Next Issue
Volume 4, December
Previous Issue
Volume 4, June
 
 

J. Cybersecur. Priv., Volume 4, Issue 3 (September 2024) – 16 articles

  • Issues are regarded as officially published after their release is announced to the table of contents alert mailing list.
  • You may sign up for e-mail alerts to receive table of contents of newly released issues.
  • PDF is the official format for papers published in both, html and pdf forms. To view the papers in pdf format, click on the "PDF Full-text" link, and use the free Adobe Reader to open them.
Order results
Result details
Section
Select all
Export citation of selected articles as:
15 pages, 3412 KiB  
Article
Cybersecurity Access Control: Framework Analysis in a Healthcare Institution
by Erik William Tomlinson, Wolday D. Abrha, Seong Dae Kim and Salvador A. Ortega
J. Cybersecur. Priv. 2024, 4(3), 762-776; https://doi.org/10.3390/jcp4030035 - 20 Sep 2024
Viewed by 1221
Abstract
Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing [...] Read more.
Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing a Zero Trust Architecture (ZTA) framework within a large healthcare enterprise with a workforce within the range of 45 k to 50 k personnel. It utilizes a baseline concept centered on the widely used Perimeter-Based Security Model (PBSM) in production environments. The focus is on assessing the feasibility of transitioning from a PBSM to a ZTA framework and specifically aims to assess the effects of such a transition on security, control, cost-effectiveness, supportability, risk, operational aspects, and the extent to which ZTA is applicable across different applications. Company X was used as a case study and provided data for analysis in support engagements and host traffic telemetry values. Findings indicated that a PBSM remains effective in providing defense measures for an organization mainly when a significant financial incentive is involved. On the other hand, ZTA offers a more secure environment with a notable reduction in risk, albeit at an additional cost and with added support variables. Full article
Show Figures

Figure 1

31 pages, 1674 KiB  
Article
Protection of Personal Data in the Context of E-Commerce
by Zlatan Morić, Vedran Dakic, Daniela Djekic and Damir Regvart
J. Cybersecur. Priv. 2024, 4(3), 731-761; https://doi.org/10.3390/jcp4030034 - 20 Sep 2024
Viewed by 3002
Abstract
This paper examines the impact of stringent regulations on personal data protection on customer perception of data security and online shopping behavior. In the context of the rapidly expanding e-commerce landscape, ensuring the security of personal data is a complex and crucial task. [...] Read more.
This paper examines the impact of stringent regulations on personal data protection on customer perception of data security and online shopping behavior. In the context of the rapidly expanding e-commerce landscape, ensuring the security of personal data is a complex and crucial task. The study of several legal frameworks, including Malaysia’s compliance with EU regulations and Indonesia’s Personal Data Protection Law, provides valuable insights into consumer data protection. The challenges of balancing data safeguarding and unrestricted movement and tackling misuse by external entities are significant and require careful consideration. This research elucidates the pivotal role of trust in e-commerce environments and the deployment of innovative e-commerce models designed to minimize personal data sharing. By integrating advanced privacy-enhancing technologies and adhering to stringent regulatory standards such as the GDPR, this study demonstrates effective strategies for robust data protection. The paper contributes to the academic discourse by providing a comprehensive framework that synergizes legal, technological, and procedural elements to fortify data security and enhance consumer trust in digital marketplaces. This approach aligns with international data protection standards and offers a pragmatic blueprint for achieving sustainable data security in e-commerce. Full article
(This article belongs to the Special Issue Data Protection and Privacy)
Show Figures

Figure 1

53 pages, 8811 KiB  
Article
An Evaluation of the Security of Bare Machine Computing (BMC) Systems against Cybersecurity Attacks
by Fahad Alotaibi, Ramesh K. Karne, Alexander L. Wijesinha, Nirmala Soundararajan and Abhishek Rangi
J. Cybersecur. Priv. 2024, 4(3), 678-730; https://doi.org/10.3390/jcp4030033 - 18 Sep 2024
Viewed by 802
Abstract
The Internet has become the primary vehicle for doing almost everything online, and smartphones are needed for almost everyone to live their daily lives. As a result, cybersecurity is a top priority in today’s world. As Internet usage has grown exponentially with billions [...] Read more.
The Internet has become the primary vehicle for doing almost everything online, and smartphones are needed for almost everyone to live their daily lives. As a result, cybersecurity is a top priority in today’s world. As Internet usage has grown exponentially with billions of users and the proliferation of Internet of Things (IoT) devices, cybersecurity has become a cat-and-mouse game between attackers and defenders. Cyberattacks on systems are commonplace, and defense mechanisms are continually updated to prevent them. Based on a literature review of cybersecurity vulnerabilities, attacks, and preventive measures, we find that cybersecurity problems are rooted in computer system architectures, operating systems, network protocols, design options, heterogeneity, complexity, evolution, open systems, open-source software vulnerabilities, user convenience, ease of Internet access, global users, advertisements, business needs, and the global market. We investigate common cybersecurity vulnerabilities and find that the bare machine computing (BMC) paradigm is a possible solution to address and eliminate their root causes at many levels. We study 22 common cyberattacks, identify their root causes, and investigate preventive mechanisms currently used to address them. We compare conventional and bare machine characteristics and evaluate the BMC paradigm and its applications with respect to these attacks. Our study finds that BMC applications are resilient to most cyberattacks, except for a few physical attacks. We also find that BMC applications have inherent security at all computer and information system levels. Further research is needed to validate the security strengths of BMC systems and applications. Full article
Show Figures

Figure 1

15 pages, 4278 KiB  
Article
Advancements in Synthetic Generation of Contactless Palmprint Biometrics Using StyleGAN Models
by A M Mahmud Chowdhury, Md Jahangir Alam Khondkar and Masudul Haider Imtiaz
J. Cybersecur. Priv. 2024, 4(3), 663-677; https://doi.org/10.3390/jcp4030032 - 11 Sep 2024
Viewed by 815
Abstract
Deep learning models have demonstrated significant advantages over traditional algorithms in image processing tasks like object detection. However, a large amount of data are needed to train such deep networks, which limits their application to tasks such as biometric recognition that require more [...] Read more.
Deep learning models have demonstrated significant advantages over traditional algorithms in image processing tasks like object detection. However, a large amount of data are needed to train such deep networks, which limits their application to tasks such as biometric recognition that require more training samples for each class (i.e., each individual). Researchers developing such complex systems rely on real biometric data, which raises privacy concerns and is restricted by the availability of extensive, varied datasets. This paper proposes a generative adversarial network (GAN)-based solution to produce training data (palm images) for improved biometric (palmprint-based) recognition systems. We investigate the performance of the most recent StyleGAN models in generating a thorough contactless palm image dataset for application in biometric research. Training on publicly available H-PolyU and IIDT palmprint databases, a total of 4839 images were generated using StyleGAN models. SIFT (Scale-Invariant Feature Transform) was used to find uniqueness and features at different sizes and angles, which showed a similarity score of 16.12% with the most recent StyleGAN3-based model. For the regions of interest (ROIs) in both the palm and finger, the average similarity scores were 17.85%. We present the Frechet Inception Distance (FID) of the proposed model, which achieved a 16.1 score, demonstrating significant performance. These results demonstrated StyleGAN as effective in producing unique synthetic biometric images. Full article
Show Figures

Figure 1

13 pages, 428 KiB  
Article
Comparative Vulnerability Analysis of Thai and Non-Thai Mobile Banking Applications
by Chatphat Titiakarawongse, Sasiyaporn Taksin, Jidapa Ruangsawat, Kunthida Deeduangpan and Sirapat Boonkrong
J. Cybersecur. Priv. 2024, 4(3), 650-662; https://doi.org/10.3390/jcp4030031 - 9 Sep 2024
Viewed by 713
Abstract
The rapid adoption of mobile banking applications has raised significant concerns about their security vulnerabilities. This study presents a comparative vulnerability analysis of mobile banking applications from Thai and non-Thai banks, utilising the OWASP Mobile Top 10 framework. Nine mobile banking applications (five [...] Read more.
The rapid adoption of mobile banking applications has raised significant concerns about their security vulnerabilities. This study presents a comparative vulnerability analysis of mobile banking applications from Thai and non-Thai banks, utilising the OWASP Mobile Top 10 framework. Nine mobile banking applications (five Thai and four non-Thai) were assessed using three vulnerability detection tools: AndroBugs, MobSF, and QARK. The results showed that both Thai and non-Thai mobile banking applications had vulnerabilities across multiple OWASP Mobile Top 10 categories, with reverse engineering, code tampering, and insufficient cryptography being the most common. Statistical analysis revealed that Thai banking applications exhibited significantly more vulnerabilities compared to non-Thai banking applications. In the context of vulnerability detection tools, AndroBugs and QARK proved more effective in detecting vulnerabilities compared to MobSF. Additionally, the study highlights critical security challenges in mobile banking applications, particularly for Thai banks, and emphasises the need for enhanced security measures. The findings also show the importance of using multiple assessment tools for comprehensive security evaluation and suggest potential areas for improvement in mobile banking applications. Full article
(This article belongs to the Section Privacy)
Show Figures

Figure 1

21 pages, 2734 KiB  
Article
IoT IP Overlay Network Security Performance Analysis with Open Source Infrastructure Deployment
by Antonio Francesco Gentile, Davide Macrì, Emilio Greco and Peppino Fazio
J. Cybersecur. Priv. 2024, 4(3), 629-649; https://doi.org/10.3390/jcp4030030 - 26 Aug 2024
Viewed by 1256
Abstract
Some of the most deployed infrastructures nowadays are Overlay Networks (ONs). They consist of hardware and software components designed to establish private and secure communication channels, typically over the Internet. ONs are among the most reliable technologies for achieving this objective and represent [...] Read more.
Some of the most deployed infrastructures nowadays are Overlay Networks (ONs). They consist of hardware and software components designed to establish private and secure communication channels, typically over the Internet. ONs are among the most reliable technologies for achieving this objective and represent the next-generation solution for secure communication. In this paper, we analyze important network performance metrics (RTT, bandwidth) while varying the type of Overlay Network used for interconnecting traffic between two or more hosts (within the same data center, in different data centers in the same building, or over the Internet). These networks establish connections between KVM (Kernel-based Virtual Machine) instances rather than the typical Docker/LXC/Podman containers. The first analysis will assess network performance as it is, without any overlay channels. The second will establish various types of channels without encryption, and the final one will encapsulate overlay traffic via IPsec (Transport mode), where encrypted channels like VTI are not already available for use. The obtained performance is demonstrated through a comprehensive set of traffic-simulation campaigns. Full article
Show Figures

Figure 1

14 pages, 1169 KiB  
Article
GoibhniUWE: A Lightweight and Modular Container-Based Cyber Range
by Alan Mills, Jonathan White and Phil Legg
J. Cybersecur. Priv. 2024, 4(3), 615-628; https://doi.org/10.3390/jcp4030029 - 24 Aug 2024
Viewed by 828
Abstract
Cyberattacks are rapidly evolving both in terms of techniques and frequency, from low-level attacks through to sophisticated Advanced Persistent Threats (APTs). There is a need to consider how testbed environments such as cyber ranges can be readily deployed to improve the examination of [...] Read more.
Cyberattacks are rapidly evolving both in terms of techniques and frequency, from low-level attacks through to sophisticated Advanced Persistent Threats (APTs). There is a need to consider how testbed environments such as cyber ranges can be readily deployed to improve the examination of attack characteristics, as well as the assessment of defences. Whilst cyber ranges are not new, they can often be computationally expensive, require an extensive setup and configuration, or may not provide full support for areas such as logging or ongoing learning. In this paper, we propose GoibhniUWE, a container-based cyber range that provides a flexible platform for investigating the full lifecycle of a cyberattack. Adopting a modular approach, users can seamlessly switch out existing, containerised vulnerable services and deploying multiple different services at once, allowing for the creation of complex and realistic deployments. The range is fully instrumented with logging capabilities from a variety of sources including Intrusion Detection Systems (IDSs), service logging, and network traffic captures. To demonstrate the effectiveness of our approach, we deploy the GoibhniUWE range under multiple conditions to simulate various vulnerable environments, reporting on and comparing key metrics such as CPU and memory usage. We simulate complex attacks which span multiple services and networks, with logging at multiple levels, modelling an Advanced Persistent Threat (APT) and their associated Tactics, Techniques, and Procedures (TTPs). We find that even under continuous, active, and targeted deployment, GoibhniUWE averaged a CPU usage of less than 50%, in an environment using four single-core processors, and memory usage of less than 4.5 GB. Full article
(This article belongs to the Section Security Engineering & Applications)
Show Figures

Figure 1

21 pages, 329 KiB  
Article
Individual Differences in Psychological Stress Associated with Data Breach Experiences
by Christopher R. Sears and Daniel R. Cunningham
J. Cybersecur. Priv. 2024, 4(3), 594-614; https://doi.org/10.3390/jcp4030028 - 20 Aug 2024
Viewed by 1138
Abstract
Data breach incidents are now a regular occurrence, with millions of people affected worldwide. Few studies have examined the psychological aspects of data breach experiences, however, or the individual differences that influence how people react to these events. In this study, we examined [...] Read more.
Data breach incidents are now a regular occurrence, with millions of people affected worldwide. Few studies have examined the psychological aspects of data breach experiences, however, or the individual differences that influence how people react to these events. In this study, we examined the psychological stress associated with a personal experience with a data breach and several individual differences hypothesized to modulate such stress (age, gender, digital security awareness and expertise, trait anxiety, negative emotionality, and propensity to worry). A student sample (N = 166) and a community sample (N = 359) completed an online survey that asked participants to describe their most serious data breach and then complete the Impact of Events Scale—Revised (IES-R) to answer specific questions about the nature of the stress they experienced after the breach. Standard measures of trait anxiety, negative emotionality, and propensity to worry were also completed. A Data Breach Severity Index (DBSI) was created to quantify the invasiveness and consequences of each participant’s data breach. Hierarchical multiple regression analyses were used to identify demographic variables and psychological characteristics predictive of IES-R scores while controlling for DBSI scores. As expected, more invasive and consequential data breaches were associated with higher IES-R scores (greater data-breach-induced stress). Women had higher IES-R scores than men, and this difference persisted after controlling for gender differences in anxiety, negative emotionality, and propensity to worry. Greater daily social media use was associated with higher IES-R scores, whereas higher digital security expertise was associated with lower IES-R scores. The results illuminate several relationships between demographic and psychological characteristics and data-breach-induced stress that should be investigated further. Full article
22 pages, 3553 KiB  
Article
Use and Abuse of Personal Information, Part I: Design of a Scalable OSINT Collection Engine
by Elliott Rheault, Mary Nerayo, Jaden Leonard, Jack Kolenbrander, Christopher Henshaw, Madison Boswell and Alan J. Michaels
J. Cybersecur. Priv. 2024, 4(3), 572-593; https://doi.org/10.3390/jcp4030027 - 13 Aug 2024
Viewed by 992
Abstract
In most open-source intelligence (OSINT) research efforts, the collection of information is performed in an entirely passive manner as an observer to third-party communication streams. This paper describes ongoing work that seeks to insert itself into that communication loop, fusing openly available data [...] Read more.
In most open-source intelligence (OSINT) research efforts, the collection of information is performed in an entirely passive manner as an observer to third-party communication streams. This paper describes ongoing work that seeks to insert itself into that communication loop, fusing openly available data with requested content that is representative of what is sent to second parties. The mechanism for performing this is based on the sharing of falsified personal information through one-time online transactions that facilitate signup for newsletters, establish online accounts, or otherwise interact with resources on the Internet. The work has resulted in the real-time Use and Abuse of Personal Information OSINT collection engine that can ingest email, SMS text, and voicemail content at an enterprise scale. Foundations of this OSINT collection infrastructure are also laid to incorporate an artificial intelligence (AI)-driven interaction engine that shifts collection from a passive process to one that can effectively engage with different classes of content for improved real-world privacy experimentation and quantitative social science research. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

26 pages, 3408 KiB  
Article
Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy Experimentation
by Jack Kolenbrander, Ethan Husmann, Christopher Henshaw, Elliott Rheault, Madison Boswell and Alan J. Michaels
J. Cybersecur. Priv. 2024, 4(3), 546-571; https://doi.org/10.3390/jcp4030026 - 11 Aug 2024
Cited by 1 | Viewed by 1536
Abstract
When personal information is shared across the Internet, we have limited confidence that the designated second party will safeguard it as we would prefer. Privacy policies offer insight into the best practices and intent of the organization, yet most are written so loosely [...] Read more.
When personal information is shared across the Internet, we have limited confidence that the designated second party will safeguard it as we would prefer. Privacy policies offer insight into the best practices and intent of the organization, yet most are written so loosely that sharing with undefined third parties is to be anticipated. Tracking these sharing behaviors and identifying the source of unwanted content is exceedingly difficult when personal information is shared with multiple such second parties. This paper formulates a model for realistic fake identities, constructs a robust fake identity generator, and outlines management methods targeted towards online transactions (email, phone, text) that pass both cursory machine and human examination for use in personal privacy experimentation. This fake ID generator, combined with a custom account signup engine, are the core front-end components of our larger Use and Abuse of Personal Information system that performs one-time transactions that, similar to a cryptographic one-time pad, ensure that we can attribute the sharing back to the single one-time transaction and/or specific second party. The flexibility and richness of the fake IDs also serve as a foundational set of control variables for a wide range of social science research questions revolving around personal information. Collectively, these fake identity models address multiple inter-disciplinary areas of common interest and serve as a foundation for eliciting and quantifying personal information-sharing behaviors. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

28 pages, 482 KiB  
Systematic Review
Knowledge Graphs and Semantic Web Tools in Cyber Threat Intelligence: A Systematic Literature Review
by Charalampos Bratsas, Efstathios Konstantinos Anastasiadis, Alexandros K. Angelidis, Lazaros Ioannidis, Rigas Kotsakis and Stefanos Ougiaroglou
J. Cybersecur. Priv. 2024, 4(3), 518-545; https://doi.org/10.3390/jcp4030025 - 1 Aug 2024
Viewed by 2031
Abstract
The amount of data related to cyber threats and cyber attack incidents is rapidly increasing. The extracted information can provide security analysts with useful Cyber Threat Intelligence (CTI) to enhance their decision-making. However, because the data sources are heterogeneous, there is a lack [...] Read more.
The amount of data related to cyber threats and cyber attack incidents is rapidly increasing. The extracted information can provide security analysts with useful Cyber Threat Intelligence (CTI) to enhance their decision-making. However, because the data sources are heterogeneous, there is a lack of common representation of information, rendering the analysis of CTI complicated. With this work, we aim to review ongoing research on the use of semantic web tools such as ontologies and Knowledge Graphs (KGs) within the CTI domain. Ontologies and KGs can effectively represent information in a common and structured schema, enhancing interoperability among the Security Operation Centers (SOCs) and the stakeholders on the field of cybersecurity. When fused with Machine Learning (ML) and Deep Learning (DL) algorithms, the constructed ontologies and KGs can be augmented with new information and advanced inference capabilities, facilitating the discovery of previously unknown CTI. This systematic review highlights the advancements of this field over the past and ongoing decade and provides future research directions. Full article
Show Figures

Figure 1

24 pages, 884 KiB  
Article
Data Privacy and Ethical Considerations in Database Management
by Eduardo Pina, José Ramos, Henrique Jorge, Paulo Váz, José Silva, Cristina Wanzeller, Maryam Abbasi and Pedro Martins
J. Cybersecur. Priv. 2024, 4(3), 494-517; https://doi.org/10.3390/jcp4030024 - 29 Jul 2024
Viewed by 5057
Abstract
Data privacy and ethical considerations ensure the security of databases by respecting individual rights while upholding ethical considerations when collecting, managing, and using information. Nowadays, despite having regulations that help to protect citizens and organizations, we have been presented with thousands of instances [...] Read more.
Data privacy and ethical considerations ensure the security of databases by respecting individual rights while upholding ethical considerations when collecting, managing, and using information. Nowadays, despite having regulations that help to protect citizens and organizations, we have been presented with thousands of instances of data breaches, unauthorized access, and misuse of data related to such individuals and organizations. In this paper, we propose ethical considerations and best practices associated with critical data and the role of the database administrator who helps protect data. First, we suggest best practices for database administrators regarding data minimization, anonymization, pseudonymization and encryption, access controls, data retention guidelines, and stakeholder communication. Then, we present a case study that illustrates the application of these ethical implementations and best practices in a real-world scenario, showing the approach in action and the benefits of privacy. Finally, the study highlights the importance of a comprehensive approach to deal with data protection challenges and provides valuable insights for future research and developments in this field. Full article
(This article belongs to the Special Issue Building Community of Good Practice in Cybersecurity)
Show Figures

Figure 1

26 pages, 7738 KiB  
Article
Implementation of a Partial-Order Data Security Model for the Internet of Things (IoT) Using Software-Defined Networking (SDN)
by Abdelouadoud Stambouli and Luigi Logrippo
J. Cybersecur. Priv. 2024, 4(3), 468-493; https://doi.org/10.3390/jcp4030023 - 20 Jul 2024
Viewed by 956
Abstract
Data security on the Internet of Things (IoT) is usually implemented through encryption. This paper presents a solution based on routing, in which data are forwarded only to entities that are intended to receive them according to security requirements of secrecy (also called [...] Read more.
Data security on the Internet of Things (IoT) is usually implemented through encryption. This paper presents a solution based on routing, in which data are forwarded only to entities that are intended to receive them according to security requirements of secrecy (also called confidentiality), integrity, and conflicts. Our solution is generic in the sense that it can be used in any network, together with encryption as appropriate. We use the fact that, in any network, security requirements generate a partial order of equivalence classes of entities, and each entity can be labeled according to the position of its equivalence class in the partial order. Routing tables among entities can be compiled using the labels. The method is demonstrated in this paper for software-defined networking (SDN) routers and controllers. We propose a centralized IoT architecture with a cloud structure using SDN as networking infrastructure, where storage entities (i.e., cloud servers) are associated with application entities. A small ‘hospital’ example is shown for illustration. Procedures for network reconfigurations are presented. We also demonstrate the method for the normal case where different partial orders, representing distinct but concurrent security requirements, coexist among a set of entities. The method proposed does not impose an overhead on the normal functioning of SDN networks since it requires calculations only when the network must be reconfigured because of administrative intervention or policies. These occasional updates can be done efficiently and offline. Full article
Show Figures

Figure 1

19 pages, 1079 KiB  
Article
An Approach for Anomaly Detection in Network Communications Using k-Path Analysis
by Mamadou Kasse, Rodolphe Charrier, Alexandre Berred, Cyrille Bertelle and Christophe Delpierre
J. Cybersecur. Priv. 2024, 4(3), 449-467; https://doi.org/10.3390/jcp4030022 - 19 Jul 2024
Viewed by 903
Abstract
In this paper, we present an innovative approach inspired by the Path-scan model to detect paths with k adjacent edges (k-path) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities [...] Read more.
In this paper, we present an innovative approach inspired by the Path-scan model to detect paths with k adjacent edges (k-path) exhibiting unusual behavior (synonymous with anomaly) within network communications. This work is motivated by the challenge of identifying malicious activities carried out in vulnerable k-path in a small to medium-sized computer network. Each observed edge (time series of the number of events or the number of packets exchanged between two computers in the network) is modeled using the three-state observed Markov model, as opposed to the Path-scan model which uses a two-state model (active state and inactive state), to establish baselines of behavior in order to detect anomalies. This model captures the typical behavior of network communications, as well as patterns of suspicious activity, such as those associated with brute force attacks. We take a perspective by analyzing each vulnerable k-path, enabling the accurate detection of anomalies on the k-path. Using this approach, our method aims to enhance the detection of suspicious activities in computer networks, thus providing a more robust and accurate solution to ensure the security of computer systems. Full article
(This article belongs to the Special Issue Intrusion/Malware Detection and Prevention in Networks—2nd Edition)
Show Figures

Figure 1

39 pages, 654 KiB  
Review
Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools
by Paolo Modesti, Lewis Golightly, Louis Holmes, Chidimma Opara and Marco Moscini
J. Cybersecur. Priv. 2024, 4(3), 410-448; https://doi.org/10.3390/jcp4030021 - 16 Jul 2024
Viewed by 3003
Abstract
The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions [...] Read more.
The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field. Full article
(This article belongs to the Special Issue Cyber Security and Digital Forensics)
Show Figures

Figure 1

22 pages, 2224 KiB  
Systematic Review
Humans and Automation: Augmenting Security Operation Centers
by Jack Tilbury and Stephen Flowerday
J. Cybersecur. Priv. 2024, 4(3), 388-409; https://doi.org/10.3390/jcp4030020 - 1 Jul 2024
Cited by 1 | Viewed by 1809
Abstract
The continuous integration of automated tools into security operation centers (SOCs) increases the volume of alerts for security analysts. This amplifies the risk of automation bias and complacency to the point that security analysts have reported missing, ignoring, and not acting upon critical [...] Read more.
The continuous integration of automated tools into security operation centers (SOCs) increases the volume of alerts for security analysts. This amplifies the risk of automation bias and complacency to the point that security analysts have reported missing, ignoring, and not acting upon critical alerts. Enhancing the SOC environment has predominantly been researched from a technical standpoint, failing to consider the socio-technical elements adequately. However, our research fills this gap and provides practical insights for optimizing processes in SOCs. The synergy between security analysts and automation can potentially augment threat detection and response capabilities, ensuring a more robust defense if effective human-automation collaboration is established. A scoping review of 599 articles from four databases led to a final selection of 49 articles. Thematic analysis resulted in 609 coding references generated across four main themes: SOC automation challenges, automation application areas, implications on analysts, and human factor sentiment. Our findings emphasize the extent to which automation can be implemented across the incident response lifecycle. The SOC Automation Matrix represents our primary contribution to achieving a mutually beneficial relationship between analyst and machine. This matrix describes the properties of four distinct human-automation combinations. This is of practical value to SOCs striving to optimize their processes, as our matrix mentions socio-technical system characteristics for automated tools. Full article
(This article belongs to the Special Issue Data Protection and Privacy)
Show Figures

Figure 1

Previous Issue
Next Issue
Back to TopTop