.5315

Authors

Kanika Khanna Assistant Professor, Department of Computer Science, SJK PG College Kalanaur, Rohtak

DOI:

https://doi.org/10.29121/shodhkosh.v4.i2.2023.5315

Keywords:

Cybersecurity, Threats, Vulnerabilities, Attack

Abstract [English]

For the intention of fortifying cyber applications and fending off significant security hazards, cybersecurity exploration has witnessed a remarkable upsurge in recent years. Identifying and examining prevalent cybersecurity vulnerabilities is the main aim of this investigation. To reach that destination, scientists embarked on a comprehensive cartography inquiry, which led to the recognition and assessment of 69 primary investigations. We discovered the most widespread security vulnerabilities after performing an extensive examination of the selected investigation. The location of publishing, country of publication, significant targeted infrastructure, applications, etc. have all been examined and showcased through data amalgamation. The results illustrate that the previously mentioned security methods simply strive to enhance security in overall, and that additional investigation is necessary to empirically confirm and practically implement the suggested resolutions. Moreover, we discovered that the majority of the investigation we incorporated in our examination concentrated on just a handful of the most common security vulnerabilities, such as social engineering, denial-of-service assaults, and malicious software. Nevertheless, additional effort must be exerted in this domain to ensure scholars and professionals acquire an enhanced comprehension of the utmost urgent cybersecurity weaknesses, targeted/exploited applications, alleviation methods, and frameworks.

References

Lun, Y.Z., D'Innocenzo, A., Malavolta, I., Di Benedetto, M.D.: Cyber-physical systems security: a systematic mapping study. arXiv preprint arXiv:1605.09641 (2016).

Razzaq, A., Hur, A., Ahmad, H.F., Masood, M.: Cyber security: Threats, reasons, challenges, methodologies and state of the art solutions for industrial applications. In: Autonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International Symposium on 2013, pp. 1-6. IEEE DOI: https://doi.org/10.1109/ISADS.2013.6513420

Von Solms, R., Van Niekerk, J.: From information security to cyber security. computers & security 38, 97-102 (2013). DOI: https://doi.org/10.1016/j.cose.2013.04.004

Benson, V., McAlaney, J., Frumkin, L.A.: Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape. In: Psychological and Behavioral Examinations in Cyber Security. pp. 266-271. IGI Global, (2018) DOI: https://doi.org/10.4018/978-1-5225-4053-3.ch016

Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672 (2019).

Floyd, D.H., Shelton, J.W., Bush, J.E.: Systems and methods for detecting a security breach in an aircraft network. In. Google Patents, (2018)

Taha, A.F., Qi, J., Wang, J., Panchal, J.H.: Risk mitigation for dynamic state estimation against cyber attacks and unknown inputs. IEEE Transactions on Smart Grid 9(2), 886-899 (2018). DOI: https://doi.org/10.1109/TSG.2016.2570546

Valeriano, B., Maness, R.C.: International Relations Theory and Cyber Security. The Oxford Handbook of International Political Theory, 259 (2018). DOI: https://doi.org/10.1093/oxfordhb/9780198746928.013.19

Von Solms, B., von Solms, R.: Cybersecurity and information security–what goes where? Information & Computer Security 26(1), 2-9 (2018). DOI: https://doi.org/10.1108/ICS-04-2017-0025

Ron, M.: Situational Status of Global Cybersecurity and Cyber Defense According to Global Indicators. Adaptation of a Model for Ecuador. In: Developments and Advances in Defense and Security: Proceedings of the Multidisciplinary International Conference of Research Applied to Defense and Security (MICRADS 2018) 2018, p. 12. Springer DOI: https://doi.org/10.1007/978-3-319-78605-6_2

Al Mazari, A., Anjariny, A.H., Habib, S.A., Nyakwende, E.: Cyber terrorism taxonomies: Definition, targets, patterns, risk factors, and mitigation strategies. In: Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications. pp. 608-621. IGI Global, (2018) DOI: https://doi.org/10.4018/978-1-5225-5634-3.ch032

Hansen, L., Nissenbaum, H.: Digital disaster, cyber security, and the Copenhagen School. International studies quarterly 53(4), 1155-1175 (2009). DOI: https://doi.org/10.1111/j.1468-2478.2009.00572.x

Kuehl, D.T.: From cyberspace to cyberpower: Defining the problem. Cyberpower and national security 30 (2009).

Benedickt, M.: Cyberspace: first steps. (1991).

Gunkel, D.J.: Hacking cyberspace. Routledge, (2018) DOI: https://doi.org/10.4324/9780429500084

Robinson, M., Jones, K., Janicke, H.: Cyber warfare: Issues and challenges. Computers & security 49, 70-94 (2015). DOI: https://doi.org/10.1016/j.cose.2014.11.007

Blakemore, B.: Policing cyber hate, cyber threats and cyber terrorism. Routledge, (2016) DOI: https://doi.org/10.4324/9781315601076

Taylor, R.W., Fritsch, E.J., Liederbach, J., Saylor, M.R., Tafoya, W.L.: Cyber Crime and Cyber Terrorism. (2019).

Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C.: Cyber warfare: building the scientific foundation, vol. 56. Springer, (2015) DOI: https://doi.org/10.1007/978-3-319-14039-1

Danks, D., Danks, J.H.: Beyond machines: Humans in cyber operations, espionage, and conflict. Binary Bullets: The Ethics of Cyberwarfare, 177-197 (2016). DOI: https://doi.org/10.1093/acprof:oso/9780190221072.003.0010

Libicki, M.C.: Drawing inferences from cyber espionage. In: 2018 10th International Conference on Cyber Conflict (CyCon) 2018, pp. 109-122. IEEE DOI: https://doi.org/10.23919/CYCON.2018.8405013

Abomhara, M., Køien, G.M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security 4(1), 65-88 (2015). DOI: https://doi.org/10.13052/jcsm2245-1439.414

Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.: Cybertwitter: Using twitter to generate alerts for cybersecurity threats and vulnerabilities. In: Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2016, pp. 860-867. IEEE Press DOI: https://doi.org/10.1109/ASONAM.2016.7752338

Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. NIST special publication 800, 150 (2016). DOI: https://doi.org/10.6028/NIST.SP.800-150

Rid, T., Buchanan, B.: Attributing cyber attacks. Journal of Strategic Studies 38(1-2), 4-37 (2015). DOI: https://doi.org/10.1080/01402390.2014.977382

Banks, W.C.: Cyber espionage and electronic surveillance: beyond the media coverage. Emory LJ 66, 513 (2016).

Zhang, H., Cheng, P., Shi, L., Chen, J.: Optimal denial-of-service attack scheduling with energy constraint. IEEE Transactions on Automatic Control 60(11), 3023-3028 (2015). DOI: https://doi.org/10.1109/TAC.2015.2409905

Kustarz, C., Huston III, L.B., Simpson, J.A., Winquist, J.E., Barnes, O.P., Jackson, E.: System and method for denial of service attack mitigation using cloud services. In. Google Patents, (2016)

Niemelä, J., Hyppönen, M., Kangas, S.: Malware protection. In. Google Patents, (2016)

Choo, K.-K.R.: The cyber threat landscape: Challenges and future research directions. Computers & Security 30(8), 719-731 (2011). DOI: https://doi.org/10.1016/j.cose.2011.08.004

Parmar, B.: Protecting against spear-phishing. Computer Fraud & Security 2012(1), 8-11 (2012). DOI: https://doi.org/10.1016/S1361-3723(12)70007-6

Dodge Jr, R.C., Carver, C., Ferguson, A.J.: Phishing for user security awareness. Computers & Security 26(1), 73-80 (2007). DOI: https://doi.org/10.1016/j.cose.2006.10.009

Sharma, P., Johari, R., Sarma, S.: Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. International Journal of System Assurance Engineering and Management 3(4), 343-351 (2012). DOI: https://doi.org/10.1007/s13198-012-0125-6

Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.: Correlation approach for SQL injection attacks detection. In: International Joint Conference CISIS’12-ICEUTE´ 12-SOCO´ 12 Special Sessions 2013, pp. 177-185. Springer DOI: https://doi.org/10.1007/978-3-642-33018-6_18

Brar, H.S., Kumar, G.: Cybercrimes: A Proposed Taxonomy and Challenges. Journal of Computer Networks and Communications 2018 (2018). DOI: https://doi.org/10.1155/2018/1798659

Gill, R.S., Smith, J., Looi, M.H., Clark, A.J.: Passive techniques for detecting session hijacking attacks in IEEE 802.11 wireless networks. (2005).

Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: Proceedings of the 30th international conference on Software engineering 2008, pp. 171-180. ACM DOI: https://doi.org/10.1145/1368088.1368112

Kieyzun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of SQL injection and cross-site scripting attacks. In: Proceedings of the 31st International Conference on Software Engineering 2009, pp. 199-209. IEEE Computer Society DOI: https://doi.org/10.1109/ICSE.2009.5070521

Nguyen, P.H., Ali, S., Yue, T.: Model-based security engineering for cyber-physical systems: A systematic mapping study. Information and Software Technology 83, 116-135 (2017). DOI: https://doi.org/10.1016/j.infsof.2016.11.004

Franke, U., Brynielsson, J.: Cyber situational awareness–a systematic review of the literature. Computers & Security 46, 18-31 (2014). DOI: https://doi.org/10.1016/j.cose.2014.06.008

Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, N.: Current state of research on cross-site scripting (XSS)–A systematic literature review. Information and Software Technology 58, 170-186 (2015). DOI: https://doi.org/10.1016/j.infsof.2014.07.010

Muccini, H., Sharaf, M., Weyns, D.: Self-adaptation for cyber-physical systems: a systematic literature review. In: Proceedings of the 11th international symposium on software engineering for adaptive and self-managing systems 2016, pp. 75-81. ACM DOI: https://doi.org/10.1145/2897053.2897069

Mishna, F., Cook, C., Saini, M., Wu, M.-J., MacFadden, R.: Interventions to prevent and reduce cyber abuse of youth: A systematic review. Research on Social Work Practice 21(1), 5-14 (2011). DOI: https://doi.org/10.1177/1049731509351988

Lewis, G., Lago, P.: Architectural tactics for cyber-foraging: Results of a systematic literature review. Journal of Systems and Software 107, 158-186 (2015). DOI: https://doi.org/10.1016/j.jss.2015.06.005

Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Shamshirband, S., Furnell, S.: A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44(4), 606-622 (2015). DOI: https://doi.org/10.1108/K-12-2014-0283

Enoch, S.Y., Ge, M., Hong, J.B., Alzaid, H., Kim, D.S.: A systematic evaluation of cybersecurity metrics for dynamic networks. Computer Networks 144, 216-229 (2018). DOI: https://doi.org/10.1016/j.comnet.2018.07.028

Ramaki, A.A., Rasoolzadegan, A., Bafghi, A.G.: A systematic mapping study on intrusion alert analysis in intrusion detection systems. ACM Computing Surveys (CSUR) 51(3), 55 (2018). DOI: https://doi.org/10.1145/3184898

Chockalingam, S., Pieters, W., Teixeira, A., van Gelder, P.: Bayesian Network Models in Cyber Security: A Systematic Review. In: Nordic Conference on Secure IT Systems 2017, pp. 105-122. Springer DOI: https://doi.org/10.1007/978-3-319-70290-2_7

Alguliyev, R., Imamverdiyev, Y., Sukhostat, L.: Cyber-physical systems and their security issues. Computers in Industry 100, 212-223 (2018). DOI: https://doi.org/10.1016/j.compind.2018.04.017

Budgen, D., Brereton, P.: Performing systematic literature reviews in software engineering. In: Proceedings of the 28th international conference on Software engineering 2006, pp. 1051-1052. ACM DOI: https://doi.org/10.1145/1134285.1134500

Kitchenham, B.A., Budgen, D., Brereton, O.P.: The value of mapping studies-A participant-observer case study. In: EASE 2010, pp. 25-33 DOI: https://doi.org/10.14236/ewic/EASE2010.4

Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for conducting systematic mapping studies in software engineering: An update. Information and Software Technology 64, 1-18 (2015). DOI: https://doi.org/10.1016/j.infsof.2015.03.007

Niazi, M.: Do systematic literature reviews outperform informal literature reviews in the software engineering domain? An initial case study. Arabian Journal for Science and Engineering 40(3), 845-855 (2015). DOI: https://doi.org/10.1007/s13369-015-1586-0

Chong, R.: QUICK REFERENCE GUIDE TO ENDNOTE. (2018).

Beecham, S., Hall, T., Britton, C., Cottee, M., Rainer, A.: Using an expert panel to validate a requirements process improvement model. Journal of Systems and Software 76(3), 251-275 (2005). DOI: https://doi.org/10.1016/j.jss.2004.06.004

R1. N. M. Mohammed, M. Niazi, M. Alshayeb, and S. Mahmood, "Exploring software security approaches in software development lifecycle: A systematic mapping study," Computer Standards & Interfaces, vol. 50, pp. 107-115, 2017/02/01/ 2017. DOI: https://doi.org/10.1016/j.csi.2016.10.001

[R2] Y. Mufti, M. Niazi, M. Alshayeb, and S. Mahmood, "A Readiness Model for Security Requirements Engineering," IEEE Access, vol. 6, pp. 28611-28631, 2018 DOI: https://doi.org/10.1109/ACCESS.2018.2840322