AJS Final Revision Paper-2019-10-031
AJS Final Revision Paper-2019-10-031
AJS Final Revision Paper-2019-10-031
Abstract:
There has been a tremendous increase in research in the area of cybersecurity to support cyber applications and to avoid key
security threats faced by these applications. The goal of this study is to identify and analyse the common cybersecurity
vulnerabilities. To achieve this goal, a systematic mapping study was conducted and in total, 69 primary studies were identified
and analyzed. After a detailed analysis of the selected studies, we identified the important security vulnerabilities and their
frequency of occurrence. Data was also synthesized and analysed to present the venue of publication, country of publication,
key targeted infrastructure, applications, etc. The results show that the security approaches mentioned so far only target security
in general and the solutions provided in these studies need more empirical validation and real implementation. In addition, our
results show that most of the selected studies in this review targeted only a few common security vulnerabilities such as
phishing, denial-of-service and malware. However, there is a need, in future research, to identify the
key cybersecurity vulnerabilities, targeted/victimized applications, mitigation techniques, and infrastructures, so that researchers
and practitioners could get a better insight into it.
Springer
Arabian Journal for Science and Engineering
researchers find the main conferences and journals in the field assets and cyber organizations [9, 10].
to publish their research in a relevant place.
Cyber security is defined as “preserving the integrity,
RQ3: Researchers from which country are more active in confidentiality, and timely availability of information in
research on cyber security? cyberspace”[9].
This question will identify the countries from which The Merriam Webster dictionary defines cyber security as
researchers are actively participating in the field of cyber protecting computer systems from unauthorized access and
security based on the analysis of the selected papers’ authors. attacks [11].
This will help researchers know the current research trends in
the area. It may also help them to identify key researchers in According to [3], cyber security is defined as the
the field. processes and technologies used to protect computing devices
RQ4: Who are the key victims of security vulnerabilities? and networks from unauthorized access and attacks over the
The answer to this question highlights the victims of Internet.
security breaches. We classify victims into two broad
categories, namely individual and organization. The answer to Cyber security is the protection of physical and non-
this question will help researchers and practitioners to gain an physical components of organizations from illegal access [12]
overview of the major victims of cyber security According to these definitions, researchers define cyber
vulnerabilities. This will help in knowing the main trend of security in different ways. Existing definitions focus on
security vulnerability attacks. different cyber security aspects. For example, some
RQ5: Which applications are target of cybercrimes in the definitions focus on protection and privacy, while others
selected studies? highlight the needs for defining rules and policies for
The answer to this question will be a list of
information integrity, confidentiality, and availability. In
applications that were targets of cyber security in the selected
addition, other researchers stressed the need to define
studies and will provide an insight to these application users
processes and technologies to protect computing devices.
so that they can protect their applications from cyber-attacks.
Cyber security can be considered as a mechanism of
RQ6: What are the common cyber security mitigation protecting individuals’ and organisations’ assets from
techniques discussed in literature? unauthorized access. These definitions also highlight the
The answer to this question will be a list of mitigation importance of the cyber environment and its protection.
techniques used to overcome cyber security threats and will 2.2 Cyber security terminologies
help researchers gain an overview of the existing techniques
available so far. Following are some definitions of important terminologies
that are necessary to gain a better understanding of the key
The remainder of this paper is structured as follows.
concepts related to the area under research.
Section 2 describes the background knowledge. Section 3
briefly describes some existing work. Section 4 explains the Cyber space is a global domain within the information
research methodology. Section 5 presents the results of the world whose distinct characteristic is the use of the electronic
study followed by Section 6 which presents a discussion of and electromagnetic spectrum to create, update, store, share
the results. The paper is concluded in section 7 followed by and exploit information with the help of interconnected and
section 8 which discusses some open issues. dependent networks using the latest information and
communication technologies [13-15].
2. Background
Vulnerabilities: These are the flaws in a system or its
This section provides background information on cyber design that allows an attacker to execute malicious
security. commands, access data in an unauthorized way, and/or
2.1 Cyber security conduct various denial-of-service attacks [22, 23]
Threats: These are actions taken to gain a benefit from
Security is defined as ‘‘protection against undesirable security breaches in a system and negatively impact it [22, 24]
disclosure, destruction, or modification of data in a system
and also the protection of systems themselves’’ [8]. Attacks: These are the actions taken to damage a system
or disturb its routine operations by exploiting vulnerabilities
According to ISACA “Cyber security is concerned with using various tools and techniques. Attackers launch these
the security and privacy of digital assets-everything from attacks to achieve their malicious goals, either for self-
networks to computing devices and information that is satisfaction or financial reward [24, 25].
processed, stored or exchanged by internetworked information
systems” [9]. A number of security vulnerabilities have been discussed
in the literature. To assist the readers to better understand
According to the International Telecommunications some of the common cyber security vulnerabilities, these are
Union, cyber security is the collection of techniques, rules, described as follows:
policies, best practices and approaches used to protect a user’s
Springer
Arabian Journal for Science and Engineering
Springer
Arabian Journal for Science and Engineering
[44] performed a SLR to understand the state-of-the-art studies and SLRs have also been conducted. However, the
on the existing architectures that support cyber foraging. existing mapping studies mainly focus on cyberspace security
Cyber foraging is a computing technique in which low- in general and cyber awareness in particular. No systematic
powered devices offload their heavy work on high powered mapping study exists that synthesizes knowledge on the key
neighbourhood machines. The aim of the study was to cyber security vulnerabilities and approaches to mitigate these
categorize the existing architectural solutions related to what, risks. To bridge the gap, this mapping study is conducted to
when and where to offload data and computation for mobile provide the researchers with an overview of existing cyber
devices. The authors identified the elements of existing security vulnerabilities and their detection and mitigation
architectures and codified them in architectural tactics that approaches.
can help architectural researchers and practitioners extend
their design to support cyber foraging. 4. Research Methodology
[45] performed a SLR to analyze the approaches used to In this study, guidelines for conducting a systematic
assess cyber security awareness. According to the study mapping study were followed [50-52]. The reasons for
findings, many approaches have been proposed in the choosing this method are manifold. It is a systematic and
literature to develop awareness of cyber security. However; organized way of identifying, evaluating and interpreting all
there is still a need to combine multiple approaches for better the relevant studies concerning a particular research question,
results. Further, there is a need to promote more awareness focus area or phenomenon of interest. A systematic mapping
about cyber security, especially to young people who are the study is a well-defined and disciplined way to review and
key targets of cyber-attacks. synthesize the empirical evidence concerning a method or
technology, find out the missing areas and gaps in the current
[46] tried to capture the possible attack scenarios for research and provide researchers or practitioners with the
dynamic networks using Global System for Mobile (GSM). background knowledge to justify new research. A systematic
A change in security metric is evaluated based on a change in mapping study is different from a conventional literature
network parameters. The effectiveness of each metrics was review as it takes more time and effort, but it provides a
evaluated according to the persistent security challenges. This deeper understanding of the topic and a strong basis for
study helps the researcher and practitioner to determine the establishing claims about research questions [53]. A
most suitable security metrics for their network. However, systematic mapping study protocol contains five distinct
this study discussed security vulnerabilities in general and did phases as shown in Figure 1
not target any particular cyber security attacks.
[47] carried out a systematic mapping study on intrusion
alert analysis using the SMS process. In this mapping study,
411 studies were evaluated to answer the research questions.
According to the study findings, intrusion alert analysis is a
rapidly growing research field. The paper gives a good insight
into current state-of-the-art regarding intrusion alert analysis.
[48] performed a systematic review to evaluate the
effectiveness of a Bayesian network model in cyber security.
Seventeen Bayesian network models were identified and
evaluated in this study. According to the study findings,
Bayesian network models are useful for solving the problem
of malicious insiders. However, these models are frequently
used to address the security issues associated with the Fig. 1. Phases of a systematic mapping study
information technology environment compared to the A systematic mapping study protocol has been prepared,
industrial control systems. Further, no standard Bayesian which includes the details of all steps that were followed in
network models exist which address all the issues of cyber the current study. A brief description of the major steps is as
security. follows:
[49] reviewed the literature on SCADA and smart gird 1. Formulating research questions
security to highlight the persistent cyber-attacks and existing 2. Defining search process and search string
solutions. The important contribution of the paper is a 3. Defining the process of study selection including
discussion of cyber-attack approaches, consequence inclusion and exclusion criteria
modelling of these attacks and the detection and design of 4. Data extraction and mapping the data with defined
security architecture. research questions
5. Data analysis and result extraction
From the above discussion, it becomes clear that a large This mapping study was undertaken by two researchers.
body of research has been conducted in the area of Both are academic faculty members. The protocol was
cybersecurity and cyber awareness. Systematic mapping developed by one author and the other author reviewed it
Springer
Arabian Journal for Science and Engineering
critically to identify the weaknesses. Both team members related to cyber security
contributed in all the phases of the systematic mapping study.
Context: Within the domain of cyber security with a focus
To lessen personal bias and to improve the process of the
on empirical studies
mapping study, inter-rater reliability tests were executed at the
preliminary and final selection phases of this systematic 4.1.2 Finding synonyms of the derived search terms using
mapping study process. A comprehensive search was Boolean operators
conducted to identify the relevant articles published up to The identified search terms were validated in the major
December 2018. academic databases. All possible relevant synonyms of the
identified terms were found to construct the search string. The
4.1 Search Strategy following synonyms have possible relevance to the topic:
Before starting the mapping study formally, the string Cyber Security: (cyber OR {cyber security} OR {cyber
“empirical studies on cyber security" was applied in Science physical} OR {Network security} OR {Internet security} OR
Direct. The reason for choosing Science Direct is because it is {computer security} OR {IT Security} OR {software
a well-known library consisting of a vast collection of articles Security})
from various domains. The purpose of this initial search was
Attack: (vulnerability OR {cyber threat} OR {cyber
twofold: firstly, to ensure whether there are a sufficient
Crime} OR {cyber-attack} OR challenge OR risks OR
number of empirical studies to undertake a mapping study;
violence)
and secondly, to identify some primary studies that may be
used later for the validation of the search string. The selected 4.1.3 Verification of identified terms in the academic
studies were exported into the Endnote software [54]. The databases
abstracts of the retrieved papers were studied, and nine After multiple iterations and revision, the following search
empirical studies were chosen as the primary studies so they string was finalized for this mapping study:
could be used to validate our refined string. In this informal
Cyber OR Privacy OR{cyber security} OR {cyber
search process, many empirical studies were found so it was
physical} OR {Network security} OR {Internet security} OR
decided to perform a systematic mapping study and the initial
{computer security} OR {IT Security} OR {software
string which was defined for the search process was cyber
Security}) AND (vulnerability OR {cyber threat} OR {cyber
AND security. When this initial string was applied on the
Crime} OR {cyber-attack} OR challenge OR risks OR
Science Direct search engine, the retrieved results did not
violence)
include all the primary studies. Further, two senior software
engineering researchers from academia who have expertise in The final search string was used in the following digital
conducting SLRs were chosen as experts and they were libraries (the search string was also tailored according to the
requested to evaluate the search string and provide feedback. search mechanism provided by these libraries):
Based on these experts’ opinions, the initial string was
revised, and the main search string was split into two parts. ACM Digital Library
Expert opinion is a way of quickly evaluating and validating Science Direct
information [55]. Below are the two parts of our defined IEEE Explore
string John Wiley Online Library
Springer Link
1. Cyber Security
2. Attack/threat/vulnerability
The synonyms of both these parts of the string were The above five databases were selected as they are the
considered to collect all possible relevant studies. This refined popular venues for publishing papers on cyber security. Other
string was again validated against the list of primary studies researchers have also used these databases in their SLR
and the results of the validation were positive, so it was studies [R1][R2][42].
decided to use this in the future for data extraction. The
4.2 Publication selection
results obtained from the second search string consist of all
the selected primary studies which shows the validity of our
This section details the inclusion and exclusion criteria
search string. The search strategy in this systematic mapping
used for publication selection and also highlights the process
study is based on the following three key steps:
used to select relevant publications as per the research
4.1.1 Constructing the Search String: questions. The following criteria were set for inclusion:
First, the search terms were formed using the keywords
The review period was a decade and includes studies
identified from the population, the proposed solution, the
published from 2007 to 2018. This starting date was chosen
outcome of relevance and context as under
because most cybercrimes were reported in 2007 and later.
Population: Set of articles describing the empirical However, the search was performed in 2018, so only
studies on cyber security publications pertaining to the second quarter of 2018 were
considered in the systematic mapping study.
Intervention: Solutions proposed in the literature to
address cyber security issues. Empirical studies with a focus on cyber security
vulnerabilities
The outcome of relevance: Quantity and type of evidence
Springer
Arabian Journal for Science and Engineering
Studies which focus on providing a solution to cyber Table 2 shows the main categories of cyber security
security vulnerabilities vulnerabilities (RQ1) identified from the systematic mapping
The following exclusion criteria were used: study. Colum1 of table 2 list the cyber security vulnerabilities
that were identified in this mapping study. Colum2 of the
Studies that do not provide detailed information on how Table 2 shows the frequency of occurrence for each
to detect cyber security vulnerabilities vulnerability as it appeared in the selected studies while
Duplicated studies, in the case of duplicated studies the column 3 of table 2 shows the percentage of occurrence for
most recent one was chosen these vulnerabilities. Key vulnerabilities identified in our
Studies where the findings are not evaluated empirically. mapping study include malware, phishing, SQL injection
Studies only available as abstracts or PowerPoint attack, cross-site scripting (XSS), denial-of-service (DoS),
presentations session hijacking, man-in-the-middle attacks, and credential
Papers with no focus on the cyber security domain. reuse. Denial-of-service is the most addressed vulnerability in
Papers presenting only guidelines, recommendations or the systematic mapping study (41%). The second most
a description of cyber security discussed vulnerability in the literature is malware (16%)
Introductory papers for workshops, special issues, and followed by phishing. The details of remaining vulnerabilities
books. are shown in Table 2.
Book chapters
5.2 Analysis based on the venue of publication and
Papers not written in English.
source type
Papers that are not accessible.
The process of selecting publications was automatic and
The second aspect of this study focuses on the venue of
twofold: firstly, the initial selection from the search result was
the selected publication and its source type, which will help to
performed according to the selection criteria by screening the
address research question two (RQ2) (i.e. the key venues of
title and abstract of the publications. Secondly, the papers
publication that contribute to the area of cyber security).
selected in the initial phase were read completely in order to
shortlist publications for final selection, based on the defined For venue and source type analysis, we considered five
inclusion criteria.
Table 2 Cyber security vulnerability categorization
4.3 Data Extraction Vulnerability Frequency Percentage
Credential Reuse 1 1%
Based on our search string and the identified security Cross-Site Scripting 1 1%
vulnerabilities, we developed a data extraction form (available (XSS)
in Appendix A) to extract data from the retrieved Denial-of-Service (DoS) 28 41%
publications. This data extraction form consists of a mix of
open-ended and closed-ended questions. A pilot study Malware 11 16%
involving two software engineering experts was conducted to Phishing 7 10%
evaluate the data extraction form. The data extraction form Session Hijacking and 2 3%
was finalized based on the feedback from the pilot study. The Man-in-the-Middle
final version of the data extraction form consists of three Attacks
parts: section one collects information about the selected SQL Injection Attack 3 2%
paper such as paper title, list of authors, year of publication, Other 17 24%
country of publication and reference type of papers; section
two includes information on the quality assessment of the
paper (the results of the quality assessment are not included in libraries as the key venues for publications as shown in Table
this paper, as based on the mapping study guidelines, quality 3. The selected studies from these libraries were published in
assessment is not essential in mapping studies [51]); section three main publication types, namely conferences, journals
three presents the data that was extracted from the selected and workshops. Table 3 shows the distribution of the selected
publications. studies with respect to the publication type. The number of
studies published in conferences and journals is almost the
5. Results same (33 out of 69 each) and only three studies were
5.1 Categorization of cyber security vulnerabilities published in workshops. The percentage of studies published
This section presents the results of the systematic mapping in conferences, journals and workshops was 48%, 48% and
study. The total number of studies selected in the initial search 4%, respectively. The results of Table 3 show that IEEE and
phase was 134. Based on the inclusion and exclusion criteria, ACM libraries contain more conference papers than journal
69 articles were selected in the final iteration (as shown in papers. From the publications extracted from the IEEE
Appendix B). The detail of each iteration is shown in Table 1. library, only three were published in IEEE journals and the
These selected articles were studied and analyzed in detail to rest all were published in IEEE conferences. For the ACM
address the research questions. library, all the extracted papers were published in conferences
and workshops
Table 1 Study selection (67% and 33%, respectively) and no journal paper was
Source Retrieved Initial Final
selection selection
IEEE 3878 40 30
ACM 314 26 9
Science 1299 46 21
Direct Springer
Springer Link 1440 11 6
Arabian Journal for Science and Engineering
extracted in the domain of the area under study. However, if used. The rationale for this ranking is to answer research
we analyze the statistics of the three other libraries, namely question 3 (RQ3) and to determine from which countries
Science Direct, Wiley Online and Springer, the extracted researchers who publish in the area of cyber security come.
publications relevant to the current study domain were all The affiliation information provided in each paper was used,
published in journals. From these three libraries, the even if the author had moved to another country. If a paper
frequency of publication in Science Direct was highest with was written by several authors, the country of the first author
30% of the papers in the pool. Springer and Wiley were was chosen. The results are shown in Table 4 and Figure 2.
second and third in the pool with a frequency of 8.69% and Colum1 of table 4 list the authors’ affiliation country as
4%, respectively. appeared in selected studies. Colum2 of the Table 4 shows the
frequency of authors affiliation belonging to the country
mentioned in Colum 1 and column 3 of table 4 shows the
percentage value of Colum 2. The results (for RQ3) indicate
Table 3 Distribution of studies w.r.t. venue of that the highest number of research articles in the area of
publication cyber security are published by American researchers who
Venue Journal Conference Workshop Total contributed 23% (16 of 69) of the selected articles. Authors
Papers Papers Papers from India and Taiwan (with 14 and 7 articles, respectively)
IEEE 3 27 0 30 were second and third in the ranking, respectively Australia
ACM 0 6 3 9 and Canada, both ranked fourth, contributed 7% each. The
Science 21 0 0 21 rest of the articles were published in various countries with a
Direct frequency between 2 and 4 articles.
Springer 6 0 0 6 This illustrates the need for more research in the area of
Wiley 3 0 0 3 cyber security from various countries to understand the effect
Total 33 33 3 69 of socio-cultural differences.
Country of Publicati on
18
5.3 Demographic Analysis
16
To identify and rank the most active countries in the area 14
of research on cyber security, the author’s affiliation was 12
10
Table 4 Country frequency analysis 8
6
Country Frequency Percentage
4
2
Italy 1 1%
0
Malaysia 1 1% ly ia an in na ce an an ia re ea K lia da an ia A
Ita lays kist S pa Chi ran Ir Jap an apo Kor U tra na iw Ind US
a a F m g s a a
Pakistan 1 1% M P Ro S in uth Au C T
S o
Spain 1 1%
Fig.2. country of publication
China 2 3%
The selected studies were also categorized with respect to
France 2 3%
the year of publication to identify the current research trends
Iran 2 3% in the area of cyber security. Figure 3 shows the distribution
of studies by year. The results of Figure 3 show that there is a
Japan 2 3% significant increase in research in the area of cyber security to
Romania 2 3% support cyber applications and to address the key security
threats faced by these applications.
Singapore 2 3%
South Korea 3 4%
UK 3 4%
Australia 5 7%
Canada 5 7%
Taiwan 7 10%
India 14 20%
USA 16 23%
Springer
Arabian Journal for Science and Engineering
Organization 69 100%
Springer
Arabian Journal for Science and Engineering
Information Systems and Internet of Things frequency is mentioned in table-8. However, nine of the
client server application extracted studies did not mention the name of the mitigation
Internet data technique used.
collaborative working nodes interconnected
through MPLS-VPN cloud
enterprise network gateway Table 8: Attack mitigation techniques
cyber-physical systems Mitigation techniques Freque Percent
application servers ncy age
peer-to-peer (P2P) systems Algorithm weakly supervised 3 4.3%
VulPecker tool 1 1.45%
5.5.2 Target applications Iterative approach of Critical 2 2.90%
component identification
Intrusion detection systems (IDS) 17 24.6%
The following applications were the targets of cyber- Content based spam filtering 3 4.3%
attacks according to our data technique
energy efficient neuromorphic hardware MP shield 1 1.45%
platform Command and Control (C&C) 1 1.45%
Thunderbird 24. 8. 0 servers
Libav 10.1 Antiphishing techniques 6 8.69%
banking Firewalls 13 18.84%
web application Analysing traffic anomaly 6 8.69%
Xen 4.4.0 features
E-commerce Anti-malware software 5 7.25%
Hackmageddon database Automated dynamic analysis 1 1.45%
techniques
Organizations/agencies that were targeted Modifying the way of accepting 1 1.45%
The following organizations were the targets of cyber- incoming requests
attacks, according to our studies Conventional false data detection 4 5.80%
DARPA (FDD) approaches
AhnLab Security Emergency Centre Signature-based detection and 3 4.3%
Aircraft attitude sensors anomaly-based detection
Darknet 2 2.90%
5.6 Attack mitigation techniques Not Mentioned 9 13.04%
Springer
Arabian Journal for Science and Engineering
To identify the key venues for publication, five key 17 and 13, respectively. Further, traffic analysis and
libraries were used for data extraction, namely IEEE, ACM, antiphising are the 3rd and 4th most widely used cyber-attack
Science Direct, Wiley Online and Springer. The extracted prevention techniques.
results from these libraries were divided into three categories,
namely journals, conferences and workshops, as shown in 6.1 Research and practical implications
Table 3. The results in Table 3 show that more research in the
area under study was published in conferences and journals This mapping study has both research and practical
and only a few articles were published in workshops. Further, implications. We categorized the key security vulnerabilities
the results of Table 3 show that publications extracted from and identified their frequency of occurrence in the selected
IEEE and ACM libraries are mainly conference papers, only 3 studies. This will help researchers know which security
out of 30 were journal papers in the IEEE library and 3 out of vulnerabilities need more attention. In the future, researchers
9 were workshops papers in the ACM digital library. On the can target those security issues which need more research.
other hand, all the publications retrieved from the remaining Further, we categorized the studies with respect to country of
three libraries (Science Direct, Wiley Online and Springer) publication. This will help researchers analyze the socio-
were journal papers. This shows that IEEE and ACM are the cultural impact on cyber-security.
key venues for conference publications in the area under study It is also anticipated that the key vulnerabilities
while Science Direct, Wiley Online and Springer are key identified, and their frequency of occurrence will help
venues for journal publications in the area of study. practitioners develop strategies to make individuals and
RQ3: Researchers from which country are more active in organization aware of these vulnerabilities and their
cyber security? mitigation techniques. It is a common practice to highlight
During the demographic analysis, some interesting frequently occurring cyber-attacks, as not all attacks and
findings surfaced which are: USA and India are the countries vulnerabilities are equally important. It will also guide
which most frequently publish research in the area of cyber investment decisions in key security areas. Thus, this
security vulnerability detection and mitigation, as shown in systematic mapping study and the empirical results presented
Table 4 and Figure 2. The second observation is that the in this paper will help practitioners decide where to invest
number of publications in the area of cyber security is while developing tools and strategies to protect the cyber
increasing which shows the importance of research in the area environment.
of cyber security, as shown in Figure 3. Cyber organizations need to provide their clients with
RQ4: Who are the key victims of these security guidelines and training in relation to critical vulnerabilities
vulnerabilities? and ways to protect themselves. Organizations should
The victims of security vulnerabilities were divided develop mechanisms to establish suitable privacy policies to
into two categories, namely individuals and organizations. protect the important assets of individuals as well as
The results in Table 7 show that organizations are more organizations. Organizations should also select attack
vulnerable to cyber threats compared to an individual. detection strategies and tools carefully so that the client can
However, there are some vulnerabilities that target both use them easily. Organizations also need to make sure that
individuals and organizations. This is shown by the employees do not disclose their personal information to any
overlapping values in Table 7. third party, nor should they reply to junk emails or messages.
RQ5: Which applications are the target of cybercrimes in the
selected studies?
The data obtained from the selected studies to answer
research question 5 were heterogeneous and therefore were 6.2 Threats to validity
not able to be classified into specific groups. Further, most of
the papers did not mention the name of the application that It is possible that the current mapping study may be
was the target of cybercrime. However, we divided the subject to the following threats to validity:
extracted data into the following three classifications: firstly, Publication bias: There is a possibility that some
we highlighted the infrastructures that were the key targets of relevant studies that are published in other databases which
cybercrime; secondly, we identified the applications that were are not included in this study have been missed. However, we
targets of cybercrime; and lastly, we identified the believe that the selected databases cover the most relevant
organization/agencies that were target of cybercrime. The published literature on cyber security domain.
results of RQ5 shows that the smart grid, the Internet of Missing synonyms: Another possible threat might be
Things, cyberspace and the cloud environment are the key the absence of some synonyms in the search string. Despite
targets of cybercrime. the fact that we have tried to cover all the synonyms, there is
still a possibility that we missed or overlooked some work.
RQ6: What are the common cyber security mitigation
techniques discussed in literature? 7. Conclusion
According to the data obtained from the selected
studies, different organizations use different techniques to This paper presents the results of a systematic mapping
protect their cyberspace from security attacks. However, it study that was undertaken to identify and analyse the common
was observed that the intrusion detection system and firewalls cyber security vulnerabilities. A summary of the important
are the most commonly used techniques with a frequency of results follows:
Springer
Arabian Journal for Science and Engineering
Springer
Arabian Journal for Science and Engineering
Examinations in Cyber Security. pp. 266-271. IGI and attacks. Journal of Cyber Security 4(1), 65-88
Global, (2018) (2015).
5. Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security 23. Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.:
awareness campaigns: Why do they fail to change Cybertwitter: Using twitter to generate alerts for
behaviour? arXiv preprint arXiv:1901.02672 (2019). cybersecurity threats and vulnerabilities. In:
6. Floyd, D.H., Shelton, J.W., Bush, J.E.: Systems and Proceedings of the 2016 IEEE/ACM International
methods for detecting a security breach in an aircraft Conference on Advances in Social Networks
network. In. Google Patents, (2018) Analysis and Mining 2016, pp. 860-867. IEEE Press
7. Taha, A.F., Qi, J., Wang, J., Panchal, J.H.: Risk mitigation 24. Johnson, C., Badger, L., Waltermire, D., Snyder, J.,
for dynamic state estimation against cyber attacks Skorupka, C.: Guide to cyber threat information
and unknown inputs. IEEE Transactions on Smart sharing. NIST special publication 800, 150 (2016).
Grid 9(2), 886-899 (2018). 25. Rid, T., Buchanan, B.: Attributing cyber attacks. Journal
8. Valeriano, B., Maness, R.C.: International Relations of Strategic Studies 38(1-2), 4-37 (2015).
Theory and Cyber Security. The Oxford Handbook 26. Banks, W.C.: Cyber espionage and electronic
of International Political Theory, 259 (2018). surveillance: beyond the media coverage. Emory LJ
9. von Solms, B., von Solms, R.: Cybersecurity and 66, 513 (2016).
information security–what goes where? Information 27. Zhang, H., Cheng, P., Shi, L., Chen, J.: Optimal denial-of-
& Computer Security 26(1), 2-9 (2018). service attack scheduling with energy constraint.
10. Ron, M.: Situational Status of Global Cybersecurity and IEEE Transactions on Automatic Control 60(11),
Cyber Defense According to Global Indicators. 3023-3028 (2015).
Adaptation of a Model for Ecuador. In: 28. Kustarz, C., Huston III, L.B., Simpson, J.A., Winquist,
Developments and Advances in Defense and J.E., Barnes, O.P., Jackson, E.: System and method
Security: Proceedings of the Multidisciplinary for denial of service attack mitigation using cloud
International Conference of Research Applied to services. In. Google Patents, (2016)
Defense and Security (MICRADS 2018) 2018, p. 12. 29. Niemelä, J., Hyppönen, M., Kangas, S.: Malware
Springer protection. In. Google Patents, (2016)
11. Al Mazari, A., Anjariny, A.H., Habib, S.A., Nyakwende, 30. Choo, K.-K.R.: The cyber threat landscape: Challenges
E.: Cyber terrorism taxonomies: Definition, targets, and future research directions. Computers & Security
patterns, risk factors, and mitigation strategies. In: 30(8), 719-731 (2011).
Cyber Security and Threats: Concepts, 31. Parmar, B.: Protecting against spear-phishing. Computer
Methodologies, Tools, and Applications. pp. 608- Fraud & Security 2012(1), 8-11 (2012).
621. IGI Global, (2018) 32. Dodge Jr, R.C., Carver, C., Ferguson, A.J.: Phishing for
12. Hansen, L., Nissenbaum, H.: Digital disaster, cyber user security awareness. Computers & Security
security, and the Copenhagen School. International 26(1), 73-80 (2007).
studies quarterly 53(4), 1155-1175 (2009). 33. Sharma, P., Johari, R., Sarma, S.: Integrated approach to
13. Kuehl, D.T.: From cyberspace to cyberpower: Defining prevent SQL injection attack and reflected cross site
the problem. Cyberpower and national security 30 scripting attack. International Journal of System
(2009). Assurance Engineering and Management 3(4), 343-
14. Benedickt, M.: Cyberspace: first steps. (1991). 351 (2012).
15. Gunkel, D.J.: Hacking cyberspace. Routledge, (2018) 34. Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.:
16. Robinson, M., Jones, K., Janicke, H.: Cyber warfare: Correlation approach for SQL injection attacks
Issues and challenges. Computers & security 49, 70- detection. In: International Joint Conference
94 (2015). CISIS’12-ICEUTE´ 12-SOCO´ 12 Special Sessions
17. Blakemore, B.: Policing cyber hate, cyber threats and 2013, pp. 177-185. Springer
cyber terrorism. Routledge, (2016) 35. Brar, H.S., Kumar, G.: Cybercrimes: A Proposed
18. Taylor, R.W., Fritsch, E.J., Liederbach, J., Saylor, M.R., Taxonomy and Challenges. Journal of Computer
Tafoya, W.L.: Cyber Crime and Cyber Terrorism. Networks and Communications 2018 (2018).
(2019). 36. Gill, R.S., Smith, J., Looi, M.H., Clark, A.J.: Passive
19. Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., techniques for detecting session hijacking attacks in
Wang, C.: Cyber warfare: building the scientific IEEE 802.11 wireless networks. (2005).
foundation, vol. 56. Springer, (2015) 37. Wassermann, G., Su, Z.: Static detection of cross-site
20. Danks, D., Danks, J.H.: Beyond machines: Humans in scripting vulnerabilities. In: Proceedings of the 30th
cyber operations, espionage, and conflict. Binary international conference on Software engineering
Bullets: The Ethics of Cyberwarfare, 177-197 2008, pp. 171-180. ACM
(2016). 38. Kieyzun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.:
21. Libicki, M.C.: Drawing inferences from cyber espionage. Automatic creation of SQL injection and cross-site
In: 2018 10th International Conference on Cyber scripting attacks. In: Proceedings of the 31st
Conflict (CyCon) 2018, pp. 109-122. IEEE International Conference on Software Engineering
22. Abomhara, M., Køien, G.M.: Cyber security and the 2009, pp. 199-209. IEEE Computer Society
internet of things: vulnerabilities, threats, intruders
Springer
Arabian Journal for Science and Engineering
39. Nguyen, P.H., Ali, S., Yue, T.: Model-based security 54. Chong, R.: QUICK REFERENCE GUIDE TO
engineering for cyber-physical systems: A systematic ENDNOTE. (2018).
mapping study. Information and Software 55. Beecham, S., Hall, T., Britton, C., Cottee, M., Rainer, A.:
Technology 83, 116-135 (2017). Using an expert panel to validate a requirements
40. Franke, U., Brynielsson, J.: Cyber situational awareness–a process improvement model. Journal of Systems and
systematic review of the literature. Computers & Software 76(3), 251-275 (2005).
Security 46, 18-31 (2014). R1. N. M. Mohammed, M. Niazi, M. Alshayeb, and S.
41. Hydara, I., Sultan, A.B.M., Zulzalil, H., Admodisastro, Mahmood, "Exploring software security approaches
N.: Current state of research on cross-site scripting in software development lifecycle: A systematic
(XSS)–A systematic literature review. Information mapping study," Computer Standards & Interfaces,
and Software Technology 58, 170-186 (2015). vol. 50, pp. 107-115, 2017/02/01/ 2017.
42. Muccini, H., Sharaf, M., Weyns, D.: Self-adaptation for [R2] Y. Mufti, M. Niazi, M. Alshayeb, and S. Mahmood, "A
cyber-physical systems: a systematic literature Readiness Model for Security Requirements
review. In: Proceedings of the 11th international Engineering," IEEE Access, vol. 6, pp. 28611-28631,
symposium on software engineering for adaptive and 2018.
self-managing systems 2016, pp. 75-81. ACM
43. Mishna, F., Cook, C., Saini, M., Wu, M.-J., MacFadden,
R.: Interventions to prevent and reduce cyber abuse Appendices
of youth: A systematic review. Research on Social
Appendix A: Data Extraction Form
Work Practice 21(1), 5-14 (2011).
44. Lewis, G., Lago, P.: Architectural tactics for cyber- Section 1: Paper Information
foraging: Results of a systematic literature review. Paper Title:
Journal of Systems and Software 107, 158-186
(2015). Authors: Year of Publication:
45. Rahim, N.H.A., Hamid, S., Mat Kiah, M.L., Reference Type: Publisher:
Shamshirband, S., Furnell, S.: A systematic review Journal/Conference
of approaches to assessing cybersecurity awareness. Country:
Kybernetes 44(4), 606-622 (2015).
46. Enoch, S.Y., Ge, M., Hong, J.B., Alzaid, H., Kim, D.S.: A Section 2: Quality Assessment
systematic evaluation of cybersecurity metrics for
dynamic networks. Computer Networks 144, 216- Findings and results of study are o Yes
229 (2018). clearly stated? o No
47. Ramaki, A.A., Rasoolzadegan, A., Bafghi, A.G.: A The findings of the study are o Yes
systematic mapping study on intrusion alert analysis evaluated empirically? o No
in intrusion detection systems. ACM Computing The study has been published in a o Very Relevant
Surveys (CSUR) 51(3), 55 (2018). relevant journal or conference? o Relevant
48. Chockalingam, S., Pieters, W., Teixeira, A., van Gelder, o Not Relevant
P.: Bayesian Network Models in Cyber Security: A The study has been cited by other o Yes
Systematic Review. In: Nordic Conference on Secure authors? o Partially
IT Systems 2017, pp. 105-122. Springer
o No
49. Alguliyev, R., Imamverdiyev, Y., Sukhostat, L.: Cyber-
physical systems and their security issues.
Computers in Industry 100, 212-223 (2018). Section 3: Data extraction
50. Budgen, D., Brereton, P.: Performing systematic literature Questions Possible answers
reviews in software engineering. In: Proceedings of Which application is targeted for Application Name
the 28th international conference on Software cybercrime in given study?
engineering 2006, pp. 1051-1052. ACM
Which method is used to protect Method Name
51. Kitchenham, B.A., Budgen, D., Brereton, O.P.: The value
the application for cyber attack?
of mapping studies-A participant-observer case
study. In: EASE 2010, pp. 25-33 Which cyber connection is used Connection Name
52. Petersen, K., Vakkalanka, S., Kuzniarz, L.: Guidelines for for committing cybercrime?
conducting systematic mapping studies in software
engineering: An update. Information and Software Who are the victims of o Individual
Technology 64, 1-18 (2015). cybercrimes in given study? o Organization
53. Niazi, M.: Do systematic literature reviews outperform Which cyber security o Malware
informal literature reviews in the software vulnerability is discussed in the o Phishing
engineering domain? An initial case study. Arabian study? o SQL Injection
Journal for Science and Engineering 40(3), 845-855
Attack
(2015).
o Cross-Site
Springer
Arabian Journal for Science and Engineering
Springer
Arabian Journal for Science and Engineering
Springer