Towards a taxonomy of cyber threats against target applications

Narwal, Bhawna; Mohapatra, Amar Kumar; Usmani, Kaleem Ahmed

doi:10.1080/09720510.2019.1580907

Cited by 30 publications

(16 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the proposed taxonomy didn't consider physical and defense strategies. Narwal et al [112] characterized cyberattacks based on the sector of applications such as industrial applications, web applications, mobile devices and computer operating systems, etc. Others in [113,114] classified the attacks into active attacks and passive attacks.…”

Section: A Basics Of Attacks and Threatsmentioning

confidence: 99%

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

et al. 2020

View full text Add to dashboard Cite

Pervasive growth and usage of the Internet and mobile applications have expanded cyberspace. The cyberspace has become more vulnerable to automated and prolonged cyberattacks. Cyber security techniques provide enhancements in security measures to detect and react against cyberattacks. The previously used security systems are no longer sufficient because cybercriminals are smart enough to evade conventional security systems. Conventional security systems lack efficiency in detecting previously unseen and polymorphic security attacks. Machine learning (ML) techniques are playing a vital role in numerous applications of cyber security. However, despite the ongoing success, there are significant challenges in ensuring the trustworthiness of ML systems. There are incentivized malicious adversaries present in the cyberspace that are willing to game and exploit such ML vulnerabilities. This paper aims to provide a comprehensive overview of the challenges that ML techniques face in protecting cyberspace against attacks, by presenting a literature on ML techniques for cyber security including intrusion detection, spam detection, and malware detection on computer networks and mobile networks in the last decade. It also provides brief descriptions of each ML method, frequently used security datasets, essential ML tools, and evaluation metrics to evaluate a classification model. It finally discusses the challenges of using ML techniques in cyber security. This paper provides the latest extensive bibliography and the current trends of ML in cyber security.

show abstract

Section: A Basics Of Attacks and Threatsmentioning

confidence: 99%

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In other words, IoT forensics seeks to answer the 5WH questions in the context of IoT systems and constituent layers. In addition to gathering forensic data from physical IoT devices, the forensic data can also aggregate from local networks (e.g., a firewall or a router), edge or fog nodes, cloud datacenters [2]. Inspired by this fact, IoT Forensics can be taxonomized into five main subcategories as shown in Fig.…”

Section: Iot Forensicsmentioning

confidence: 99%

“…

…”

mentioning

confidence: 99%

Digital Forensics in Internet of Things

Abdel‐Basset

Moustafa

Hawash

et al. 2021

Deep Learning Techniques for IoT Security and Privacy

View full text Add to dashboard Cite

As IoT technology becomes an integral part of everyday life, enhancing productivity for businesses through automation, it should come as no surprise that attackers would seek to exploit these systems and the services they provide for profit. Through the Internet, attacks are capable of launching a number of diverse malicious actions such as Distributed Denial of Service (DDoS), Scanning/Probing, Keylogging, Malware proliferation, E-mail spamming, Click fraud, Phishing, Identity theft, and more [1,2]. As such, the need for reliable methods of investigation, which can be used for identification of security incidents, reconstruction of events and attribution is evident. As a result, the discipline of Digital Forensics was developed and continues evolving to cope with the composite nature of IoT environments resulting in what we call IoT forensics. This section is an introduction to digital forensics and its concepts.The main objectives of this chapter are as follows:1. To understand the digital forensic process. 2. To discuss the history of digital forensics and its related disciplines. 3. To learn the digital forensic investigation steps. 4. To discuss the various types of cyber-crime and digital evidence.

show abstract

“…While the importance of social engineering in phishing attacks is undeniable, and e-mail messages are the most common form of it, most taxonomies are more abstract, and not enough attention is dedicated to e-mail phishing attacks particularly in them. For example, in the taxonomy of cyber threats against target applications [14], phishing attacks are mentioned only in a description of a social engineering attack. Phishing and particularly e-mail phishing attacks are not presented in this taxonomy.…”

Section: The Content Of E-mail Phishing Attack-related Taxonomiesmentioning

confidence: 99%

E-mail-Based Phishing Attack Taxonomy

et al. 2020

View full text Add to dashboard Cite

The amount of fraud on the Internet is increasing along with the availability and the popularity of the Internet around the world. One of the most common forms of Internet fraud is phishing. Phishing attacks seek to obtain a user’s personal or secret information. The variety of phishing attacks is very broad, and usage of novel, more sophisticated methods complicates its automated filtering. Therefore, it is important to form up-to-date and detailed phishing attack taxonomy, which could be used for both human education purposes as well as phishing attack discrete notation. In this paper, we propose an e-mail-based phishing attack taxonomy, which includes six phases of the attack. Each phase has at least one criterion for the attack categorization. Each category is described, and in some cases the categories have sub-classes to present the full variety of phishing attacks. The proposed taxonomy is compared to similar taxonomies. Our taxonomy outperforms other phishing attack taxonomies in numbers of phases, criteria and distinguished classes. Validation of the proposed taxonomy is achieved by adapting it as a phishing attack notation for an incident management system. Taxonomy usage for phishing attack notation increases the level of description of phishing attacks compared to free-form phishing attack descriptions.

show abstract

Towards a taxonomy of cyber threats against target applications

Cited by 30 publications

References 6 publications

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

A Survey on Machine Learning Techniques for Cyber Security in the Last Decade

Digital Forensics in Internet of Things

E-mail-Based Phishing Attack Taxonomy

Contact Info

Product

Resources

About