Cyber Security Threats and Security Models

Abstract

Cyber security has been used interchangeably for information security, where later considers the role of the human in the security process while former consider this as an additional dimension and also, focus person has a potential target. However, such discussion on cyber security has important implication as it focuses on the ethical part of the society as a whole. To address the issue of cyber security, various frameworks and models have been developed. It also introduces the concepts of cyber security in terms of its framework, workforces and information related to protecting personal information in the computer. This paper reviews these models along with their limitations and review the past techniques used to mitigate these threats. Furthermore, the report also provides recommendations for future research.

INTRODUCTION

Cyber security has been used interchangeably for information security, where later considers the role of the human in the security process while the former consider this as an additional dimension and also, focus person has a potential target. However, such discussion on cyber security has an important implication as it focuses on the ethical part of the society as a whole. There are various de?nitions of the concept of cyber security with varied aspects such as secured sharing, con?dential and access to information. But still, the de?nitions lacks clarity and consensus. Moreover, cyber security measured with regards to access, integration of data, security, storage and transfer of data through electronic or other modes. Cybersecurity indicates three important factors. 

The methods of protecting Information Technology (IT), the data itself, the data being processed and transmitted together with physical and virtual setup, the level of protection obtained by applying such measures and the professional aspects associated [3]. We de?ne that the cyber-security as a measure protecting computer systems, networks, and information from disrup- tion or unauthorized access, use, disclosure, modi?c Viewpoints of cyber security issues reviewed in this paper or destruction. In the context of this review cyber security has been de?ned as the integration of policies, se- curity measures, approaches to risk management, protocols, technologies, process and training which can be utilized in securing the organization and cyber setup along with user assets. This paper focuses on the issues of cyber security threats and summarizes the existing security models represents the main viewpoints reviewed in this paper, which include cyber security workforce, vulnerability scan- ning, email virus ?ltering, personal information protection, prevention of cybersafety, and ?rewall services. The sig- ni?cance of this paper are assisting both academics and professionals gain a holistic view about contemporary cyber security ?eld. The main contributions of this paper have two aspects: 

1. This paper summarizes crucial issues in cyber security domains by a literature review. 
2. This paper proposes a number of research directions for future explorations in the ?eld.

The remainder of this paper is organized by the following orders. Section II reviews and organizes crucial issues in cyber security. A number of aspects are addressed in this section. Next, a discussion about future researches is given in Section III. Finally, we present our conclusions in Section IV.

CRU CI AL IS SU ES I N CYB ER SECURITY

Cyber security relies upon the care that individuals can take and conclusions they conduct while they organize, manage and utilize systems and internet. Numerous efforts have been made to ?nd the solution for cyber security evaluation challenge and various frameworks have been constructed. However, the frameworks encounter different dif?culties though it was working ?ne initially at the time of development. The restrictions derive from different aspects, such as emerging technologies [9] and facility limitations. Security issues are often considered a tradeoff between security requirements and other bene?ts. A. Cyber security workforce The framework of National Initiative for Cybersecurity Education (NICE) is an inter-agency attempt by the Na- tional Institute of Standards and Technology (NIST). The agency focuses on awareness, cyber security education, awareness, training and professional development. NICE Came up with the Cybersecurity Workforce framework.

 This framework insists on recognition by the process of training. Also, accomplishes secure cyber infrastructure as de?ned in the context. Also, the framework has not included the factor new technologies are rapidly emerging that en- hances the challenges in cyber security threats. The scholars also mention that there need to be enough cybersecurity standards and procedures, which need to be frequently reviewed. The researchers further indicate the frameworks has not included the aspects of threats that exploit vulnerable and hence strategies of risk management needs to be addressed. Also, the authors recommend that cybercrime legislation is not in place to handle the criminals. Finally, an effective security strategy can be active in collaboration with modeling business processes. 

Cyber safety for protecting personal information in com- puter Cyber-safety is a concept that has been used to explain a set of measures, practices, and actions that help in the protection of computer and privacy from various attacks. At any company, there is a Cyber-safety Program policy, PPM 310-22, which establishes that all devices con- nected to any company electronic communications network must meet certain security standards. As required by the system, most departments offer annual reports de?ning their levels of the compliance. Also, various services are in place to assist all faculty, staff and students to meet the cyber- safety standards. Speci?c information about these services is provided. The cyber safety threats can be caused due to viruses, hackers, identifying thieves, spyware. The virus in- fects the computer through the email attachment and ?le sharing. One infected computer can cause problems to all the computer networks. A people who “trespass” the computer from a remote location are considered as Hackers. These people use a computer to send spam or viruses or do other activities that cause computer malfunction. In the case of identifying thieves, the people who obtain unauthorized access to the personal information like social security, and ?nancial account numbers are considered. 

Spyware is software that “piggybacks” on programs that are downloaded and gathers information about online habits and transmits personal information without the users knowledge. In addition to the above-discussed problem, a company may face a number of other consequences if they fail to take actions to protect personal information and user’s computer. The consequence indulges such as loss in the access of campus computer network, con?dential information, inte- gration and access to valuable University data, research on personal electronic data lawsuits, loss of public trust and offer opportunities, pursuit, internal con?ict action and or employment termination. C. Studies of email virus ?ltering Several studies have been conducted on the ?ltering of email virus Prior study had addressed various existing spam detection methods and ?nding the useful, precise, and de- pendable spam detection process. The applications that are currently applied by various anti-spam spam software are considered to be static, which mean that it is quite easy to elude by tweaking the messages. To perform this, the spammer would evaluate the current anti-spam methods and determine the modes to play around with. To combat the spam effectively, it is important to adopt a new technique. 

This new approach needs to be complete the spammer’s strategies as they are changed from time to time. It must also able to adapt to the particular organization that it is protecting for the answer lies in Bayesian mathematics. The study ?ndings indicated that some of the spam detection method and the numerous issues associated with the spam. From various studies, it is understood that we will not be able to stop the spam and will be a limit them effectively using Bayesian method when compared to other methods. Moreover, prior research also explored various prob- lems associated with spam and spam ?ltering methods, techniques. The different methods determine the incoming spam methods are Bayesian analysis, Blacklist/Whitelist, Keyword checking and Mail header analysis. The different spam ?ltering techniques adopted Distributed adap- tive blacklists, Rule-based ?ltering, Bayesian classi?er, K nearest neighbors, Support Vector Machine (SVM), Content-based Spam Filtering Techniques - Neural Networks,The multi-layer networks,Technique of search engines,Tech- nique of genetic engineering,Technique of arti?cial immune system. 

The study ?ndings revealed that many of the ?ltering techniques are based on text categorization methods, and there is no technique can claim to provide an ideal solution with 0% false positive and 0% false negative. There are a lot of research opportunities to classify multimedia and text messages. Kumar et al. indicated that the spam dataset is ex- amined with the use of TANAGRA data mining tool which determine the ef?cient classi?er in the classi?cation of email spam. Firstly, feature selection and feature construction is conducted to obtain the required characteristics. After that different classi?cation algorithms would be applied to the dataset and a cross-validation would be done on each classi?er. In the end, the best classi?er in email spam is determined on the aspects of precision, error rate and recall. From the obtained results, ?sher ?ltering and runs ?ltering feature selection algorithms performs better classi?cation for many classi?ers. The Rnd tree classi?cation algorithm applied to relevant features after ?sher ?ltering has produced more than 99% accuracy for spam detection. This Rnd tree classi?er is also tested with test dataset which gives accurate results than other classi?ers for this spam dataset. 

Studies of ?rewall services Al-Fayyad et al. evaluated the performance of per- sonal ?rewall systems by organizing an arranged walk- through to determine the design factors that could violate the usage standards. In the study of personal ?rewalls usability on Windows XP platform, four modern ?rewalls namely Norton. The study results indicated that Personal ?rewalls encounter poor usability that could lead to vulnerabilities in security. The usability problems could be due to the issue that the data given by the ?rewalls (could be during the process of installing, con?guration or during interaction) was not clear or misleading. Various usability problems have been noticed because of the reduced clarity of alerts. Li  evaluated the issues in placing the ?rewalls in the topology of networking design and how to frame the routing tables in the process so that a maximized ?rewall rule set could be minimal that helps to avoid performance bottleneck and limits the security loopholes. There have been two signi?cant contributions that the problems are NP-complete, and that a heuristic solution has been proposed and illustrate the ef?ciency of algorithms using simulations. The outcome of the test indicates that the suggested algorithm has limited the multi-?rewall rule set than other algorithms. 

Studies of vulnerability scanning

 Sudha Rani et al analyzed Intrusion Detection System (IDS) methods to identify an attack of a computer network. In order to prevent vulnerable virtual machines network, intrusion detection system is proposed. In addition, the study has taken potential security risks as well as the security considerations taken into account for implementing a virtual private network. The study ?ndings revealed General operation ?ow of cybersafety prevention that there is two types of intrusion detection system host based and network based. In addition proposed solution provides information on how to use programmability of software switches based on the solutions that improve the detection accuracy and defeat. Other research focused on the vulnerability as- sessment for automatic environments along with the web applications and various threats which are detected during the vulnerability assessment for different networking prod- ucts. 

The study has adopted OpenVas tool with exploratory research method. The study ?ndings revealed some of the methods that can ?x vulnerability for removing threats using the function PHP info () and other methods like Trojan helps in keeping networking systems safe. Ye et al studied the quantitative vulnerability assess- ment model in cyber security for DAS. The evaluation pro- cess is distinguished into three sections namely vulnerability adjacency matrix formation, attack processes modeling, and physical consequences analysis. The increasing smart grid merits cyber security problems has enhanced because of the higher integration of cyber systems to the physical power systems. It has been found that DAS is highly exposed to cyber attacks when compared to various control systems in substations or power plants. However, it has to make sure that each DAS is secure and economically not favorable and technically not essential. The theory involves creating ADG models, evaluation of potential physical effects due to cyber-attacks and sug- gesting vulnerability adjacency matrix to show the con- nection among various weaknesses. Numerous case studies on account of RBTS bus 2 indicate the effectiveness and validation of the proposed vulnerability assessment model.

Prevention of Cybersafety

There are seven signi?cant cyber-safety actions which are Running Anti-virus Software, Installing OS/Software Updates, Preventing Identity Theft, Switch on the Personal Firewalls, Prevent Adware/Spyware, protection of Pass- words and Backing up Important Files [29]. Fig. 2 represents a general operation ?ow of the cybersafety prevention.

Install OS/Software updates:

• Installing software updates are also known as patches that helps to ?x issues of operating system (OS) (e.g., Mac OS X , Windows Vista, Windows XP,) and software programs such as Microsoft applications.
• Many of the latest operating systems are arranged to download updates automatically by default. Once the updates have ben downloaded, a con?rmation prompt is displayed for installation. Click yes
• Once the updates are complete, make sure to restart the computer for the patches to be applied.

Running Anti-Virus Software:

• In order prevent computer virus issues install and then run the anti-virus software such as Sophos and check the last updated date.
• Make sure to check periodically if the installed anti- virus is up to the date which helps to block current and future viruses. The anti-virus application removes detected viruses, quarantines it and ?nally repairs users system infected ?les.
• The students of UC Davis, staffs and faculty members can download Sophos software for both homes and work computers for free from the Internet Tools CD, which you can obtain from the Shields Library’s IT Express.

Preventing Identity Theft:

• Don’t give out ?nancial account numbers, Social Secu- rity numbers, driver’s license numbers or other personal identity information unless you know exactly who’s receiving it. Protect others people’s information as you would your own.
• Never send personal or con?dential information via email or instant messages as these can be easily in- tercepted.
• Beware of phishing scams - a form of fraud that uses email messages that appear to be from a reputable business (often a ?nancial institution) in an attempt to gain personal or account information. These often do not include a personal salutation. Never enter personal information into an online form you accessed via a link in and any email from an unknown email id. Generally authentic businesses do not request personal details online.

Switching on Personal Firewalls:

• Find under system’s security setting for a default per- sonal ?rewall and switch it on. Mac OSC and Microsoft Vista have installed built-in ?rewalls. After turning on the ?rewall, check it for any open ports which would allow hackers and viruses.
• Firewalls work as the protection layers between the internet and computers.
• The standard process of hackers would be to send pings(calls) to various computers at random and check for their responses. The functionality of Firewalls is to block your computer which prevents any response calls from a computer.

Protecting passwords:

• Make sure that not to share your passwords, and make sure to create new passwords which are hard to guess. Avoid any dictionary works and establish a password by with mixed number, alphabets, and punctuation marks.
• Be sure not to use any common passwords or its vari- ations such as abc123, iloveyou1, let me in, qwerty1, (yourname1), password1 and baseball1.
• Change passwords periodically.
• When choosing a password:

–Mix upper and lower case letters

–Use a minimum of 8 characters

–Use mnemonics to help you remember a compli- cated password

DISCUSSIONS

From the review it was observed that, there are various studies conducted on cyber safety especially earlier studies have tried to attempt the problems linked to spam and spam ?ltering techniques. In speci?c, spam dataset is analyzed using TANAGRA data mining tool to explore the ef?cient classi?er for email spam classi?cation. Further studies also analyzed various existing spam detection meth- ods and identi?ed an ef?cient, accurate, and reliable spam detection method. The usage of personal ?rewall systems by performing a cognitive analysis in determining design elements which would violate the principles of usability.

 The issue of how to arrange the topology of ?rewalls in a network design and how the frame the routing tables in execution so that the max ?rewall rule set could be limited. Attribute-based solutions can be an option for speci?c security requirements. The usage of Intrusion Detection System (IDS) procedure to ?nd a computer network attack. The vulnerability assessment in automatic setups together with web applications and other threats, such as data validations. An innovative quantitative vulnerability assess- ment model on cyber security for DAS is evaluated. Further the analysis indicated various safety and prevention functionalities.

CONCLUSIONS

From the review, it was found that majority of the studies have been conducted on the email security, ?rewalls, and vulnerabilities. Yet, not many studies from the perspective of password security. There are general recommendations on how to secure the password but not any authenticated protocol to protect the system inherently. Therefore, there is a need for more studies in terms of technics and models from this perspective to ensure that passwords are protected.

Cite this page