Navigating the Cybersecurity Landscape: Vulnerabilities, Mitigation Strategies and Future Outlooks

doi:10.23940/ijpe.24.11.p5.688698

Abstract

Abstract: This paper offers a comprehensive assessment of advanced cybersecurity attacks, their prevention, and future directions in the field. It aims to provide an overview of some of the most significant cyber-attacks on critical facilities that have occurred over the past 20 years. This paper aims to study various types of cyber-attacks, their effects, vulnerabilities, and the attackers and victims involved. The research identifies five major categories of attacks: web attacks, malware attacks, active attacks, passive attacks and cryptographic attacks. Each category is further divided into distinct types of cyber-attacks, which are described in terms of their proposals, evaluation parameters, characteristics and methodologies used. A summary of these attacks across various parameters is tabulated in this paper to facilitate detailed analysis. Additionally, the paper examines several cutting-edge solutions and preventive measures and reviews research gaps and limitations associated with various cyber-attacks. This study is significant as it provides researchers with a thorough review to better understand different cyber-attacks and recent developments in the field of cybersecurity.

Key words: cyber security, cyber-attacks, information security, vulnerabilities, threats

Rashmi Kushwah. Navigating the Cybersecurity Landscape: Vulnerabilities, Mitigation Strategies and Future Outlooks [J]. Int J Performability Eng, 2024, 20(11): 688-698.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

[1] Jullian O., Otero B., Rodriguez E., Gutierrez N., Antona H., and Canal R., 2023. Deep-learning based detection for cyber-attacks in IoT networks: A distributed attack detection framework.Journal of Network and Systems Management, 31(2), 33.
[2] Hasan M.K., Habib A.A., Shukur Z., Ibrahim F., Islam S., and Razzaque M.A., 2023. Review on cyber-physical and cyber-security system in smart grid: Standards, protocols, constraints, and recommendations.Journal of Network and Computer Applications, 209, 103540.
[3] Wang C., and Zhu H., 2022. Wrongdoing monitor: A graph-based behavioral anomaly detection in cyber security.IEEE Transactions on Information Forensics and Security, 17, pp. 2703-2718.
[4] Syafitri W., Shukur Z., Asma’Mokhtar U., Sulaiman R., and Ibrahim M.A., 2022. Social engineering attacks prevention: A systematic literature review.IEEE Access, 10, pp. 39325-39343.
[5] Liu F., Wen Y., Zhang D., Jiang X., Xing X., and Meng D., 2019. Log2vec: A heterogeneous graph embedding based approach for detecting cyber threats within enterprise. InProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1777-1794.
[6] Li F., Shi Y., Shinde A., Ye J., and Song W., 2019. Enhanced cyber-physical security in internet of things through energy auditing. IEEE Internet of Things Journal,6(3), pp. 5224-5231.
[7] Crespo-Martínez I.S., Campazas-Vega A., Guerrero-Higueras Á.M., Riego-DelCastillo V., Álvarez-Aparicio C., and Fernández-Llamas C., 2023. SQL injection attack detection in network flow data.Computers & Security, 127, 103093.
[8] Hwang W.S., Shon J.G., and Park J.S., 2022. Web session hijacking defense technique using user information.Human-centric Computing and Information Sciences, 12, 16.
[9] Prentosito A., Skoczen M., Kahrs L., and Bhunia S., 2022. Case Study on a Session Hijacking Attack: The 2021 CVS Health Data Breach. InInternational Conference on Mobile Web and Intelligent Information Systems, pp. 93-105.
[10] Anthi E., Williams L., Javed A., and Burnap P., 2021. Hardening machine learning denial of service (DoS) defences against adversarial attacks in IoT smart home networks.Computers & Security, 108, 102352.
[11] Chen D., Yan Q., Wu C., and Zhao J., 2021. Sql injection attack detection and prevention techniques using deep learning. InJournal of Physics: Conference Series, 1757(1), 012055.
[12] Malviya V.K., Rai S., and Gupta A., 2021. Development of web browser prototype with embedded classification capability for mitigating Cross-Site Scripting attacks.Applied Soft Computing, 102, 106873.
[13] Mokbal F.M.M., Dan W., Xiaoxi W., Wenbin Z., and Lihua F., 2021. XGBXSS: an extreme gradient boosting detection framework for cross-site scripting attacks based on hybrid feature selection approach and parameters optimization.Journal of Information Security and Applications, 58, 102813.
[14] Gazzan M., and Sheldon F.T., 2023. Opportunities for early detection and prediction of ransomware attacks against industrial control systems.Future Internet, 15(4), 144.
[15] Zhang Y., Li M., Zhang X., He Y., and Li Z., 2022. Defeat magic with magic: a novel ransomware attack method to dynamically generate malicious payloads based on PLC control logic.Applied Sciences, 12(17), 8408.
[16] Navarrete Á., and Curty M., 2022. Improved finite-key security analysis of quantum key distribution against Trojan-horse attacks.Quantum Science and Technology, 7(3), 035021.
[17] Shetty N.P., Muniyal B., Anand A., and Kumar S., 2022. An enhanced sybil guard to detect bots in online social networks.Journal of Cyber Security and Mobility, pp. 105-126.
[18] Kedia M.K., and Das B., 2021. A Unique Approach for Detection and Removal of Key Loggers. InProceedings of International Conference on Computational Intelligence, Data Science and Cloud Computing: IEM-ICDC 2020, pp. 591-600.
[19] Rath S., Zografopoulos I., and Konstantinou C., 2021. Stealthy rootkit attacks on cyber-physical microgrids: Poster. InProceedings of the Twelfth ACM International Conference on Future Energy Systems, pp. 294-295.
[20] Cai T., Jia T., Adepu S., Li Y., and Yang Z., 2023. ADAM: an adaptive DDoS attack mitigation scheme in software-defined cyber-physical system. IEEE Transactions on Industrial Informatics,19(6), pp. 7802-7813.
[21] Ali M.H., Jaber M.M., Abd S.K., Rehman A., Awan M.J., Damaševičius R., and Bahaj S.A., 2022. Threat analysis and distributed denial of service (DDoS) attack recognition in the internet of things (IoT).Electronics, 11(3), 494.
[22] Manesh M.R., and Kaabouch N., 2019. Cyber-attacks on unmanned aerial system networks: Detection, countermeasure, and future research directions.Computers & Security, 85, pp. 386-401.
[23] Guo H., Pang Z.H., Sun J., and Li J., 2021. An output-coding-based detection scheme against replay attacks in cyber-physical systems. IEEE Transactions on Circuits and Systems II: Express Briefs,68(10), pp. 3306-3310.
[24] Li D., Gebraeel N., and Paynabar K., 2020. Detection and differentiation of replay attack and equipment faults in SCADA systems. IEEE Transactions on Automation Science and Engineering,18(4), pp. 1626-1639.
[25] Myint Oo M., Kamolphiwong S., Kamolphiwong T., and Vasupongayya S., 2019. Advanced support vector machine‐(ASVM‐) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN).Journal of Computer Networks and Communications, 2019(1), 8012568.
[26] Rajić B., Stanisavljević Ž., and Vuletić P., 2023. Early web application attack detection using network traffic analysis. International Journal of Information Security,22(1), pp. 77-91.
[27] Erdogan E., Altunbas I., Kurt G.K., and Yanikomeroglu H., 2021. The secrecy comparison of RF and FSO eavesdropping attacks in mixed RF-FSO relay networks. IEEE Photonics Journal,14(1), pp. 1-8.
[28] Alby M.F., Ruslan I.F., and Muharman M.L., 2022. Information security test on websites and social media using footprinting method. InProceedings of the 8th International Conference on Industrial and Business Engineering, pp. 521-525.
[29] Basak S., and Gowda M., 2022. mmspy: Spying phone calls using mmwave radars. In2022 IEEE Symposium on Security and Privacy (SP), pp. 1211-1228.
[30] Yu J., Lu L., Chen Y., Zhu Y., and Kong L., 2019. An indirect eavesdropping attack of keystrokes on touch screen through acoustic sensing. IEEE Transactions on Mobile Computing,20(2), pp. 337-351.
[31] Alshehri A., Granley J., and Yue C., 2020, March. Attacking and protecting tunneled traffic of smart home devices. InProceedings of the Tenth ACM Conference on Data and Application Security and Privacy, pp. 259-270.
[32] Wlazlo P., Sahu A., Mao Z., Huang H., Goulart A., Davis K., and Zonouz S., 2021. Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed. IET Cyber‐Physical Systems: Theory & Applications,6(3), pp. 164-177.
[33] Wu H., Meng X., Yang X., Li X., Wang P., He W., and Chen H., 2021. Ciphertext-only attack on optical cryptosystem with spatially incoherent illumination based deep-learning correlography.Optics and Lasers in Engineering, 138, 106454.
[34] Chen J., Chen L., and Zhou Y., 2020. Universal chosen-ciphertext attack for a family of image encryption schemes.IEEE Transactions on Multimedia, 23, pp. 2372-2385.
[35] Qin Y., Wan Y., and Gong Q., 2020. Learning-based chosen-plaintext attack on diffractive-imaging-based encryption scheme.Optics and Lasers in Engineering, 127, 105979.
[36] Nandi M.,2020, May. Mind the composition: birthday bound attacks on EWCDMD and SoKAC21. InAnnual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 203-220.
[37] Javed A.R., Beg M.O., Asim M., Baker T., and Al-Bayatti A.H., 2023. Alphalogger: Detecting motion-based side-channel attack using smartphone keystrokes.Journal of Ambient Intelligence and Humanized Computing, pp. 1-14.