Implementation of Cyber Security Attacks and Strategic Mitigation Mechanisms

Rushabh Bhagwandas Kela, Abhinav Chawla, Pratishtha Gaur, Manikandan K

Abstract


Cyber threats have increased drastically in the recent years and the most common targets are organisation applications or systems for data theft, disrupting the operations or any other malicious use. Incorporating website security prevents these sorts of attacks on the system. It is the act/practice of protecting websites from unauthorized access, use, modification, destruction, or disruption. A web application will be created and tested on various attacks such as Brute Force Dictionary attack, Denial-of-Service attacks, Cross Site Scripting (XSS) attack, NoSQL injections and WebSocket attacks. The vulnerabilities will be analyzed, and resolved to ensure that the confidentiality, integrity, and authenticity of the user data is not compromised. To improve the website security and privacy, measures will be taken to add security features and the code of the website will be modified.

Keywords


Cyber Attacks; Cyber Security; Operational Intelligence; Denial of Service; Cryptography; NoSQL Injection; Man-in-the-middle attack

Full Text:

PDF

References


Mavroeidis, V., & Bromander, S. (2017, September). Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In 2017 European Intelligence and Security Informatics Conference (EISIC) (pp. 91-98). IEEE.

Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020). Cyber security threats and vulnerabilities: a systematic mapping study. Arabian Journal for Science and Engineering, 45(4), 3171-3189.

Lee, C., Chae, Y. H., & Seong, P. H. (2021). Development of a method for estimating security state: Supporting integrated response to cyber-attacks in NPPs. Annals of Nuclear Energy, 158, 108287.

Sani, A. S., Yuan, D., Yeoh, P. L., Qiu, J., Bao, W., Vucetic, B., & Dong, Z. Y. (2019, August). CyRA: A real-time risk-based security assessment framework for cyber attacks prevention in industrial control systems. In 2019 IEEE Power & Energy Society General Meeting (PESGM) (pp. 1-5). IEEE.

Vorobiev, E. G., Petrenko, S. A., Kovaleva, I. V., & Abrosimov, I. K. (2017, May). Analysis of computer security incidents using fuzzy logic. In 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM) (pp. 369-371). IEEE.

Ali, Z. A., & Ameen, S. Y. (2018). Detection and prevention cyber-attacks for smart buildings via private cloud environment. International Journal of Computing and Network Technology, 6(01), 27-33.

Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information security risk assessments to combat ransomware. Computer and Information Science, 11(1).

Khan, S. K., Shiwakoti, N., Stasinopoulos, P., & Chen, Y. (2020). Cyber-attacks in the next-generation cars, mitigation techniques, anticipated readiness and future directions. Accident Analysis & Prevention, 148, 105837.

Bošnjak, L., Sreš, J., & Brumen, B. (2018, May). Brute-force and dictionary attack on hashed real-world passwords. In 2018 41st international convention on information and communication technology, electronics and microelectronics (mipro) (pp. 1161-1166). IEEE.

M Eassa, A. M., Elhoseny, M., El-Bakry, H. M., & Salama, A. S. (2018). NoSQL injection attack detection in web applications using RESTful service. Programming and Computer Software, 44(6), 435-444. 53

Imam, A. A., Basri, S., González-Aparicio, M. T., Balogun, A. O., & Kumar, G. (2022, January). NoInjection: Preventing Unsafe Queries on NoSQLDocument-model Databases. In 2022 2nd International Conference on Computing and Information Technology (ICCIT) (pp. 243-247). IEEE.

Shachi, M., Shourav, N. S., Ahmed, A. S. S., Brishty, A. A., & Sakib, N. A Survey on Detection and Prevention of SQL and NoSQL Injection Attack on Server-side Applications. International Journal of Computer Applications, 975, 8887.

Schillinger, F., & Schindelhauer, C. (2019, July). End-to-end encryption schemes for online social networks. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (pp. 133- 146). Springer, Cham.

Lee, B. H., Dewi, E. K., & Wajdi, M. F. (2018, April). Data security in cloud computing using AES under HEROKU cloud. In 2018 27th wireless and optical communication conference (WOCC) (pp. 1-5). IEEE.

Natanael, D., & Suryani, D. (2018). Text Encryption in Android Chat Applications using Elliptical Curve Cryptography (ECC). Procedia Computer Science, 135, 283-291.

Rengaraju, P., Ramanan, V. R., & Lung, C. H. (2017, August). Detection and prevention of DoS attacks in Software-Defined Cloud networks. In 2017 IEEE Conference on Dependable and Secure Computing (pp. 217-223). IEEE.

Sarker, I. H., Furhad, M. H., & Nowrozy, R. (2021). AI-driven cybersecurity: an overview, security intelligence modeling and research directions. SN Computer Science, 2(3), 1-18.

Pan, J., & Yang, Z. (2018, March). Cybersecurity challenges and opportunities in the new "edge computing+ IoT" world. In Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (pp. 29-32).

Kabir, M. F., & Hartmann, S. (2018, May). Cyber security challenges: An efficient intrusion detection system design. In 2018 International Young Engineers Forum (YEF-ECE) (pp. 19-24). IEEE.

Sugiarto, E., Setiadi, D. R. I. M., Fahmi, A., Rachmawanto, E. H., Sari, C. A., Sarker, M. K., & Widjajanto, B. (2020, July). Securing Text Messages using the Beaufort-Vigenere Hybrid Method. In Journal of Physics: Conference Series (Vol. 1577, No. 1, p. 012032).1OP Publishing.

Murley, P., Ma, Z., Mason, J., Bailey, M., & Kharraz, A. (2021, April). Websocket adoption and the landscape of the real-time web. In Proceedings of the Web Conference 2021 (pp. 1192-1203).




DOI: https://doi.org/10.26483/ijarcs.v13i4.6890

Refbacks

  • There are currently no refbacks.




Copyright (c) 2022 International Journal of Advanced Research in Computer Science