Arabian Journal for Science and Engineering

Cybersecurity Threats and Vulnerabilities : Systematic Mapping

Study
Mamoona Humayun1, Mahmood Niazi 2, NZ Jhanjhi 3, Mohammad Alshayeb2, Sajjad Mahmood 2

Abstract:
There has been a tremendous increase in research in the area of cybersecurity to support cyber applications and to avoid key
security threats faced by these applications. The goal of this study is to identify and analyse the common cybersecurity
vulnerabilities. To achieve this goal, a systematic mapping study was conducted and in total, 69 primary studies were identified
and analyzed. After a detailed analysis of the selected studies, we identified the important security vulnerabilities and their
frequency of occurrence. Data was also synthesized and analysed to present the venue of publication, country of publication,
key targeted infrastructure, applications, etc. The results show that the security approaches mentioned so far only target security
in general and the solutions provided in these studies need more empirical validation and real implementation. In addition, our
results show that most of the selected studies in this review targeted only a few common security vulnerabilities such as
phishing, denial-of-service and malware. However, there is a need, in future research, to identify the
key cybersecurity vulnerabilities, targeted/victimized applications, mitigation techniques, and infrastructures, so that researchers
and practitioners could get a better insight into it.

Keywords: Cybersecurity, Threats, Vulnerabilities, Attack

1. Introduction The defensive mechanisms used by various

organizations to protect their cyber space are not sufficient to
In today’s world, cyber civilization has become a
protect these cyber environments from the ever-increasing
popular and inevitable source of information sharing and
security vulnerabilities. Therefore, it is one of the important
other professional activities including business, shopping,
scientific challenges that has been attracting the attention of
bank transactions, advertisements, and services etc. This
researchers and practitioners for the last decade. A number of
exponential increase in the use of cyberspace has resulted in
research efforts have been made in different cyber domains,
an exponential increase in cybercriminal activities. The basic
each having specific features and peculiarities to address
reason for this increase is the excessive usage of web
various security breaches [1].
applications in almost every field of life. These web
In the literature, various approaches and tools have
applications are not free from design faults, and cyber
been suggested for the detection and the mitigation of cyber
criminals exploit these faults to gain illegal access to systems
security threats [6, 7]. However, before proceeding with
[1, 2]. Therefore, cyber security has become an important
further research in this area, there is a need to compile the
concern for researchers and practitioners [2]. Cyber security
existing work. To fill this gap, this research study aims to
can be defined as the collection of tools, techniques, policies,
provide a broad and detailed landscape of cyber security
security measures, security guidelines, risk mitigation
vulnerabilities and the provided solutions.
strategies, actions, training, good practices, security
The objective of this study is to conduct a systematic
reassurance and latest technologies that may be used to
mapping study in order to identify and analyse the common
protect cyber space and the assets of users [3]. Cyber security
cyber security vulnerabilities. This mapping study intends to
nowadays has become a matter of global interest and
identify the available studies on cyber security vulnerabilities
importance and it involves securing information by detecting,
and categorize these solutions against (1) commonly available
preventing and responding to cyber-attacks [3-5].
security vulnerabilities (2) victims of cyber threat (3)
vulnerability severity (4) methods of data collection and
NZ Jhanhi
noorzaman.jhanjhi@taylors.edu.my validation approaches. Specifically, our mapping study
addresses the following research questions
RQ1: What are the common cyber security vulnerabilities?
1
College of Computer and Information Science, Jouf University, Al- One of the main RQs is to find the key security
Jouf, Saudi Arabia vulnerabilities based on their frequency of occurrence in the
2
INFORMATION AND COMPUTER SCIENCE selected studies. Finding an answer to this question will help
DEPARTMENT, KING FAHD UNIVERSITY OF
PETROLEUM AND MINERALS (KFUPM),
researchers and practitioners understand the key security
DHAHRAN, SAUDI ARABIA vulnerabilities and to determine the main research areas in the
3
SOCIT, TAYLOR’S UNIVERSITY, field.
MALAYSIA RQ2: What are the key venues for publications on cyber
security?
This RQ will identify the key venues for publications
on cyber security. The answer to this question will help

Springer
Arabian Journal for Science and Engineering

researchers find the main conferences and journals in the field assets and cyber organizations [9, 10].
to publish their research in a relevant place.
Cyber security is defined as “preserving the integrity,
RQ3: Researchers from which country are more active in confidentiality, and timely availability of information in
research on cyber security? cyberspace”[9].
This question will identify the countries from which The Merriam Webster dictionary defines cyber security as
researchers are actively participating in the field of cyber protecting computer systems from unauthorized access and
security based on the analysis of the selected papers’ authors. attacks [11].
This will help researchers know the current research trends in
the area. It may also help them to identify key researchers in According to [3], cyber security is defined as the
the field. processes and technologies used to protect computing devices
RQ4: Who are the key victims of security vulnerabilities? and networks from unauthorized access and attacks over the
The answer to this question highlights the victims of Internet.
security breaches. We classify victims into two broad
categories, namely individual and organization. The answer to Cyber security is the protection of physical and non-
this question will help researchers and practitioners to gain an physical components of organizations from illegal access [12]
overview of the major victims of cyber security According to these definitions, researchers define cyber
vulnerabilities. This will help in knowing the main trend of security in different ways. Existing definitions focus on
security vulnerability attacks. different cyber security aspects. For example, some
RQ5: Which applications are target of cybercrimes in the definitions focus on protection and privacy, while others
selected studies? highlight the needs for defining rules and policies for
The answer to this question will be a list of
information integrity, confidentiality, and availability. In
applications that were targets of cyber security in the selected
addition, other researchers stressed the need to define
studies and will provide an insight to these application users
processes and technologies to protect computing devices.
so that they can protect their applications from cyber-attacks.
Cyber security can be considered as a mechanism of
RQ6: What are the common cyber security mitigation protecting individuals’ and organisations’ assets from
techniques discussed in literature? unauthorized access. These definitions also highlight the
The answer to this question will be a list of mitigation importance of the cyber environment and its protection.
techniques used to overcome cyber security threats and will 2.2 Cyber security terminologies
help researchers gain an overview of the existing techniques
available so far. Following are some definitions of important terminologies
that are necessary to gain a better understanding of the key
The remainder of this paper is structured as follows.
concepts related to the area under research.
Section 2 describes the background knowledge. Section 3
briefly describes some existing work. Section 4 explains the Cyber space is a global domain within the information
research methodology. Section 5 presents the results of the world whose distinct characteristic is the use of the electronic
study followed by Section 6 which presents a discussion of and electromagnetic spectrum to create, update, store, share
the results. The paper is concluded in section 7 followed by and exploit information with the help of interconnected and
section 8 which discusses some open issues. dependent networks using the latest information and
communication technologies [13-15].
2. Background
Vulnerabilities: These are the flaws in a system or its
This section provides background information on cyber design that allows an attacker to execute malicious
security. commands, access data in an unauthorized way, and/or
2.1 Cyber security conduct various denial-of-service attacks [22, 23]
Threats: These are actions taken to gain a benefit from
Security is defined as ‘‘protection against undesirable security breaches in a system and negatively impact it [22, 24]
disclosure, destruction, or modification of data in a system
and also the protection of systems themselves’’ [8]. Attacks: These are the actions taken to damage a system
or disturb its routine operations by exploiting vulnerabilities
According to ISACA “Cyber security is concerned with using various tools and techniques. Attackers launch these
the security and privacy of digital assets-everything from attacks to achieve their malicious goals, either for self-
networks to computing devices and information that is satisfaction or financial reward [24, 25].
processed, stored or exchanged by internetworked information
systems” [9]. A number of security vulnerabilities have been discussed
in the literature. To assist the readers to better understand
According to the International Telecommunications some of the common cyber security vulnerabilities, these are
Union, cyber security is the collection of techniques, rules, described as follows:
policies, best practices and approaches used to protect a user’s

Springer
Arabian Journal for Science and Engineering

 Denial-of-service (DoS): This type of attack is an 3. Existing Work

effort to make a machine or network resource inaccessible to Several mapping studies and systematic literature reviews
its intended users. It is caused by any event that weakens or (SLR) exist in the area of the cyber environment but these
eliminates a network’s capacity to perform its expected studies have not specifically targeted cyber security
function. Owing to low memory capabilities and limited vulnerabilities. We discuss these studies in the following.
computation resources, most computing devices in the IoT
environment are vulnerable to asset enervation assaults [26]. [1] performed a detailed systematic mapping study on
One of the reasons for a DoS attack is because various cyber physical system security. The review targeted various
industries use similar technologies and potential attackers take domains including network systems, the smart grid,
advantage of this [27, 28]. information systems, and automatic control. According to
study results, researchers have mainly targeted smart grid
 Malware: In this attack, the attacker deploys malicious systems and their main focus is on physical level attacks.
software programs to gain unauthorized access to
computer systems by exploiting its security [39] performed a systematic mapping study on the use of
vulnerabilities. The incentive behind malware is an model-based security engineering to address the security
extraordinary financial or political reward that challenges of the cyber-physical system. The paper has three
accelerates an attacker’s motivation to compromise as main contributions: it classifies the primary studies based on
many network devices they can to accomplish their publication statistics, it identifies the security concerns
malicious aims [29, 30]. discussed in the selected primary studies and highlights the
open issues. According to their study, only a few security
 Phishing: This is an unlawful activity which uses solutions exist regarding the use of model-based security
social engineering and technology to collect sensitive engineering in the cyber-physical system. Further, there are
information from an Internet user. Phishing techniques only a few empirical studies on this topic.
utilize various methods of communication such as
email, instant messages, pop-up messages, or web [40] conducted a SLR on cyber situational awareness. The
pages [31, 32]. authors shortlisted 102 articles and clustered them based on
various categories. According to the findings, some aspects of
 SQL Injection attack: In this attack, an input string is cyber situational awareness are more mature and widely
injected through the application to change or researched than others. More research focus is in the area of
manipulate the SQL statement to the attacker’s industrial control systems and the least focus is given to
advantage. This attack harms the database in several information exchange and military operations.
ways, including unauthorized access and manipulation
of the database, and disclosure of sensitive data. This [41] performed a SLR to investigate the state-of-the-art in
attack is risky as it can cause data loss or misuse of cross-site scripting (XSS) vulnerabilities in web applications.
data by groups who are not authorized and According to this study, the researchers found several
consequently, functionality and confidentiality are solutions to address XSS vulnerabilities but there is still no
destroyed. Further, system level commands are also single solution to mitigate the XSS problem. According to the
executed under this category of attack resulting in results of the SLR, there is a need for more research to
authorized users being unable to access the required address XSS removal from source code before deployment.
information [33, 34]. [42] conducted a SLR on self-adaptation for the cyber-
 Session Hijacking and Man-in-the-Middle Attacks: physical system (CPS). The main focus of their study is to
Man-In-The-Middle (MITM, also abbreviated in the assess the existing approaches used to handle self-adaptation
literature as MIM, MitM, MiM or MITMA) is an attack in CPS at the architectural level. According to the study, self-
where an unauthorized third party secretly gains adaptation for CPS is a cross-layer concern, where existing
control of the communication channel between solutions combine various adaptation mechanisms within and
multiple endpoints. The MITM attacker can interrupt, across layers. Hence, there is a need for more research in the
manipulate or even replace the target victims’ field of self-adaptation in CPS and the mapping of solutions
communication traffic. Further, victims are not aware across different layers.
of the intruder, thus believing that the communication [43] also carried out a SLR to identify the state-of-the-art
channel is safe and protected [35, 36]. on the existing solutions to prevent and reduce the cyber
abuse of youth. The aim of the study is to check the
 Cross-Site Scripting (XSS): In this type of attack, a
effectiveness of cyber abuse interventions in improving safety
malicious attacker tries to run a JavaScript code in the
knowledge regarding Internet usage and risky online
client’s browser in order to steal the client’s sensitive
behavior. The results show the effectiveness of cyber abuse
data. It is a commonly used vulnerability found in
intervention in improving safety knowledge; however, it has
recent websites [37, 38].
no significant association with risky online behavior.

Springer
Arabian Journal for Science and Engineering

[44] performed a SLR to understand the state-of-the-art studies and SLRs have also been conducted. However, the
on the existing architectures that support cyber foraging. existing mapping studies mainly focus on cyberspace security
Cyber foraging is a computing technique in which low- in general and cyber awareness in particular. No systematic
powered devices offload their heavy work on high powered mapping study exists that synthesizes knowledge on the key
neighbourhood machines. The aim of the study was to cyber security vulnerabilities and approaches to mitigate these
categorize the existing architectural solutions related to what, risks. To bridge the gap, this mapping study is conducted to
when and where to offload data and computation for mobile provide the researchers with an overview of existing cyber
devices. The authors identified the elements of existing security vulnerabilities and their detection and mitigation
architectures and codified them in architectural tactics that approaches.
can help architectural researchers and practitioners extend
their design to support cyber foraging. 4. Research Methodology
[45] performed a SLR to analyze the approaches used to In this study, guidelines for conducting a systematic
assess cyber security awareness. According to the study mapping study were followed [50-52]. The reasons for
findings, many approaches have been proposed in the choosing this method are manifold. It is a systematic and
literature to develop awareness of cyber security. However; organized way of identifying, evaluating and interpreting all
there is still a need to combine multiple approaches for better the relevant studies concerning a particular research question,
results. Further, there is a need to promote more awareness focus area or phenomenon of interest. A systematic mapping
about cyber security, especially to young people who are the study is a well-defined and disciplined way to review and
key targets of cyber-attacks. synthesize the empirical evidence concerning a method or
technology, find out the missing areas and gaps in the current
[46] tried to capture the possible attack scenarios for research and provide researchers or practitioners with the
dynamic networks using Global System for Mobile (GSM). background knowledge to justify new research. A systematic
A change in security metric is evaluated based on a change in mapping study is different from a conventional literature
network parameters. The effectiveness of each metrics was review as it takes more time and effort, but it provides a
evaluated according to the persistent security challenges. This deeper understanding of the topic and a strong basis for
study helps the researcher and practitioner to determine the establishing claims about research questions [53]. A
most suitable security metrics for their network. However, systematic mapping study protocol contains five distinct
this study discussed security vulnerabilities in general and did phases as shown in Figure 1
not target any particular cyber security attacks.
[47] carried out a systematic mapping study on intrusion
alert analysis using the SMS process. In this mapping study,
411 studies were evaluated to answer the research questions.
According to the study findings, intrusion alert analysis is a
rapidly growing research field. The paper gives a good insight
into current state-of-the-art regarding intrusion alert analysis.
[48] performed a systematic review to evaluate the
effectiveness of a Bayesian network model in cyber security.
Seventeen Bayesian network models were identified and
evaluated in this study. According to the study findings,
Bayesian network models are useful for solving the problem
of malicious insiders. However, these models are frequently
used to address the security issues associated with the Fig. 1. Phases of a systematic mapping study
information technology environment compared to the A systematic mapping study protocol has been prepared,
industrial control systems. Further, no standard Bayesian which includes the details of all steps that were followed in
network models exist which address all the issues of cyber the current study. A brief description of the major steps is as
security. follows:
[49] reviewed the literature on SCADA and smart gird 1. Formulating research questions
security to highlight the persistent cyber-attacks and existing 2. Defining search process and search string
solutions. The important contribution of the paper is a 3. Defining the process of study selection including
discussion of cyber-attack approaches, consequence inclusion and exclusion criteria
modelling of these attacks and the detection and design of 4. Data extraction and mapping the data with defined
security architecture. research questions
5. Data analysis and result extraction
From the above discussion, it becomes clear that a large This mapping study was undertaken by two researchers.
body of research has been conducted in the area of Both are academic faculty members. The protocol was
cybersecurity and cyber awareness. Systematic mapping developed by one author and the other author reviewed it

Springer
Arabian Journal for Science and Engineering

critically to identify the weaknesses. Both team members related to cyber security
contributed in all the phases of the systematic mapping study.
Context: Within the domain of cyber security with a focus
To lessen personal bias and to improve the process of the
on empirical studies
mapping study, inter-rater reliability tests were executed at the
preliminary and final selection phases of this systematic 4.1.2 Finding synonyms of the derived search terms using
mapping study process. A comprehensive search was Boolean operators
conducted to identify the relevant articles published up to The identified search terms were validated in the major
December 2018. academic databases. All possible relevant synonyms of the
identified terms were found to construct the search string. The
4.1 Search Strategy following synonyms have possible relevance to the topic:
Before starting the mapping study formally, the string Cyber Security: (cyber OR {cyber security} OR {cyber
“empirical studies on cyber security" was applied in Science physical} OR {Network security} OR {Internet security} OR
Direct. The reason for choosing Science Direct is because it is {computer security} OR {IT Security} OR {software
a well-known library consisting of a vast collection of articles Security})
from various domains. The purpose of this initial search was
Attack: (vulnerability OR {cyber threat} OR {cyber
twofold: firstly, to ensure whether there are a sufficient
Crime} OR {cyber-attack} OR challenge OR risks OR
number of empirical studies to undertake a mapping study;
violence)
and secondly, to identify some primary studies that may be
used later for the validation of the search string. The selected 4.1.3 Verification of identified terms in the academic
studies were exported into the Endnote software [54]. The databases
abstracts of the retrieved papers were studied, and nine After multiple iterations and revision, the following search
empirical studies were chosen as the primary studies so they string was finalized for this mapping study:
could be used to validate our refined string. In this informal
Cyber OR Privacy OR{cyber security} OR {cyber
search process, many empirical studies were found so it was
physical} OR {Network security} OR {Internet security} OR
decided to perform a systematic mapping study and the initial
{computer security} OR {IT Security} OR {software
string which was defined for the search process was cyber
Security}) AND (vulnerability OR {cyber threat} OR {cyber
AND security. When this initial string was applied on the
Crime} OR {cyber-attack} OR challenge OR risks OR
Science Direct search engine, the retrieved results did not
violence)
include all the primary studies. Further, two senior software
engineering researchers from academia who have expertise in The final search string was used in the following digital
conducting SLRs were chosen as experts and they were libraries (the search string was also tailored according to the
requested to evaluate the search string and provide feedback. search mechanism provided by these libraries):
Based on these experts’ opinions, the initial string was
revised, and the main search string was split into two parts.  ACM Digital Library
Expert opinion is a way of quickly evaluating and validating  Science Direct
information [55]. Below are the two parts of our defined  IEEE Explore
string  John Wiley Online Library
 Springer Link
1. Cyber Security
2. Attack/threat/vulnerability
The synonyms of both these parts of the string were The above five databases were selected as they are the
considered to collect all possible relevant studies. This refined popular venues for publishing papers on cyber security. Other
string was again validated against the list of primary studies researchers have also used these databases in their SLR
and the results of the validation were positive, so it was studies [R1][R2][42].
decided to use this in the future for data extraction. The
4.2 Publication selection
results obtained from the second search string consist of all
the selected primary studies which shows the validity of our
This section details the inclusion and exclusion criteria
search string. The search strategy in this systematic mapping
used for publication selection and also highlights the process
study is based on the following three key steps:
used to select relevant publications as per the research
4.1.1 Constructing the Search String: questions. The following criteria were set for inclusion:
First, the search terms were formed using the keywords
The review period was a decade and includes studies
identified from the population, the proposed solution, the
published from 2007 to 2018. This starting date was chosen
outcome of relevance and context as under
because most cybercrimes were reported in 2007 and later.
Population: Set of articles describing the empirical However, the search was performed in 2018, so only
studies on cyber security publications pertaining to the second quarter of 2018 were
considered in the systematic mapping study.
Intervention: Solutions proposed in the literature to
address cyber security issues.  Empirical studies with a focus on cyber security
vulnerabilities
The outcome of relevance: Quantity and type of evidence

Springer
Arabian Journal for Science and Engineering

 Studies which focus on providing a solution to cyber Table 2 shows the main categories of cyber security
security vulnerabilities vulnerabilities (RQ1) identified from the systematic mapping
The following exclusion criteria were used: study. Colum1 of table 2 list the cyber security vulnerabilities
that were identified in this mapping study. Colum2 of the
 Studies that do not provide detailed information on how Table 2 shows the frequency of occurrence for each
to detect cyber security vulnerabilities vulnerability as it appeared in the selected studies while
 Duplicated studies, in the case of duplicated studies the column 3 of table 2 shows the percentage of occurrence for
most recent one was chosen these vulnerabilities. Key vulnerabilities identified in our
 Studies where the findings are not evaluated empirically. mapping study include malware, phishing, SQL injection
 Studies only available as abstracts or PowerPoint attack, cross-site scripting (XSS), denial-of-service (DoS),
presentations session hijacking, man-in-the-middle attacks, and credential
 Papers with no focus on the cyber security domain. reuse. Denial-of-service is the most addressed vulnerability in
 Papers presenting only guidelines, recommendations or the systematic mapping study (41%). The second most
a description of cyber security discussed vulnerability in the literature is malware (16%)
 Introductory papers for workshops, special issues, and followed by phishing. The details of remaining vulnerabilities
books. are shown in Table 2.
 Book chapters
5.2 Analysis based on the venue of publication and
 Papers not written in English.
source type
 Papers that are not accessible.
The process of selecting publications was automatic and
The second aspect of this study focuses on the venue of
twofold: firstly, the initial selection from the search result was
the selected publication and its source type, which will help to
performed according to the selection criteria by screening the
address research question two (RQ2) (i.e. the key venues of
title and abstract of the publications. Secondly, the papers
publication that contribute to the area of cyber security).
selected in the initial phase were read completely in order to
shortlist publications for final selection, based on the defined For venue and source type analysis, we considered five
inclusion criteria.
Table 2 Cyber security vulnerability categorization
4.3 Data Extraction Vulnerability Frequency Percentage
Credential Reuse 1 1%
Based on our search string and the identified security Cross-Site Scripting 1 1%
vulnerabilities, we developed a data extraction form (available (XSS)
in Appendix A) to extract data from the retrieved Denial-of-Service (DoS) 28 41%
publications. This data extraction form consists of a mix of
open-ended and closed-ended questions. A pilot study Malware 11 16%
involving two software engineering experts was conducted to Phishing 7 10%
evaluate the data extraction form. The data extraction form Session Hijacking and 2 3%
was finalized based on the feedback from the pilot study. The Man-in-the-Middle
final version of the data extraction form consists of three Attacks
parts: section one collects information about the selected SQL Injection Attack 3 2%
paper such as paper title, list of authors, year of publication, Other 17 24%
country of publication and reference type of papers; section
two includes information on the quality assessment of the
paper (the results of the quality assessment are not included in libraries as the key venues for publications as shown in Table
this paper, as based on the mapping study guidelines, quality 3. The selected studies from these libraries were published in
assessment is not essential in mapping studies [51]); section three main publication types, namely conferences, journals
three presents the data that was extracted from the selected and workshops. Table 3 shows the distribution of the selected
publications. studies with respect to the publication type. The number of
studies published in conferences and journals is almost the
5. Results same (33 out of 69 each) and only three studies were
5.1 Categorization of cyber security vulnerabilities published in workshops. The percentage of studies published
This section presents the results of the systematic mapping in conferences, journals and workshops was 48%, 48% and
study. The total number of studies selected in the initial search 4%, respectively. The results of Table 3 show that IEEE and
phase was 134. Based on the inclusion and exclusion criteria, ACM libraries contain more conference papers than journal
69 articles were selected in the final iteration (as shown in papers. From the publications extracted from the IEEE
Appendix B). The detail of each iteration is shown in Table 1. library, only three were published in IEEE journals and the
These selected articles were studied and analyzed in detail to rest all were published in IEEE conferences. For the ACM
address the research questions. library, all the extracted papers were published in conferences
and workshops
Table 1 Study selection (67% and 33%, respectively) and no journal paper was
Source Retrieved Initial Final
selection selection
IEEE 3878 40 30
ACM 314 26 9
Science 1299 46 21
Direct Springer
Springer Link 1440 11 6
Arabian Journal for Science and Engineering

extracted in the domain of the area under study. However, if used. The rationale for this ranking is to answer research
we analyze the statistics of the three other libraries, namely question 3 (RQ3) and to determine from which countries
Science Direct, Wiley Online and Springer, the extracted researchers who publish in the area of cyber security come.
publications relevant to the current study domain were all The affiliation information provided in each paper was used,
published in journals. From these three libraries, the even if the author had moved to another country. If a paper
frequency of publication in Science Direct was highest with was written by several authors, the country of the first author
30% of the papers in the pool. Springer and Wiley were was chosen. The results are shown in Table 4 and Figure 2.
second and third in the pool with a frequency of 8.69% and Colum1 of table 4 list the authors’ affiliation country as
4%, respectively. appeared in selected studies. Colum2 of the Table 4 shows the
frequency of authors affiliation belonging to the country
mentioned in Colum 1 and column 3 of table 4 shows the
percentage value of Colum 2. The results (for RQ3) indicate
Table 3 Distribution of studies w.r.t. venue of that the highest number of research articles in the area of
publication cyber security are published by American researchers who
Venue Journal Conference Workshop Total contributed 23% (16 of 69) of the selected articles. Authors
Papers Papers Papers from India and Taiwan (with 14 and 7 articles, respectively)
IEEE 3 27 0 30 were second and third in the ranking, respectively Australia
ACM 0 6 3 9 and Canada, both ranked fourth, contributed 7% each. The
Science 21 0 0 21 rest of the articles were published in various countries with a
Direct frequency between 2 and 4 articles.
Springer 6 0 0 6 This illustrates the need for more research in the area of
Wiley 3 0 0 3 cyber security from various countries to understand the effect
Total 33 33 3 69 of socio-cultural differences.

Country of Publicati on
18
5.3 Demographic Analysis
16
To identify and rank the most active countries in the area 14
of research on cyber security, the author’s affiliation was 12
10
Table 4 Country frequency analysis 8
6
Country Frequency Percentage
4
2
Italy 1 1%
0
Malaysia 1 1% ly ia an in na ce an an ia re ea K lia da an ia A
Ita lays kist S pa Chi ran Ir Jap an apo Kor U tra na iw Ind US
a a F m g s a a
Pakistan 1 1% M P Ro S in uth Au C T
S o
Spain 1 1%
Fig.2. country of publication
China 2 3%
The selected studies were also categorized with respect to
France 2 3%
the year of publication to identify the current research trends
Iran 2 3% in the area of cyber security. Figure 3 shows the distribution
of studies by year. The results of Figure 3 show that there is a
Japan 2 3% significant increase in research in the area of cyber security to
Romania 2 3% support cyber applications and to address the key security
threats faced by these applications.
Singapore 2 3%
South Korea 3 4%
UK 3 4%
Australia 5 7%
Canada 5 7%
Taiwan 7 10%
India 14 20%
USA 16 23%

Springer
Arabian Journal for Science and Engineering

of empirical validation was simulation (41% or 28 of 69 of the

Year of publicati on articles in the pool using this method, and the least used
method of validation was a case study with 6 % or 4 of 69
18 studies using this method.
16
14
12
10
Empirical validation
8 method
6
4
2
0
2006 2008 2010 2012 2014 2016 2018 silumation

Fig.3. Year of Publication experiment

Data characteristics were also highlighted in order to
case study
understand which kind of data is mostly used to validate the
proposed approach. Table 5 shows the characteristics of the 0 5 10 15 20 25 30 35 40 45 50
data used to validate the proposed strategies. Most researchers
used mixed data for validation which includes the mix of Fig.4. Division of studies w.r.t. empirical method used
academia, industry, and the government with 44 % of the
articles in the pool. Industrial data was used by 30% of the
5.4 Victim Analysis
The focus of the fourth research question is to identify
researchers for the validation of their proposed approach and
the key victims of cyber security vulnerabilities which will
the percentage of academia and government data was 10%
help to answer RQ4 i.e. who are the key victims of these
and 3%, respectively.
security vulnerabilities? The victims were divided into two
broad categories, namely organizations and individuals and
Table 5 Data Characteristics
the results are shown in Table 7. Some of the vulnerabilities
Option Frequency Percentage
affected both individuals and organizations together in the
Academia 7 10% selected studies, therefore, the results are overlapping for
21 30%
these vulnerabilities.
Industrial
Government 2 3% Table 7 Victim frequency
Victim Response %age Responses
Mixed 39 44%
Individual 6 9%

Organization 69 100%

As the focus of the study was on empirical studies

only, only those studies which performed an empirical
validation of the results were selected. Empirical studies were 5.5 Target applications
divided into three commonly used research methodologies, The focus of the fifth research question (RQ5) was to
namely experiment, case study, and simulation. The reason pinpoint the applications that were key targets of cybercrimes
for selecting simulation was that it was mostly used in the in the selected studies. Although the data extracted from the
selected studies for validation. The results in Table 6 show the selected studies regarding the targeted victims’ organizations
distribution of studies with respect to the research and applications was heterogeneous, we organized it into the
methodology. following three categories
Table 6: Study strategy used
5.5.1 Infrastructure that was targeted
Study types Frequency Percentage According to the extracted data, the following
Case Study 4 6% infrastructure was a key target of cybercrimes
 Social media
Experiment 43 62%  Smart grid
Simulation 28 41%  mobile application
 industrial control systems
 Network
The results in Table 6 and Figure 4 show that  Distributed system
experimentation was the most commonly used method of  Cloud application
validation with 62% or 43 of 69 of the articles in the pool  Multiple VLAN
using this method. The second most commonly used method  Vehicular ad hoc network (VANET)

Springer
Arabian Journal for Science and Engineering

 Information Systems and Internet of Things frequency is mentioned in table-8. However, nine of the
 client server application extracted studies did not mention the name of the mitigation
 Internet data technique used.
 collaborative working nodes interconnected
through MPLS-VPN cloud
 enterprise network gateway Table 8: Attack mitigation techniques
 cyber-physical systems Mitigation techniques Freque Percent
 application servers ncy age
 peer-to-peer (P2P) systems Algorithm weakly supervised 3 4.3%
VulPecker tool 1 1.45%
5.5.2 Target applications Iterative approach of Critical 2 2.90%
component identification
Intrusion detection systems (IDS) 17 24.6%
The following applications were the targets of cyber- Content based spam filtering 3 4.3%
attacks according to our data technique
 energy efficient neuromorphic hardware MP shield 1 1.45%
platform Command and Control (C&C) 1 1.45%
 Thunderbird 24. 8. 0 servers
 Libav 10.1 Antiphishing techniques 6 8.69%
 banking Firewalls 13 18.84%
 web application Analysing traffic anomaly 6 8.69%
 Xen 4.4.0 features
 E-commerce Anti-malware software 5 7.25%
 Hackmageddon database Automated dynamic analysis 1 1.45%
techniques
Organizations/agencies that were targeted Modifying the way of accepting 1 1.45%
The following organizations were the targets of cyber- incoming requests
attacks, according to our studies Conventional false data detection 4 5.80%
 DARPA (FDD) approaches
 AhnLab Security Emergency Centre Signature-based detection and 3 4.3%
 Aircraft attitude sensors anomaly-based detection
Darknet 2 2.90%
5.6 Attack mitigation techniques Not Mentioned 9 13.04%

The focus of our last research question (RQ6) was to 6. Discussion

identify the mitigation techniques used by various victim In the following, we discuss our results in detail and
industries from cyber threats. Table 8 shows the frequency map them according to the posed research questions to better
and percentage of the mitigation techniques that were used to understand the ability of the readers.
protect the cyber environment from cyber security threats. RQ1: What are the common cyber security vulnerabilities?
According to our extracted data, some organizations To answer RQ1, all the retrieved papers were
used more than one technique to protect their cyber thoroughly studied, and the key vulnerabilities discussed in
environment, for example, a firewall and IDs were used by these papers were extracted. Table 2 lists these common
many cyber organizations along with other security mitigation security vulnerabilities. Table 2 also shows the frequency with
techniques. The total frequency is more than 69 (the number which the cyber security vulnerability has been investigated.
of selected studies) due to the use of multiple security The results of the current mapping study indicate that denial-
mitigation techniques. Further, the papers that targeted only of-service has been investigated the most frequently as many
phishing attacks mostly used antiphising techniques to prevent researchers have addressed this issue, as shown in Table 2.
the systems from a phishing attack. The security vulnerabilities investigated second and third
Traffic analysis was also used in many papers for most frequently are malware and phishing detection and
security attack detection. According to our mapping study, mitigation, respectively. Only a few studies have targeted
Intrusion detection system and Firewalls are most commonly other security vulnerabilities, which shows the need for more
used techniques for cyber-attack mitigation with the research to address these vulnerabilities. Further, there is a
frequency of occurrence (17 out of 69) and (13 out of 69). The need to accommodate exposure avoidance from these three
second most commonly used method of cyber-attack common vulnerabilities during cyberspace creation. There is
mitigation were antiphishing and traffic analysis with same also a need to develop some strategies to make people aware
frequency of occurrence as (6 out of 69). The third commonly of these vulnerabilities.
used technique of cyber-attack mitigation is antimalware RQ2: What are the key venues for publication on cyber
software that is used to protect cyber environment from security?
malware attack. Remaining mitigation techniques and their

Springer
Arabian Journal for Science and Engineering

To identify the key venues for publication, five key 17 and 13, respectively. Further, traffic analysis and
libraries were used for data extraction, namely IEEE, ACM, antiphising are the 3rd and 4th most widely used cyber-attack
Science Direct, Wiley Online and Springer. The extracted prevention techniques.
results from these libraries were divided into three categories,
namely journals, conferences and workshops, as shown in 6.1 Research and practical implications
Table 3. The results in Table 3 show that more research in the
area under study was published in conferences and journals This mapping study has both research and practical
and only a few articles were published in workshops. Further, implications. We categorized the key security vulnerabilities
the results of Table 3 show that publications extracted from and identified their frequency of occurrence in the selected
IEEE and ACM libraries are mainly conference papers, only 3 studies. This will help researchers know which security
out of 30 were journal papers in the IEEE library and 3 out of vulnerabilities need more attention. In the future, researchers
9 were workshops papers in the ACM digital library. On the can target those security issues which need more research.
other hand, all the publications retrieved from the remaining Further, we categorized the studies with respect to country of
three libraries (Science Direct, Wiley Online and Springer) publication. This will help researchers analyze the socio-
were journal papers. This shows that IEEE and ACM are the cultural impact on cyber-security.
key venues for conference publications in the area under study It is also anticipated that the key vulnerabilities
while Science Direct, Wiley Online and Springer are key identified, and their frequency of occurrence will help
venues for journal publications in the area of study. practitioners develop strategies to make individuals and
RQ3: Researchers from which country are more active in organization aware of these vulnerabilities and their
cyber security? mitigation techniques. It is a common practice to highlight
During the demographic analysis, some interesting frequently occurring cyber-attacks, as not all attacks and
findings surfaced which are: USA and India are the countries vulnerabilities are equally important. It will also guide
which most frequently publish research in the area of cyber investment decisions in key security areas. Thus, this
security vulnerability detection and mitigation, as shown in systematic mapping study and the empirical results presented
Table 4 and Figure 2. The second observation is that the in this paper will help practitioners decide where to invest
number of publications in the area of cyber security is while developing tools and strategies to protect the cyber
increasing which shows the importance of research in the area environment.
of cyber security, as shown in Figure 3. Cyber organizations need to provide their clients with
RQ4: Who are the key victims of these security guidelines and training in relation to critical vulnerabilities
vulnerabilities? and ways to protect themselves. Organizations should
The victims of security vulnerabilities were divided develop mechanisms to establish suitable privacy policies to
into two categories, namely individuals and organizations. protect the important assets of individuals as well as
The results in Table 7 show that organizations are more organizations. Organizations should also select attack
vulnerable to cyber threats compared to an individual. detection strategies and tools carefully so that the client can
However, there are some vulnerabilities that target both use them easily. Organizations also need to make sure that
individuals and organizations. This is shown by the employees do not disclose their personal information to any
overlapping values in Table 7. third party, nor should they reply to junk emails or messages.
RQ5: Which applications are the target of cybercrimes in the
selected studies?
The data obtained from the selected studies to answer
research question 5 were heterogeneous and therefore were 6.2 Threats to validity
not able to be classified into specific groups. Further, most of
the papers did not mention the name of the application that It is possible that the current mapping study may be
was the target of cybercrime. However, we divided the subject to the following threats to validity:
extracted data into the following three classifications: firstly, Publication bias: There is a possibility that some
we highlighted the infrastructures that were the key targets of relevant studies that are published in other databases which
cybercrime; secondly, we identified the applications that were are not included in this study have been missed. However, we
targets of cybercrime; and lastly, we identified the believe that the selected databases cover the most relevant
organization/agencies that were target of cybercrime. The published literature on cyber security domain.
results of RQ5 shows that the smart grid, the Internet of Missing synonyms: Another possible threat might be
Things, cyberspace and the cloud environment are the key the absence of some synonyms in the search string. Despite
targets of cybercrime. the fact that we have tried to cover all the synonyms, there is
still a possibility that we missed or overlooked some work.
RQ6: What are the common cyber security mitigation
techniques discussed in literature? 7. Conclusion
According to the data obtained from the selected
studies, different organizations use different techniques to This paper presents the results of a systematic mapping
protect their cyberspace from security attacks. However, it study that was undertaken to identify and analyse the common
was observed that the intrusion detection system and firewalls cyber security vulnerabilities. A summary of the important
are the most commonly used techniques with a frequency of results follows:

Springer
Arabian Journal for Science and Engineering

RQ1:134 articles were selected using a defined search 8. Open issues

string for this systematic mapping study. After all the papers
Cyber security is a rapidly growing research area due
had been screened, 69 articles that met our inclusion criteria
to its wide use in almost every field of life, but it also imposes
were selected. Each publication was analyzed in detail and
high demands on the safety and security of cyber systems
seven key security vulnerabilities that were the most
from insider and outsider attacks. Fundamental research is
discussed in the selected publications were extracted. Based
required in this field to effectively address the key security
on our analysis, denial-of-service and malware were the most
vulnerabilities. In this paper, we highlighted important and
cited security vulnerabilities, with a frequency of 41% and
frequently occurring cyber security vulnerabilities so that
16%, respectively. The approaches most used in the detection
researchers can find gaps in the existing literature and new
of these vulnerabilities as detailed in the selected research
directions for research. Some future research direction are as
include intrusion detection systems, machine learning
follows:
techniques, and algorithm-based solutions.
Table 2 lists and categorizes the common cyber
RQ2: With respect to the publication venue, we only
security vulnerabilities along with their frequency of
targeted five key digital libraries, these being IEEE, ACM,
occurrence. According to this, denial-of-service and malware
Science Direct, Springer and Wiley Online. According to our
are frequently occurring security vulnerabilities. There is a
findings, IEEE and Science Direct are the key publication
need to develop methods to secure the cyber environment
venues in the area of cyber security. According to our
from these vulnerabilities.
findings, conferences and journals are the key publication
Table 7 shows the percentage of individuals and
venues, representing 66 out of 69 studies while publications in
organizations who were targeted. Although the percentage of
workshops only contribute 3 out of 69 studies.
organizations suffering from security issues is very high
compared to individuals, there is still a need to develop a
RQ3: The focus of the third research question was to
reliable information security mechanism to keep personal
identify the country from which the researchers who
information confidential. There is a need to develop a secure
contributed more in the area of cyber security came. To obtain
and transparent mechanism to save organizations from
an overview of the key researchers in this area, we counted
internal and external security attacks.
the number of papers with respect to the country of
Section 5.5 lists the infrastructure, applications and
publication. Our findings show that USA and India are more
organizations that are the key targets of cybercrime. This
active in this area of research compared to other countries.
shows the need to propose mitigation strategies to protect
RQ4: Based on our research, organizations are more
these environments from cyber-attacks.
vulnerable to cyber-attacks compared to individuals.
However, there are some attacks that target both individuals
as well as organizations. Individuals are the main target of Acknowledgment
phishing attacks, where they receive junk emails and instant The authors would like to acknowledge the support
messages which aim to disclose their personal credentials. provided by the Deanship of Scientific Research via project
There is a need for cyber awareness to provide individuals number IN161024 at King Fahd University of Petroleum and
with knowledge of cyber-attacks and to warn them about the Minerals, Saudi Arabia. In addition, we are grateful to the
disclosure of their personal information. participants who evaluated the proposed model and
RQ5: Based on our analysis, the smart grid, the recommended improvements.
Internet of Things, cyberspace and the cloud environment are
the key targets of cybercrime. There is a need to implement
proper safety and security measures throughout the planning,
design, implementation, deployment and operational cycles of
References
these cyber environments.
RQ6: Based on our analysis, no standard 1. Lun, Y.Z., D'Innocenzo, A., Malavolta, I., Di Benedetto,
measure/mitigation techniques exist that can be used by all M.D.: Cyber-physical systems security: a systematic
cyber organizations to protect their cyber environments from mapping study. arXiv preprint arXiv:1605.09641
potential cyber threats. However, organizations need to be (2016).
aware of the existing vulnerability mitigation techniques. 2. Razzaq, A., Hur, A., Ahmad, H.F., Masood, M.: Cyber
There is also a need to provide proper training to employees security: Threats, reasons, challenges, methodologies
regarding security. and state of the art solutions for industrial
applications. In: Autonomous Decentralized Systems
It is expected that these research findings will support (ISADS), 2013 IEEE Eleventh International
cyber organizations to better understand the existing cyber Symposium on 2013, pp. 1-6. IEEE
security vulnerabilities and their mitigation strategies. Further, 3. Von Solms, R., Van Niekerk, J.: From information security
the findings provide a strong basis for researchers and to cyber security. computers & security 38, 97-102
practitioners to address the aforementioned cyber security (2013).
issues in detail while developing new cyber security 4. Benson, V., McAlaney, J., Frumkin, L.A.: Emerging
approaches. Threats for the Human Element and
Countermeasures in Current Cyber Security
Landscape. In: Psychological and Behavioral

Springer
Arabian Journal for Science and Engineering

Examinations in Cyber Security. pp. 266-271. IGI and attacks. Journal of Cyber Security 4(1), 65-88
Global, (2018) (2015).
5. Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security 23. Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.:
awareness campaigns: Why do they fail to change Cybertwitter: Using twitter to generate alerts for
behaviour? arXiv preprint arXiv:1901.02672 (2019). cybersecurity threats and vulnerabilities. In:
6. Floyd, D.H., Shelton, J.W., Bush, J.E.: Systems and Proceedings of the 2016 IEEE/ACM International
methods for detecting a security breach in an aircraft Conference on Advances in Social Networks
network. In. Google Patents, (2018) Analysis and Mining 2016, pp. 860-867. IEEE Press
7. Taha, A.F., Qi, J., Wang, J., Panchal, J.H.: Risk mitigation 24. Johnson, C., Badger, L., Waltermire, D., Snyder, J.,
for dynamic state estimation against cyber attacks Skorupka, C.: Guide to cyber threat information
and unknown inputs. IEEE Transactions on Smart sharing. NIST special publication 800, 150 (2016).
Grid 9(2), 886-899 (2018). 25. Rid, T., Buchanan, B.: Attributing cyber attacks. Journal
8. Valeriano, B., Maness, R.C.: International Relations of Strategic Studies 38(1-2), 4-37 (2015).
Theory and Cyber Security. The Oxford Handbook 26. Banks, W.C.: Cyber espionage and electronic
of International Political Theory, 259 (2018). surveillance: beyond the media coverage. Emory LJ
9. von Solms, B., von Solms, R.: Cybersecurity and 66, 513 (2016).
information security–what goes where? Information 27. Zhang, H., Cheng, P., Shi, L., Chen, J.: Optimal denial-of-
& Computer Security 26(1), 2-9 (2018). service attack scheduling with energy constraint.
10. Ron, M.: Situational Status of Global Cybersecurity and IEEE Transactions on Automatic Control 60(11),
Cyber Defense According to Global Indicators. 3023-3028 (2015).
Adaptation of a Model for Ecuador. In: 28. Kustarz, C., Huston III, L.B., Simpson, J.A., Winquist,
Developments and Advances in Defense and J.E., Barnes, O.P., Jackson, E.: System and method
Security: Proceedings of the Multidisciplinary for denial of service attack mitigation using cloud
International Conference of Research Applied to services. In. Google Patents, (2016)
Defense and Security (MICRADS 2018) 2018, p. 12. 29. Niemelä, J., Hyppönen, M., Kangas, S.: Malware
Springer protection. In. Google Patents, (2016)
11. Al Mazari, A., Anjariny, A.H., Habib, S.A., Nyakwende, 30. Choo, K.-K.R.: The cyber threat landscape: Challenges
E.: Cyber terrorism taxonomies: Definition, targets, and future research directions. Computers & Security
patterns, risk factors, and mitigation strategies. In: 30(8), 719-731 (2011).
Cyber Security and Threats: Concepts, 31. Parmar, B.: Protecting against spear-phishing. Computer
Methodologies, Tools, and Applications. pp. 608- Fraud & Security 2012(1), 8-11 (2012).
621. IGI Global, (2018) 32. Dodge Jr, R.C., Carver, C., Ferguson, A.J.: Phishing for
12. Hansen, L., Nissenbaum, H.: Digital disaster, cyber user security awareness. Computers & Security
security, and the Copenhagen School. International 26(1), 73-80 (2007).
studies quarterly 53(4), 1155-1175 (2009). 33. Sharma, P., Johari, R., Sarma, S.: Integrated approach to
13. Kuehl, D.T.: From cyberspace to cyberpower: Defining prevent SQL injection attack and reflected cross site
the problem. Cyberpower and national security 30 scripting attack. International Journal of System
(2009). Assurance Engineering and Management 3(4), 343-
14. Benedickt, M.: Cyberspace: first steps. (1991). 351 (2012).
15. Gunkel, D.J.: Hacking cyberspace. Routledge, (2018) 34. Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.:
16. Robinson, M., Jones, K., Janicke, H.: Cyber warfare: Correlation approach for SQL injection attacks
Issues and challenges. Computers & security 49, 70- detection. In: International Joint Conference
94 (2015). CISIS’12-ICEUTE´ 12-SOCO´ 12 Special Sessions
17. Blakemore, B.: Policing cyber hate, cyber threats and 2013, pp. 177-185. Springer
cyber terrorism. Routledge, (2016) 35. Brar, H.S., Kumar, G.: Cybercrimes: A Proposed
18. Taylor, R.W., Fritsch, E.J., Liederbach, J., Saylor, M.R., Taxonomy and Challenges. Journal of Computer
Tafoya, W.L.: Cyber Crime and Cyber Terrorism. Networks and Communications 2018 (2018).
(2019). 36. Gill, R.S., Smith, J., Looi, M.H., Clark, A.J.: Passive
19. Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., techniques for detecting session hijacking attacks in
Wang, C.: Cyber warfare: building the scientific IEEE 802.11 wireless networks. (2005).
foundation, vol. 56. Springer, (2015) 37. Wassermann, G., Su, Z.: Static detection of cross-site
20. Danks, D., Danks, J.H.: Beyond machines: Humans in scripting vulnerabilities. In: Proceedings of the 30th
cyber operations, espionage, and conflict. Binary international conference on Software engineering
Bullets: The Ethics of Cyberwarfare, 177-197 2008, pp. 171-180. ACM
(2016). 38. Kieyzun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.:
21. Libicki, M.C.: Drawing inferences from cyber espionage. Automatic creation of SQL injection and cross-site
In: 2018 10th International Conference on Cyber scripting attacks. In: Proceedings of the 31st
Conflict (CyCon) 2018, pp. 109-122. IEEE International Conference on Software Engineering
22. Abomhara, M., Køien, G.M.: Cyber security and the 2009, pp. 199-209. IEEE Computer Society
internet of things: vulnerabilities, threats, intruders

Springer
Arabian Journal for Science and Engineering

39. Nguyen, P.H., Ali, S., Yue, T.: Model-based security 54. Chong, R.: QUICK REFERENCE GUIDE TO
engineering for cyber-physical systems: A systematic ENDNOTE. (2018).
mapping study. Information and Software 55. Beecham, S., Hall, T., Britton, C., Cottee, M., Rainer, A.:
Technology 83, 116-135 (2017). Using an expert panel to validate a requirements
40. Franke, U., Brynielsson, J.: Cyber situational awareness–a process improvement model. Journal of Systems and
systematic review of the literature. Computers & Software 76(3), 251-275 (2005).
Security 46, 18-31 (2014). R1. N. M. Mohammed, M. Niazi, M. Alshayeb, and S.
41. Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, Mahmood, "Exploring software security approaches
N.: Current state of research on cross-site scripting in software development lifecycle: A systematic
(XSS)–A systematic literature review. Information mapping study," Computer Standards & Interfaces,
and Software Technology 58, 170-186 (2015). vol. 50, pp. 107-115, 2017/02/01/ 2017.
42. Muccini, H., Sharaf, M., Weyns, D.: Self-adaptation for [R2] Y. Mufti, M. Niazi, M. Alshayeb, and S. Mahmood, "A
cyber-physical systems: a systematic literature Readiness Model for Security Requirements
review. In: Proceedings of the 11th international Engineering," IEEE Access, vol. 6, pp. 28611-28631,
symposium on software engineering for adaptive and 2018.
self-managing systems 2016, pp. 75-81. ACM
43. Mishna, F., Cook, C., Saini, M., Wu, M.-J., MacFadden,
R.: Interventions to prevent and reduce cyber abuse Appendices
of youth: A systematic review. Research on Social
Appendix A: Data Extraction Form
Work Practice 21(1), 5-14 (2011).
44. Lewis, G., Lago, P.: Architectural tactics for cyber- Section 1: Paper Information
foraging: Results of a systematic literature review. Paper Title:
Journal of Systems and Software 107, 158-186
(2015). Authors: Year of Publication:
45. Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Reference Type: Publisher:
Shamshirband, S., Furnell, S.: A systematic review Journal/Conference
of approaches to assessing cybersecurity awareness. Country:
Kybernetes 44(4), 606-622 (2015).
46. Enoch, S.Y., Ge, M., Hong, J.B., Alzaid, H., Kim, D.S.: A Section 2: Quality Assessment
systematic evaluation of cybersecurity metrics for
dynamic networks. Computer Networks 144, 216- Findings and results of study are o Yes
229 (2018). clearly stated? o No
47. Ramaki, A.A., Rasoolzadegan, A., Bafghi, A.G.: A The findings of the study are o Yes
systematic mapping study on intrusion alert analysis evaluated empirically? o No
in intrusion detection systems. ACM Computing The study has been published in a o Very Relevant
Surveys (CSUR) 51(3), 55 (2018). relevant journal or conference? o Relevant
48. Chockalingam, S., Pieters, W., Teixeira, A., van Gelder, o Not Relevant
P.: Bayesian Network Models in Cyber Security: A The study has been cited by other o Yes
Systematic Review. In: Nordic Conference on Secure authors? o Partially
IT Systems 2017, pp. 105-122. Springer
o No
49. Alguliyev, R., Imamverdiyev, Y., Sukhostat, L.: Cyber-
physical systems and their security issues.
Computers in Industry 100, 212-223 (2018). Section 3: Data extraction
50. Budgen, D., Brereton, P.: Performing systematic literature Questions Possible answers
reviews in software engineering. In: Proceedings of Which application is targeted for Application Name
the 28th international conference on Software cybercrime in given study?
engineering 2006, pp. 1051-1052. ACM
Which method is used to protect Method Name
51. Kitchenham, B.A., Budgen, D., Brereton, O.P.: The value
the application for cyber attack?
of mapping studies-A participant-observer case
study. In: EASE 2010, pp. 25-33 Which cyber connection is used Connection Name
52. Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for for committing cybercrime?
conducting systematic mapping studies in software
engineering: An update. Information and Software Who are the victims of o Individual
Technology 64, 1-18 (2015). cybercrimes in given study? o Organization
53. Niazi, M.: Do systematic literature reviews outperform Which cyber security o Malware
informal literature reviews in the software vulnerability is discussed in the o Phishing
engineering domain? An initial case study. Arabian study? o SQL Injection
Journal for Science and Engineering 40(3), 845-855
Attack
(2015).
o Cross-Site

Springer
Arabian Journal for Science and Engineering

Scripting (XSS) 17. MP-Shield: A Framework for Phishing Detection in

o Denial of Service Mobile Devices
(DoS) 18. Defending Malicious Attacks in Cyber Physical
o Session Hijacking Systems
and Man-in-the- 19. Web Botnet Detection Based on Flow Information
Middle Attacks 20. Detecting and Mitigating HX-DoS attacks against
o Credential Reuse Cloud Web Services
o Others 21. An Impact Analysis: Real Time DDoS Attack
Detection and Mitigation using Machine Learning
What is the severity of discussed o Critical 22. An Efficient False Alarm Reduction Approach in
cyber security Vulnerability? o High HTTP-based Botnet Detection
o Medium 23. On the Use of Security Analytics for Attack
o low Detection In Vehicular Ad Hoc Networks
Which technique is used in the Technique Name 24. Simulating and Analysis of Cyber Attacks on a
study for detecting cyber threats? BPLC Network
25. Integrated Anomaly Detection for Cyber Security of
What kind of data is used for o Academia the Substations
validation? Data characteristics o Industrial 26. BAYWATCH: Robust Beaconing Detection to
o Government Identify Infected Hosts in Large-Scale Enterprise
o mixed Networks
Which Empirical Validation o Case Study 27. Analysis of Via-Resolver DNS TXT Queries and
methods is used in the proposed o Experiment Detection Possibility of Botnet Communications
approach? o Simulation 28. Detection and Prevention System against Cyber
o Others Attacks and Botnet Malware for Information
Systems and Internet of Things
Appendix B. Finally Selected Papers: 29. VFence: A Defense against Distributed Denial of
Service Attacks using Network Function
1. Crowdsourcing Cyber security: Cyber Attack
Virtualization
Detection using Social Media
30. A Hash-based Path Identification Scheme for DDoS
2. VulPecker: An Automated Vulnerability Detection
Attacks Defense
System Based on Code Similarity Analysis
31. Research on Malicious Links Detection System
3. Vulnerability Analysis of a Smart Grid with
Based On Script Text Analysis
Monitoring and Control System
32. Applying Data Mining Techniques in Cyber Crimes
4. ULISSE, a Network Intrusion Detection System
33. A Chaotic Measure for Cognitive Machine
5. Time Series Forecasting of Cyber Attack Intensity
Classification of Distributed Denial of Service
6. Simulating network cyber-attacks using splitting
Attacks
techniques
34. A Novel Botnet Detection Method Based on
7. Predicting Cyber-attacks With Bayesian Networks
Preprocessing Data Packet by Graph Structure
Using Unconventional Signals
Clustering
8. Impact of Cyber Attacks on Data Integrity in
35. A Learning Automata Based Solution for Preventing
Transient Stability Control
Distributed Denial of Service in Internet of Things
9. Cyber-attack modeling and simulation for network
36. A Sender-Centric Approach to Detecting Phishing
security analysis
Emails
10. A Case Study of Unknown Attack Detection against
37. A Novel IDS Technique to Detect DDoS and
Zero-day Worm in the Honey Net Environment
Sniffers in Smart Grid
11. A Cyber-Attack on Communication Link in
38. MD-Miner: Behavior-Based Tracking of Network
Distributed Systems and Detection Scheme Based on
Traffic for Malware-Control Domain Detection
H-Infinity Filtering
39. Global Detection of Flooding-Based DDoS Attacks
12. Intrusion Detection System- An Efficient way to
Using a Cooperative Overlay Network
Thwart against Dos/DDos Attack in the Cloud
40. A Comparative Analysis between Two
Environment
Countermeasure Techniques to Detect DDoS with
13. An Intrusion Detection System for Cyber Attacks in
Sniffers in a SCADA Network
Wireless Networked Control Systems
41. A game theoretic defence framework against
14. Network Intrusion Detection for Cyber Security on
DoS/DDoS cyber attacks
Neuromorphic Computing System
42. A hybrid machine learning approach to network
15. Using Pattern-of-Life as Contextual Information for
anomaly detection
Anomaly-Based Intrusion Detection Systems
43. A new multistage approach to detect subtle DDoS
16. Detection and Blocking of Spammers Using SPOT
attacks
Detection Algorithm
44. A phish detector using lightweight search features

Springer
Arabian Journal for Science and Engineering

45. Abnormal traffic-indexed state estimation: A cyber-

physical fusion approach for Smart Grid attack
detection
46. An anonymous authentication scheme for multi-
domain machine-to-machine communication in
cyber-physical systems
47. Automated multi-level malware detection system
based on reconstructed semantic view of executable
using machine learning techniques at VMM
48. Botnet detection based on traffic behavior analysis
and flow intervals
49. Countering cyber threats for industrial applications:
An automated approach for malware evasion
detection and analysis
50. Defending unknown attacks on cyber-physical
systems by semi-supervised approach and available
unlabeled data
51. Defense against packet collusion attacks in
opportunistic networks
52. Defense techniques for low-rate DoS attacks against
application servers
53. Denial of Service Attack Detection in Case of
Tennessee Eastman Challenge Process
54. Detection of Fault Data Injection Attack on UAV
Using Adaptive Neural Network
55. Detection of malicious and non-malicious website
visitors using unsupervised neural network learning
56. Distributed host-based collaborative detection for
false data injection attacks in smart grid cyber-
physical system
57. Peer-to-peer system-based active worm attacks:
Modeling, analysis and defense
58. Phishing detection based Associative Classification
data mining
59. Profiling and classifying the behavior of malicious
codes
60. Toward a more practical unsupervised anomaly
detection system
61. A model of analyzing cyber threats trend and tracing
potential attackers based on darknet traffic
62. Adaptive control-theoretic detection of integrity
attacks against cyber-physical industrial systems
63. Gaussian Process Learning for Cyber-Attack Early
Warning
64. Intrusion detection in voice over IP environments
65. Black-box detection of XQuery injection and
parameter tampering vulnerabilities in web
applications
66. Phish Tackle- web services architecture for anti-
phishing
67. Design of efficient lightweight strategies to combat
DoS attack in delay tolerant network routing
68. XSS-SAFE: A Server-Side Approach to Detect and
Mitigate Cross-Site Scripting (XSS) Attacks in
JavaScript Code
69. A novel approach to protect against phishing attacks
at client side using auto-updated white-list

Springer