Skip to main content

Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study

Abstract

There has been a tremendous increase in research in the area of cyber security to support cyber applications and to avoid key security threats faced by these applications. The goal of this study is to identify and analyze the common cyber security vulnerabilities. To achieve this goal, a systematic mapping study was conducted, and in total, 78 primary studies were identified and analyzed. After a detailed analysis of the selected studies, we identified the important security vulnerabilities and their frequency of occurrence. Data were also synthesized and analyzed to present the venue of publication, country of publication, key targeted infrastructures and applications. The results show that the security approaches mentioned so far only target security in general, and the solutions provided in these studies need more empirical validation and real implementation. In addition, our results show that most of the selected studies in this review targeted only a few common security vulnerabilities such as phishing, denial-of-service and malware. However, there is a need, in future research, to identify the key cyber security vulnerabilities, targeted/victimized applications, mitigation techniques and infrastructures, so that researchers and practitioners could get a better insight into it.

This is a preview of subscription content, access via your institution.

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

References

  1. Lun, Y.Z.; et al.: Cyber-physical systems security: a systematic mapping study. arXiv:1605.09641 (2016)

  2. Razzaq, A.; et al.: Cyber security: threats, reasons, challenges, methodologies and state of the art solutions for industrial applications. In: 2013 IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS). IEEE (2013)

  3. Von Solms, R.; Van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)

    Article  Google Scholar 

  4. Benson, V.; McAlaney, J.; Frumkin, L.A.: Emerging threats for the human element and countermeasures in current cyber security landscape. Psychological and Behavioral Examinations in Cyber Security, pp. 266–271. IGI Global, Hershey (2018)

    Chapter  Google Scholar 

  5. Bada, M.; Sasse, A.M.; Nurse, J.R.: Cyber security awareness campaigns: why do they fail to change behaviour? arXiv:1901.02672 (2019)

  6. Floyd, D.H.; Shelton, J.W.; Bush, J.E.: Systems and methods for detecting a security breach in an aircraft network. Google Patents (2018)

  7. Taha, A.F.; et al.: Risk mitigation for dynamic state estimation against cyber attacks and unknown inputs. IEEE Trans. Smart Grid 9(2), 886–899 (2018)

    Article  Google Scholar 

  8. Valeriano, B.; Maness, R.C.: International relations theory and cyber security. In: Brown, C., Eckersley, R. (eds.) The Oxford Handbook of International Political Theory, p. 259. Oxford University Press, Oxford (2018)

    Google Scholar 

  9. von Solms, B.; von Solms, R.: Cybersecurity and information security—what goes where? Inf. Comput. Secur. 26(1), 2–9 (2018)

    Article  Google Scholar 

  10. Ron, M.: Situational status of global cybersecurity and cyber defense according to global indicators. Adaptation of a model for ecuador. In: Developments and Advances in Defense and Security: Proceedings of the Multidisciplinary International Conference of Research Applied to Defense and Security (MICRADS 2018). Springer (2018)

  11. Al Mazari, A.; et al.: Cyber terrorism taxonomies: definition, targets, patterns, risk factors, and mitigation strategies. Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications, pp. 608–621. IGI Global, Hershey (2018)

    Chapter  Google Scholar 

  12. Hansen, L.; Nissenbaum, H.: Digital disaster, cyber security, and the Copenhagen School. Int. Stud. Q. 53(4), 1155–1175 (2009)

    Article  Google Scholar 

  13. Kuehl, D.T.: From cyberspace to cyberpower: Defining the problem. Cyberpower and National Security, vol. 30. National Defense University Press, Washington, D.C (2009)

    Google Scholar 

  14. Benedickt, M.: Cyberspace: First Steps. MIT Press, Cambridge (1991)

    Google Scholar 

  15. Gunkel, D.J.: Hacking Cyberspace. Routledge, Abingdon (2018)

    Book  Google Scholar 

  16. Abomhara, M.; Køien, G.M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. 4(1), 65–88 (2015)

    Article  Google Scholar 

  17. Mittal, S.; et al.: Cybertwitter: using twitter to generate alerts for cybersecurity threats and vulnerabilities. In: Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. IEEE Press (2016)

  18. Johnson, C.; et al.: Guide to cyber threat information sharing. NIST Spec. Publ. 800, 150 (2016)

    Google Scholar 

  19. Rid, T.; Buchanan, B.: Attributing cyber attacks. J. Strateg. Stud. 38(1–2), 4–37 (2015)

    Article  Google Scholar 

  20. Banks, W.C.: Cyber espionage and electronic surveillance: beyond the media coverage. Emory L. J. 66, 513 (2016)

    Google Scholar 

  21. Zhang, H.; et al.: Optimal denial-of-service attack scheduling with energy constraint. IEEE Trans. Autom. Control 60(11), 3023–3028 (2015)

    MathSciNet  Article  Google Scholar 

  22. Kustarz, C.: et al.: System and method for denial of service attack mitigation using cloud services. Google Patents (2016)

  23. Niemelä, J.; Hyppönen, M.; Kangas, S.: Malware protection. Google Patents (2016)

  24. Choo, K.-K.R.: The cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719–731 (2011)

    Article  Google Scholar 

  25. Parmar, B.: Protecting against spear-phishing. Comput. Fraud Secur. 2012(1), 8–11 (2012)

    Article  Google Scholar 

  26. Dodge Jr., R.C.; Carver, C.; Ferguson, A.J.: Phishing for user security awareness. Comput. Secur. 26(1), 73–80 (2007)

    Article  Google Scholar 

  27. Sharma, P.; Johari, R.; Sarma, S.: Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. Int. J. Syst. Assur. Eng. Manag. 3(4), 343–351 (2012)

    Article  Google Scholar 

  28. Choraś, M.; et al.: Correlation approach for SQL injection attacks detection. In: International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special Sessions. Springer (2013)

  29. Brar, H.S.; Kumar, G.: Cybercrimes: a proposed taxonomy and challenges. J. Comput. Netw. Commun. 2018, Article ID 1798659 (2018)

    Google Scholar 

  30. Gill, R.S.; Smith, J.; Looi, M.H.; Clark, A.J.: Passive techniques for detecting session hijacking attacks in IEEE 802.11 wireless networks. In: Clark, A.J., Kerr, K., Mohay, G.M. (eds.) AusCERT Asia Pacific Information Technology Security Conference: Refereed R&D Stream, 22–26 May 2005, Gold Coast, Australia (2005)

  31. Wassermann, G.; Su, Z.: Static detection of cross-site scripting vulnerabilities. In: Proceedings of the 30th International Conference on Software Engineering. ACM (2008)

  32. Kieyzun, A.; et al.: Automatic creation of SQL injection and cross-site scripting attacks. In: Proceedings of the 31st International Conference on Software Engineering. IEEE Computer Society (2009)

  33. Nguyen, P.H.; Ali, S.; Yue, T.: Model-based security engineering for cyber-physical systems: a systematic mapping study. Inf. Softw. Technol. 83, 116–135 (2017)

    Article  Google Scholar 

  34. Hydara, I.; et al.: Current state of research on cross-site scripting (XSS)—a systematic literature review. Inf. Softw. Technol. 58, 170–186 (2015)

    Article  Google Scholar 

  35. Muccini, H.; Sharaf, M.; Weyns, D.:. Self-adaptation for cyber-physical systems: a systematic literature review. In: Proceedings of the 11th International Symposium on Software Engineering for Adaptive and Self-managing Systems. ACM (2016)

  36. Mishna, F.; et al.: Interventions to prevent and reduce cyber abuse of youth: a systematic review. Res. Soc. Work Pract. 21(1), 5–14 (2011)

    Article  Google Scholar 

  37. Lewis, G.; Lago, P.: Architectural tactics for cyber-foraging: results of a systematic literature review. J. Syst. Softw. 107, 158–186 (2015)

    Article  Google Scholar 

  38. Rahim, N.H.A.; et al.: A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44(4), 606–622 (2015)

    MathSciNet  Article  Google Scholar 

  39. Enoch, S.Y.; et al.: A systematic evaluation of cybersecurity metrics for dynamic networks. Comput. Netw. 144, 216–229 (2018)

    Article  Google Scholar 

  40. Ramaki, A.A.; Rasoolzadegan, A.; Bafghi, A.G.: A systematic mapping study on intrusion alert analysis in intrusion detection systems. ACM Comput. Surv. (CSUR) 51(3), 55 (2018)

    Article  Google Scholar 

  41. Chockalingam, S.; et al.: Bayesian network models in cyber security: a systematic review. In: Nordic Conference on Secure IT Systems. Springer (2017)

  42. Alguliyev, R.; Imamverdiyev, Y.; Sukhostat, L.: Cyber-physical systems and their security issues. Comput. Ind. 100, 212–223 (2018)

    Article  Google Scholar 

  43. Franke, U.; Brynielsson, J.: Cyber situational awareness—a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)

    Article  Google Scholar 

  44. Budgen, D.; Brereton, P.: Performing systematic literature reviews in software engineering. In: Proceedings of the 28th International Conference on Software Engineering. ACM (2006)

  45. Kitchenham, B.A.; Budgen, D.; Brereton, O.P.: The value of mapping studies-A participant-observer case study. In: EASE (2010)

  46. Petersen, K.; Vakkalanka, S.; Kuzniarz, L.: Guidelines for conducting systematic mapping studies in software engineering: an update. Inf. Softw. Technol. 64, 1–18 (2015)

    Article  Google Scholar 

  47. Niazi, M.: Do systematic literature reviews outperform informal literature reviews in the software engineering domain? An initial case study. Arab. J. Sci. Eng. 40(3), 845–855 (2015)

    Article  Google Scholar 

  48. Chong, R.: Quick reference guide to endnote (2018)

  49. Beecham, S.; et al.: Using an expert panel to validate a requirements process improvement model. J. Syst. Softw. 76(3), 251–275 (2005)

    Article  Google Scholar 

  50. Mohammed, N.M.; et al.: Exploring software security approaches in software development lifecycle: a systematic mapping study. Comput. Stand. Interfaces 50, 107–115 (2017)

    Article  Google Scholar 

  51. Mufti, Y.; et al.: A readiness model for security requirements engineering. IEEE Access 6, 28611–28631 (2018)

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to acknowledge the support provided by the Deanship of Scientific Research via the project number IN161024 at King Fahd University of Petroleum and Minerals, Saudi Arabia. In addition, we are grateful to the participants who evaluated the proposed model and recommended improvements.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to NZ Jhanjhi.

Appendices

Appendix A: Data Extraction Form

Section 1: Paper information
Paper title:
Authors: Year of publication:
Reference type: Journal/Conference Publisher:
Country:  
Section 2: Quality assessment
The findings and results of study are clearly stated? Yes
No
The findings of the study are evaluated empirically? Yes
No
The study has been published in a relevant journal or conference? Very relevant
Relevant
Not relevant
The study has been cited by other authors? Yes
Partially
No
Section 3: Data extraction
Questions Possible answers
Which application is targeted for cybercrime in the given study? Application name
Which method is used to protect the application for cyber attack? Method name
Which cyber connection is used for committing cybercrime? Connection name
Who are the victims of cybercrimes in the given study? Individual
Organization
Which cyber security vulnerability is discussed in the study? Malware
Phishing
SQL injection attack
Cross-site scripting (XSS)
Denial-of-service (DoS)
Session hijacking and man-in-the-middle attacks
Credential reuse
Others
What is the severity of discussed cyber security vulnerability? Critical
High
Medium
Low
Which technique is used in the study for detecting cyber threats? Technique name
What kind of data is used for validation? Data characteristics Academia
Industrial
Government
Mixed
Which empirical validation methods are used in the proposed approach? Case study
Experiment
Simulation
Others

Appendix B: Finally Selected Papers

  1. 1.

    Khandpur, Rupinder Paul, et al. “Crowdsourcing cybersecurity: Cyber attack detection using social media.” Proceedings of the 2017 ACM on Conference on Information and Knowledge Management. ACM, 2017.

  2. 2.

    Li, Zhen, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu. “VulPecker: an automated vulnerability detection system based on code similarity analysis.” In Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 201–213. ACM, 2016.

  3. 3.

    Cheng, Maggie, Mariesa Crow, and Robert F. Erbacher. “Vulnerability analysis of a smart grid with monitoring and control system.” Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. ACM, 2013.

  4. 4.

    Zanero, Stefano. “Ulisse, a network intrusion detection system.” In Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead, p. 20. ACM, 2008.

  5. 5.

    Werner, Gordon, Shanchieh Yang, and Katie McConky. “Time series forecasting of cyber attack intensity.” In Proceedings of the 12th Annual Conference on cyber and information security research, p. 18. ACM, 2017.

  6. 6.

    Masi, Denise, Martin J. Fischer, John F. Shortle, and Chun-Hung Chen. “Simulating network cyber attacks using splitting techniques. ACM” In Proceedings of the Winter Simulation Conference, pp. 3217–3228. Winter Simulation Conference, 2011.

  7. 7.

    Okutan, Ahmet, Shanchieh Jay Yang, and Katie McConky. “Predicting cyber attacks with bayesian networks using unconventional signals.” In Proceedings of the 12th Annual Conference on Cyber and Information Security Research, p. 13. ACM, 2017.

  8. 8.

    Farraj, Abdallah, Eman Hammad, and Deepa Kundur. “Impact of Cyber Attacks on Data Integrity in Transient Stability Control.” In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, pp. 29–34. ACM, 2017.

  9. 9.

    Kuhl, Michael E., Jason Kistner, Kevin Costantini, and Moises Sudit. “Cyber attack modeling and simulation for network security analysis.” In Proceedings of the 39th Conference on Winter Simulation: 40 years! The best is yet to come, pp. 1180–1188. ACM Press, 2007.

  10. 10.

    Gudo, Munyaradzi, and Keshnee Padayachee. “SpotMal: A hybrid malware detection framework with privacy protection for BYOD.” In Proceedings of the 2015 Annual Research Conference on South African Institute of Computer Scientists and Information Technologists, p. 18. ACM, 2015.

  11. 11.

    Kim, Ikkyun, Daewon Kim, Byunggoo Kim, Yangseo Choi, Seongyong Yoon, Jintae Oh, and Jongsoo Jang. “A case study of unknown attack detection against Zero-day worm in the honeynet environment.” In 2009 11th International Conference on Advanced Communication Technology, vol. 3, pp. 1715–1720. IEEE, 2009.

  12. 12.

    Ahmadloo, Fatemeh, and Farzad Rajaei Salmasi. “A cyber-attack on communication link in distributed systems and detection scheme based on H-infinity filtering.” In 2017 IEEE International Conference on Industrial Technology (ICIT), pp. 698–703. IEEE, 2017.

  13. 13.

    Aishwarya, R., and S. Malliga. “Intrusion detection system-An efficient way to thwart against Dos/DDos attack in the cloud environment.” In 2014 International Conference on Recent Trends in Information Technology, pp. 1–6. IEEE, 2014.

  14. 14.

    Al-Dabbagh, Ahmad W., Yuzhe Li, and Tongwen Chen. “An intrusion detection system for cyber attacks in wireless networked control systems.” IEEE Transactions on Circuits and Systems II: Express Briefs 65, no. 8 (2017): 1049–1053.

  15. 15.

    Alom, Md Zahangir, and Tarek M. Taha. “Network intrusion detection for cyber security on neuromorphic computing system.” In 2017 International Joint Conference on Neural Networks (IJCNN), pp. 3830–3837. IEEE, 2017.

  16. 16.

    Aparicio-Navarro, Francisco J., Konstantinos G. Kyriakopoulos, Yu Gong, David J. Parish, and Jonathon A. Chambers. “Using pattern-of-life as contextual information for anomaly-based intrusion detection systems.” IEEE Access 5 (2017): 22177–22193.

  17. 17.

    Bhadre, Parvati, and Deepali Gothawal. “Detection and blocking of spammers using SPOT detection algorithm.” In 2014 First International Conference on Networks & Soft Computing (ICNSC2014), pp. 97–101. IEEE, 2014.

  18. 18.

    Bottazzi, Giovanni, Emiliano Casalicchio, Davide Cingolani, Fabio Marturana, and Marco Piu. “MP-Shield: a framework for phishing detection in mobile devices.” In 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 1977–1983. IEEE, 2015.

  19. 19.

    Chen, Chia-Mei, Han-Wei Hsiao, Peng-Yu Yang, and Ya-Hui Ou. “Defending malicious attacks in cyber physical systems.” In 2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA), pp. 13–18. IEEE, 2013.

  20. 20.

    Chen, Chia-Mei, Ya-Hui Ou, and Yu-Chou Tsai. “Web botnet detection based on flow information.” In 2010 International Computer Symposium (ICS2010), pp. 381–384. IEEE, 2010.

  21. 21.

    Chonka, Ashley, and Jemal Abawajy. “Detecting and mitigating HX-DoS attacks against cloud web services.” In 2012 15th International Conference on Network-Based Information Systems, pp. 429–434. IEEE, 2012.

  22. 22.

    Devi, BS Kiruthika, G. Preetha, G. Selvaram, and S. Mercy Shalinie. “An impact analysis: Real time DDoS attack detection and mitigation using machine learning.” In 2014 International Conference on Recent Trends in Information Technology, pp. 1–7. IEEE, 2014.

  23. 23.

    Eslahi, Meisam, Habibah Hashim, and Nooritawati Md Tahir. “An efficient false alarm reduction approach in HTTP-based botnet detection.” In 2013 IEEE Symposium on Computers & Informatics (ISCI), pp. 201–205. IEEE, 2013.

  24. 24.

    Gantsou, Dhavy. “On the use of security analytics for attack detection in vehicular ad hoc networks.” In 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), pp. 1–6. IEEE, 2015.

  25. 25.

    Hesar, Amin Danandeh, and Mahmoud Ahmadian Attari. “Simulating and analysis of cyber attacks on a BLPC network.” In 2014 Smart Grid Conference (SGC), pp. 1–6. IEEE, 2014.

  26. 26.

    Hong, Junho, Chen-Ching Liu, and Manimaran Govindarasu. “Integrated anomaly detection for cyber security of the substations.” IEEE Transactions on Smart Grid 5, no. 4 (2014): 1643–1653.

  27. 27.

    Hu, Xin, Jiyong Jang, Marc Ph Stoecklin, Ting Wang, Douglas L. Schales, Dhilung Kirat, and Josyula R. Rao. “BAYWATCH: robust beaconing detection to identify infected hosts in large-scale enterprise networks.” In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 479–490. IEEE, 2016.

  28. 28.

    Ichise, Hikaru, Yong Jin, and Katsuyoshi Iida. “Analysis of via-resolver DNS TXT queries and detection possibility of botnet communications.” In 2015 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), pp. 216–221. IEEE, 2015.

  29. 29.

    Indre, Ionut, and Camelia Lemnaru. “Detection and prevention system against cyber attacks and botnet malware for information systems and Internet of Things.” In 2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP), pp. 175–182. IEEE, 2016.

  30. 30.

    Jakaria, A. H. M., Wei Yang, Bahman Rashidi, Carol Fung, and M. Ashiqur Rahman. “Vfence: A defense against distributed denial of service attacks using network function virtualization.” In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 431–436. IEEE, 2016.

  31. 31.

    Jin, Guang, Fei Zhang, Yuan Li, Honghao Zhang, and Jiangbo Qian. “A Hash-based Path Identification Scheme for DDoS Attacks Defense.” In 2009 Ninth IEEE International Conference on Computer and Information Technology, vol. 2, pp. 219–224. IEEE, 2009.

  32. 32.

    Jing, Tao, Jun Li, and Rong Xing. “Research on malicious links detection system based on script text analysis.” In 2012 14th International Conference on Advanced Communication Technology (ICACT), pp. 439–442. IEEE, 2012.

  33. 33.

    Khan, Mohiuddin Ali, Sateesh Kumar Pradhan, and Huda Fatima. “Applying data mining techniques in cyber crimes.” In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), pp. 213–216. IEEE, 2017.

  34. 34.

    Khan, Muhammad Salman, Ken Ferens, and Witold Kinsner. “A chaotic measure for cognitive machine classification of distributed denial of service attacks.” In 2014 IEEE 13th International Conference on Cognitive Informatics and Cognitive Computing, pp. 100–108. IEEE, 2014.

  35. 35.

    Kong, Xinling, Yonghong Chen, Hui Tian, Tian Wang, Yiqiao Cai, and Xin Chen. “A novel botnet detection method based on preprocessing data packet by graph structure clustering.” In 2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 42–45. IEEE, 2016.

  36. 36.

    Misra, Sudip, P. Venkata Krishna, Harshit Agarwal, Antriksh Saxena, and Mohammad S. Obaidat. “A learning automata based solution for preventing distributed denial of service in internet of things.” In 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, pp. 114–122. IEEE, 2011.

  37. 37.

    Sanchez, Fernando, and Zhenhai Duan. “A sender-centric approach to detecting phishing emails.” In 2012 International Conference on Cyber Security, pp. 32–39. IEEE, 2012.

  38. 38.

    Shitharth, S., and D. Prince Winston. “A novel IDS technique to detect DDoS and sniffers in smart grid.” In 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), pp. 1–6. IEEE, 2016.

  39. 39.

    Sun, Jia-Hao, Tzung-Han Jeng, Chien-Chih Chen, Hsiu-Chuan Huang, and Kuo-Sen Chou. “MD-Miner: Behavior-Based Tracking of Network Traffic for Malware-Control Domain Detection.” In 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), pp. 96–105. IEEE, 2017.

  40. 40.

    Velauthapillai, Thaneswaran, Aaron Harwood, and Shanika Karunasekera. “Global detection of flooding-based DDoS attacks using a cooperative overlay network.” In 2010 Fourth International Conference on Network and System Security, pp. 357–364. IEEE, 2010.

  41. 41.

    Sun, Cong, Jiao Liu, Xinpeng Xu, and Jianfeng Ma. “A privacy-preserving mutual authentication resisting DoS attacks in VANETs.” IEEE Access 5 (2017): 24012–24022.

  42. 42.

    Fan, Lejun, Yuanzhuo Wang, Xueqi Cheng, and Shuyuan Jin. “Privacy Theft Malware Detection with Privacy Petri Net.” In 2012 13th International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 195–200. IEEE, 2012.

  43. 43.

    Cui, Helei, Yajin Zhou, Cong Wang, Qi Li, and Kui Ren. “Towards Privacy-Preserving Malware Detection Systems for Android.” In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pp. 545–552. IEEE, 2018.

  44. 44.

    Xu, Lei, Chunxiao Jiang, Nengqiang He, Zhu Han, and Abderrahim Benslimane. “Trust-based collaborative privacy management in online social networks.” IEEE Transactions on Information Forensics and Security 14, no. 1 (2018): 48–60.

  45. 45.

    Shitharth, S., and D. Prince Winston. “A comparative analysis between two countermeasure techniques to detect DDoS with sniffers in a SCADA network.” Procedia Technology 21 (2015): 179–186. ScienceDirect.

  46. 46.

    Spyridopoulos, Theodoros, G. Karanikas, Theodore Tryfonas, and Georgios Oikonomou. “A game theoretic defence framework against DoS/DDoS cyber attacks.” Computers & Security 38 (2013): 39–50. ScienceDirect.

  47. 47.

    Shon, Taeshik, and Jongsub Moon. “A hybrid machine learning approach to network anomaly detection.” Information Sciences 177, no. 18 (2007): 3799–3821. ScienceDirect.

  48. 48.

    Wang, Fei, Hailong Wang, Xiaofeng Wang, and Jinshu Su. “A new multistage approach to detect subtle DDoS attacks.” Mathematical and Computer Modelling 55, no. 1–2 (2012): 198–213. ScienceDirect.

  49. 49.

    Varshney, Gaurav, Manoj Misra, and Pradeep K. Atrey. “A phish detector using lightweight search features.” Computers & Security 62 (2016): 213–228. ScienceDirect.

  50. 50.

    Liu, Ting, Yanan Sun, Yang Liu, Yuhong Gui, Yucheng Zhao, Dai Wang, and Chao Shen. “Abnormal traffic-indexed state estimation: A cyber–physical fusion approach for smart grid attack detection.” Future Generation Computer Systems 49 (2015): 94–103. ScienceDirect.

  51. 51.

    Qiu, Yue, Maode Ma, and Shuo Chen. “An anonymous authentication scheme for multi-domain machine-to-machine communication in cyber-physical systems.” Computer Networks 129 (2017): 306–318. ScienceDirect.

  52. 52.

    Kumara, Ajay, and C. D. Jaidhar. “Automated multi-level malware detection system based on reconstructed semantic view of executables using machine learning techniques at VMM.” Future Generation Computer Systems 79 (2018): 431–446. ScienceDirect.

  53. 53.

    Zhao, David, Issa Traore, Bassam Sayed, Wei Lu, Sherif Saad, Ali Ghorbani, and Dan Garant. “Botnet detection based on traffic behavior analysis and flow intervals.” Computers & Security 39 (2013): 2–16. ScienceDirect.

  54. 54.

    Noor, Muzzamil, Haider Abbas, and Waleed Bin Shahid. “Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis.” Journal of Network and Computer Applications 103 (2018): 249–261. ScienceDirect.

  55. 55.

    Huda, Shamsul, Suruz Miah, Mohammad Mehedi Hassan, Rafiqul Islam, John Yearwood, Majed Alrubaian, and Ahmad Almogren. “Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data.” Information Sciences 379 (2017): 211–228. ScienceDirect.

  56. 56.

    Alajeely, Majeed, Robin Doss, and Vicky Mak-Hau. “Defense against packet collusion attacks in opportunistic networks.” Computers & Security 65 (2017): 269–282. ScienceDirect.

  57. 57.

    Maciá-Fernández, Gabriel, Rafael A. Rodríguez-Gómez, and Jesús E. Díaz-Verdejo. “Defense techniques for low-rate DoS attacks against application servers.” Computer Networks 54, no. 15 (2010): 2711–2727. ScienceDirect.

  58. 58.

    Kiss, Istvan, Piroska Haller, and Adela Bereş. “Denial of Service attack Detection in case of Tennessee Eastman challenge process.” Procedia Technology 19 (2015): 835–841. ScienceDirect.

  59. 59.

    Abbaspour, Alireza, Kang K. Yen, Shirin Noei, and Arman Sargolzaei. “Detection of fault data injection attack on uav using adaptive neural network.” Procedia computer science 95 (2016): 193–200. ScienceDirect.

  60. 60.

    Stevanovic, Dusan, Natalija Vlajic, and Aijun An. “Detection of malicious and non-malicious website visitors using unsupervised neural network learning.” Applied Soft Computing 13, no. 1 (2013): 698–708. ScienceDirect.

  61. 61.

    Li, Beibei, Rongxing Lu, Wei Wang, and Kim-Kwang Raymond Choo. “Distributed host-based collaborative detection for false data injection attacks in smart grid cyber-physical system.” Journal of Parallel and Distributed Computing 103 (2017): 32–41. ScienceDirect.

  62. 62.

    Yu, Wei, Sriram Chellappan, Xun Wang, and Dong Xuan. “Peer-to-peer system-based active worm attacks: Modeling, analysis and defense.” Computer Communications 31, no. 17 (2008): 4005–4017. ScienceDirect.

  63. 63.

    Abdelhamid, Neda, Aladdin Ayesh, and Fadi Thabtah. “Phishing detection based associative classification data mining.” Expert Systems with Applications 41, no. 13 (2014): 5948–5959. ScienceDirect.

  64. 64.

    Alazab, Mamoun. “Profiling and classifying the behavior of malicious codes.” Journal of Systems and Software 100 (2015): 91–102. ScienceDirect.

  65. 65.

    Song, Jungsuk, Hiroki Takakura, Yasuo Okabe, and Koji Nakao. “Toward a more practical unsupervised anomaly detection system.” Information Sciences 231 (2013): 4–14. ScienceDirect.

  66. 66.

    Saini, Anil, Manoj Singh Gaur, Vijay Laxmi, and Mauro Conti. “Colluding browser extension attack on user privacy and its implication for web browsers.” Computers & Security 63 (2016): 14–28. ScienceDirect.

  67. 67.

    Choi, Sang‐soo, Jungsuk Song, Seokhun Kim, and Sookyun Kim. “A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic.” Security and Communication Networks 7, no. 10 (2014): 1612–1621. Wiley.

  68. 68.

    Rubio‐Hernan, Jose, Luca De Cicco, and Joaquin Garcia‐Alfaro. “Adaptive control‐theoretic detection of integrity attacks against cyber‐physical industrial systems.” Transactions on Emerging Telecommunications Technologies 29, no. 7 (2018): e3209. Wiley.

  69. 69.

    Zhang, Jian, Phillip Porras, and Johannes Ullrich. “Gaussian process learning for cyber‐attack early warning.” Statistical Analysis and Data Mining: The ASA Data Science Journal 3, no. 1 (2010): 56–68. Wiley.

  70. 70.

    Fan, Lejun, Yuanzhuo Wang, Xueqi Cheng, Jinming Li, and Shuyuan Jin. “Privacy theft malware multi‐process collaboration analysis.” Security and Communication Networks 8, no. 1 (2015): 51–67. Wiley.

  71. 71.

    Wu, Yu-Sung, Vinita Apte, Saurabh Bagchi, Sachin Garg, and Navjot Singh. “Intrusion detection in voice over IP environments.” International Journal of Information Security 8, no. 3 (2009): 153–172. Springer.

  72. 72.

    Deepa, G., P. Santhi Thilagam, Furqan Ahmed Khan, Amit Praseed, Alwyn R. Pais, and Nushafreen Palsetia. “Black-box detection of XQuery injection and parameter tampering vulnerabilities in web applications.” International Journal of Information Security 17, no. 1 (2018): 105–120. Springer.

  73. 73.

    Gowtham, R., and Ilango Krishnamurthi. “PhishTackle—a web services architecture for antiphishing.” Cluster computing 17, no. 3 (2014): 1051–1068. Springer.

  74. 74.

    Saha, Sujoy, Subrata Nandi, Rohit Verma, Satadal Sengupta, Kartikeya Singh, Vivek Sinha, and Sajal K. Das. “Design of efficient lightweight strategies to combat DoS attack in delay tolerant network routing.” Wireless Networks 24, no. 1 (2018): 173–194. Springer.

  75. 75.

    Gupta, Shashank, and B. B. Gupta. “XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code.” Arabian Journal for Science and Engineering 41, no. 3 (2016): 897–920. Springer.

  76. 76.

    Jain, Ankit Kumar, and Brij B. Gupta. “A novel approach to protect against phishing attacks at client side using auto-updated white-list.” EURASIP Journal on Information Security 2016, no. 1 (2016): 9. Springer.

  77. 77.

    Ahmad, Farhan Habib, Komal Batool, and Azhar Javed. “Detection of Privacy Threat by Peculiar Feature Extraction in Malwares to Combat Targeted Cyber Attacks.” In Advanced Computer and Communication Engineering Technology, pp. 1237–1247. Springer, Cham, 2016.

  78. 78.

    Saini, Anil, Manoj Singh Gaur, Vijay Laxmi, Tushar Singhal, and Mauro Conti. “Privacy leakage attacks in browsers by colluding extensions.” In International Conference on Information Systems Security, pp. 257–276. Springer, Cham, 2014.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Humayun, M., Niazi, M., Jhanjhi, N. et al. Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study. Arab J Sci Eng 45, 3171–3189 (2020). https://doi.org/10.1007/s13369-019-04319-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-019-04319-2

Keywords

  • Cyber security
  • Threats
  • Vulnerabilities
  • Attack