People’s Democratic Republic of Algeria

Ministry of Higher Education and Scientific Research

Higher School of Computer Science

Sidi Belabbes 08 Mai 1945

Final year project

For obtaining the Master’s degree in Computer Science

Option : Computer Systems Engineering (ISI)

A Detection of Cyber Attacks in Iot

systems

Directed by : Supervised by :
Mme. Delfi Aya Mme. Souyah Amina (ESI)
M. Harbi Yesmine

Presented on July ..., 2023, before the jury composed of:

Mme. .... .... : ESI - Présidente
Mme. .... ... : ESI - Examinateur
M. ...... ...... : ESI - Rapporteur

Graduating class of 2018 - 2023

Dedicace

2
Thanks

3
Abstract

4
Résumé

5
AbstractArabic

6
Contents

1 Cyber Security 12
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.1.1 Definition . . . . . . . . . . . . . . . . . . . . . . . 13
1.1.2 Usage and importance . . . . . . . . . . . . . . . . 13
1.1.3 Overview of the chapter . . . . . . . . . . . . . . . 14
1.2 Threats to cybersecurity . . . . . . . . . . . . . . . . . . . 15
1.2.1 Different types of cyber threats . . . . . . . . . . . 15
1.2.2 Statistics on cyber threats and their impact . . . . 20
1.3 Principles of Cybersecurity . . . . . . . . . . . . . . . . . . 21
1.3.1 Confidentiality, Integrity, Availability (CIA) triad . 21
1.3.2 Defence in depth stategy . . . . . . . . . . . . . . 22
1.3.3 Risks assessment and management . . . . . . . . . 23
1.4 Cybersecurity Measures and Best Practices . . . . . . . . . 23
1.4.1 Firewall and Intrusion Detection/Prevention Systems 23
1.4.2 Antivirus and Anti-malware software . . . . . . . . 24
1.4.3 Encryption . . . . . . . . . . . . . . . . . . . . . . 26
1.4.4 User authentication and access control . . . . . . . 26
1.4.5 Backup and disaster recovery . . . . . . . . . . . . 27
1.5 Cybersecurity Education and Training . . . . . . . . . . . 28
1.5.1 Importance of education and training in promoting
cybersecurity awareness . . . . . . . . . . . . . . . 28
1.5.2 Examples of cybersecurity training programs and re-
sources . . . . . . . . . . . . . . . . . . . . . . . . . 29
1.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

2 Chapter02 31

7
List of Figures

8
List of Tables

9
Acronyms

10
General Introduction

11
Chapter 1

Cyber Security

12
 graphicx

1.1 Introduction
1.1.1 Definition
Cybersecurity is the practice of protecting computer systems, networks,
and data from digital attacks. It involves a range of measures and
technologies designed to safeguard digital systems and data from
unauthorized access, theft, and damage. Cybersecurity threats come in
many forms, including malware, phishing scams, social engineering
attacks, and ransomware.
According to the National Institute of Standards and Technology (NIST),
cybersecurity is defined as ”the ability to protect or defend the use of
cyberspace from cyber attacks” (NIST, 2018). The Cybersecurity and
Infrastructure Security Agency (CISA) of the United States government
defines cybersecurity as ”the art of protecting networks, devices, and data
from unauthorized access or criminal use and the practice of ensuring
confidentiality, integrity, and availability of information” (CISA, 2021).
Cybersecurity is crucial for individuals, businesses, and governments
alike. For individuals, cybersecurity involves taking steps to protect
personal information and online accounts, such as using strong
passwords, enabling two-factor authentication, and being cautious when
clicking on links or downloading files. For businesses and governments,
cybersecurity is essential to protect sensitive data and intellectual
property from theft or damage. Cyber attacks can result in significant
financial losses, damage to reputation, and legal liabilities.
In conclusion, cybersecurity is a critical component of modern digital life,
and everyone has a role to play in protecting themselves and others from
cyber threats. By staying informed, taking precautions, and working
together, we can build a safer and more secure digital world.

1.1.2 Usage and importance

Cybersecurity is essential in the digital age due to the increasing number
of cyber threats that businesses and individuals face. As more and more
of our personal and business activities take place online, we are also
becoming more vulnerable to various cyber attacks such as phishing,
ransomware, and data breaches. The importance of cybersecurity is
highlighted by the potential damage that can be caused by cyber attacks.

According to a report by Accenture, the average cost of a cyber attack

on a company is 13 million dolard, and the average time to identify and

13
contain a breach is 280 days (Accenture, 2021). Cyber attacks can also
result in significant loss of sensitive data, damage to reputation, and legal
liabilities. In addition to financial losses, cyber attacks can also have
serious consequences for national security. For example, in recent years,
several countries have been accused of carrying out cyber attacks against
other nations for political or economic gain. Cyber attacks on critical
infrastructure, such as power grids or transportation systems, can also
pose a serious threat to public safety.
To address these challenges, governments, businesses, and individuals
must prioritize cybersecurity. This includes investing in cybersecurity
technologies and personnel, educating employees and the public about
cyber threats, and developing and implementing cybersecurity policies
and regulations. In conclusion, cybersecurity is crucial in the digital age,
as cyber threats continue to evolve and become more sophisticated. By
taking proactive measures to protect ourselves and our digital systems,
we can minimize the risks of cyber attacks and build a safer and more
secure digital world.

1.1.3 Overview of the chapter

The chapter on cybersecurity aims to provide readers with a
comprehensive understanding of the importance of cybersecurity in the
digital age. The chapter will cover a range of topics related to
cybersecurity, including the different types of cyber threats, the
principles of cybersecurity, cybersecurity measures and best practices,
cybersecurity education and training, and future trends in cybersecurity.
The chapter will begin with an introduction to cybersecurity, defining
what cybersecurity is and why it is important. It will also provide an
overview of the chapter’s contents. The next section will focus on the
various types of cyber threats that businesses and individuals face,
including malware, phishing, social engineering, and ransomware. It will
explore the common methods of attack and their consequences, as well as
the statistics on cyber threats and their impact. Following this, the
chapter will delve into the principles of cybersecurity, including the
Confidentiality, Integrity, Availability (CIA) triad, the Defense in Depth
strategy, and risk assessment and management. The chapter will then
outline various cybersecurity measures and best practices that
individuals and organizations can implement to protect themselves
against cyber attacks. These include firewalls, intrusion
detection/prevention systems, antivirus and anti-malware software,
encryption, user authentication and access control, and backup and
disaster recovery. the chapter will then explore the role of cybersecurity

14
education and training in promoting cybersecurity awareness. It will
provide examples of cybersecurity training programs and resources, as
well as best practices for promoting cybersecurity education in
organizations. Finally, the chapter will conclude by discussing future
trends in cybersecurity, including emerging cyber threats and challenges,
as well as technologies and strategies for enhancing cybersecurity in the
future. Overall, this chapter on cybersecurity aims to provide readers
with a comprehensive understanding of the importance of cybersecurity,
and equip them with the knowledge and tools necessary to protect
themselves and their organizations against cyber threats.

1.2 Threats to cybersecurity

The number of online activities in every field is increasing. This increase

also increases the number and variety of cyber attacks. Therefore, it is
known that organizations are more affected by cyber threats than in the
past. So much, so that cyber-attacks are now being used as a weapon
[24]. The diversity of cyber threats has also increased the diversity of
defense strategies to be created against these threats. Determining the
type of cyber attack beforehand is critical for the correct action. The
clustering of cyber attack types brings about the clustering of defense
models, and this enables the security equipment to be shaped by the
large cyber defense models to be created [25]. For these reasons, it is
crucial to evaluate cyber attacks in a correct taxonomy. Many studies in
the literature include both general cyber threats and the taxonomy of
cyber attacks in more specific areas [9] [30] [13] [20]. In this study,a
classification of common cyber attacks is presented. If machine learning
is of great importance within the defense model created against a cyber
attack, this cyber attack has been specially selected.

1.2.1 Different types of cyber threats

Fishing

Phishing attacks are generally used to access sensitive and confidential

information such as usernames, passwords, credit card information, and
network credentials. Cyber attackers use social engineering to
masquerade as a normal individual or institution through any means of
communication, manipulate victims to perform certain actions, or
willingly disclose confidential information. The purpose here is; is to
convince the person receiving the message that there is something in the

15
message they want or need. Phishing scams can also use email, phone
calls, text messages, and social media tools to trick victims into providing
sensitive information [6]. Malicious URLs are the essential instrument of
a phishing attack. Text-based analyzes and Natural Language Processing
(NLP) processes are among the essential methods used in detecting these
attacks, and the detection performance is very high [2].

• Spear phishing
Spear phishing attacks are carried out toward the predetermined tar-
get. So Spear phishing is a targeted attack. In Spear Phishing at-
tacks, information is first collected about the person or organization
selected as the victim [16]. Information gathering is the first and most
crucial step in Spear Phishing attacks. The names used in the email
sent to the victim belong to real persons. Administrators, co-workers,
or people the victim knows are used as the sender of the email. At
the same time, an authorized person’s name and title who can deter-
mine/influence the content of the email are also selected. Thanks to
this method, the victim is given the impression of an email that may
come in the usual flow, and suspicious situations are eliminated.
• Whaling
Whaling is a type of phishing in which the attacker pretends to be a
senior official of a particular company. The attacker sends messages
similar to those written by the general manager, board member, or
CEO. They can ask them to transfer money to a specific account or
send sensitive information to an address, for example [6].
• engineering attacks
In a social engineering attack, it takes advantage of human behavior’s
weaknesses, using various persuasion and deception methods to obtain
information that malicious people want to access. Social engineering
attacks are one of the oldest and most dangerous types of attacks in
internet history. Human nature can and does make mistakes almost
at any time. At this point, cyber attackers take advantage of human
errors and gain access to systems/confidential information by coming
to the fore with social engineering attacks [9].
• Smishing/Vishing
Smishing is a form of phishing that uses mobile phones as an attack
platform. Smishing is carried out via text messages or SMS, and the
attack is called “SMiShing”. This attack has become increasingly
popular, as people are more likely to trust a message received via a
messaging app on their phone than a message sent via email. Various

16
 detection methods have been developed for smishing with NLP tech-
niques, just like in spam email [18]. Vishing, on the other hand, is
a deception technique involving the use of Voice Over Internet Pro-
tocol (VoIP) to convince people that they are communicating with a
legitimate channel to easily share personal information [4].
• Man-in-the-middle
Man-in-the-middle (MITM) attack is an attack method that covers
the network by listening to the communication between two connec-
tions, capturing various data, or listening the communication but also
making all kinds of changes. In MITM, communication between two
parties can be interrupted, or misleading communication can be cre-
ated. This attack can be summarized as capturing and manipulating
packets on the network. The attacker can eavesdrop on traffic passing
between the target and network elements (server, switch, router, or
modem). In this attack, they can capture data packets freely circulat-
ing in the communication network, local network, or remote network.
The increasing prevalence of IoT devices has made this attack more
dangerous. Various approaches have been developed for the predic-
tion and detection of the attack [28].

Malware
Malware is software that harms or provides unauthorized access to
devices, websites, or networks for data breaches, identity theft, and
espionage without the user’s knowledge. Depending on the attacker’s
intent, the software can operate differently, performing various functions
such as hijacking, encrypting, deleting data, or monitoring computer
activity without permission. Static analysis or dynamic analysis
techniques can be used when deciding whether the software on a
computer is malicious or harmless [8] [22]. Static techniques do not run
code. It only examines code structure and binary data properties. On
the other hand, dynamic techniques run software to observe the behavior
of code running over the network or across end-to-end devices. Some
malware detection systems use only static or dynamic techniques, while
others implement both [5]. However, both techniques fall short when it
comes to Zero Day attacks. Today, these techniques are gradually being
replaced by machine learning methods [7] [11].

• Trojans
They are malicious code snippets inside software that appears to be
reliable. Because they can be hidden, they got a historical name.
After they are placed in the system, they can open the computer for

17
 remote access [3].
• Worms
A worm or network can consume bandwidth and cause the computer
to crash. It can be defined as a subclass of viruses. They are self-
replicating, and unlike viruses, they do not need human action to
spread rapidly across computers and the entire network [27].
• Adware
Adware is software that tries to expose users to unwanted, potentially
malicious advertisements. It may redirect the user’s browser searches
to web pages containing unwanted product promotions [10].
• Ransomware
It usually works by encrypting data on the computer with a key un-
known to the user. Using this software, attackers demand a ransom
from the user so that the user can regain access to their files [1].
• Spyware
Spyware enables the collection of important information and trans-
actions of users without the user’s knowledge and sending this in-
formation to malicious people. It usually includes activity monitors,
keystroke capture (keylogger), and data collection. It can change se-
curity settings or interfere with network connections [27] [10] [1] [31].
• Botnet
Botnet attacks mean that many computers are managed from a sin-
gle point for malicious purposes. With access programs installed on
computers with some kind of virus, malicious hackers can acquire
thousands of robot computers that they can use in attacks. A Botnet
owner attacker can easily manage all the computers on his network
from anywhere in the world. Innocent users in the botnet network can
provide great support to attackers’ cybercrime without even knowing
about it. Intensive Distributed Denial of Service (DDoS) attacks can
be organized on the target system with bot networks [19]. As a result
of the strong DDoS attack on the target system, the system cannot
respond and become unresponsive to every packet sent.

Injection attacks

An attacker who performs an injection attack can provide malicious input

to a web application and alter the execution of the application by forcing
it to execute specific commands. An injection attack can expose or
damage data and lead to DoS or a complete compromise of a web server.
Such attacks are carried out by exploiting vulnerabilities in the code of

18
an application that allows unauthenticated user input [32]. The most
common injection attacks are Cross-site scripting and SQL injection.
• Cross-site scripting
Cross-site scripting/Cross-code execution (XSS) is an attack typically
found in web applications, using an attacker inserting code that will
harm a different user’s browser. XSS vulnerabilities normally allow
an attacker to take any action that the target user could take and
gain access to the user’s data. If the target user has access within the
application, the attacker can manage the control of the application as
a target and have full control over the data [15]. There are multiple
methods for XSS attacks. XSS can be done by a malicious script
run by the target user. The page viewed by the target can be a fake
page or a form page to be clicked with a link and requesting the
user’s credentials. Websites containing advertisements displayed by
the target or malicious e-mails sent to the user or community may be
subject to an XSS attack.
• SQL injection
SQL Injection is a type of attack technique performed by adding ad-
ditional SQL statements to the relevant field on the standard applica-
tion screen by using SQL features running at the base in data-driven
applications. SQL Injection exploits a vulnerability within applica-
tion software. SQL injection is a malicious code injection technique
that can destroy a database [29]. With SQL injection, attackers can
steal user information on the website, access hidden information, in-
terfere with existing data, change some operations, increase authority,
completely delete the database or switch to one of the other attacks
we mentioned earlier. The damage caused by this attack may be ir-
reparable since all the content of the website is contained in those
databases. The attacker only needs to access the database by exploit-
ing a vulnerability in the software [12].
Password attacks
Password attacks are among the most common, as encryption is the most
common mechanism we use to break into a system. Password attacks can
be carried out against corporate or personal targets. The purpose of the
attack is the social media networks, technologies, software, etc., used by
the person or institution. It harms institutions or individuals by
capturing the passwords of any field that requires a password [21].
• Brute-force
A Brute Force attack is a method where attackers use a trial and error
method to gain access to an account. This may include obtaining

19
 password or personal identification number information, depending
on the situation. Most brute force attacks are automatic, so the
variety of targets, i.e. types of victims, is quite high. Brute force
attacks give attackers illegal access to websites that contain valuable
information. With this method, they can close the website completely
or gain access to user accounts. Patator is an application method with
a modular design and flexible structure used for brute force attacks
in the Kali Linux operating system. With this method, Secure Shell
(SSH) and File Transfer Protocol (FTP) attacks can be performed
[17].
• Dictionary attack
An unauthorized user attempts to log in using a known username
and a password list of common words. During this attack, input
information from a predefined list or dictionary of possible passwords
is tried with all letter and word combinations [23].
DoS attacks
A denial of service attack (DoS) is an attack that aims to render a
machine or network inaccessible to users who need to be served by taking
it out of service. DoS attacks achieve this by filling the target with traffic
or sending information that triggers a crash. Either way, the DoS attack
deprives legitimate users of the service or resource they expect [14].
Victims of DoS attacks often target web servers of high-profile
organizations such as banking, commercial and media companies or
government and commercial organizations. While DoS attacks do not
typically result in the theft or loss of important information or other
assets, it can cost the victim a great deal of time and money to deal
with. Distributed Denial of Service (DDos) attacks occur when multiple
attack systems organize a synchronized DoS attack on a single target.
The main difference is that instead of being attacked from one location,
the target can be attacked from many locations at once [26].

1.2.2 Statistics on cyber threats and their impact

Cyber threats are a growing concern for individuals and organizations
alike, with significant financial and reputational impacts. Here are some
statistics on cyber threats and their impact:
1. The global cost of cybercrime is estimated to reach 10.5 trillion dollars
by 2025 (Cyber Security Ventures).
2. In 2020, the average cost of a data breach was 3.86 million dollars,
up 1.5 percent from the previous year (IBM).

20
 3. Ransomware attacks increased by 485 percent in 2020, with the aver-
age ransom demand rising to 178,000 dollars (IBM).
4. In 2020, phishing attacks accounted for 36 percent of all data breaches
(Verizon).
5. The healthcare industry experienced the highest cost of data breaches,
with an average cost of 7.13 million dollars per breach (IBM).
6. Small businesses are increasingly targeted by cybercriminals, with 43
percent of all cyberattacks targeting small businesses in 2020 (Veri-
zon).
7. In 2020, remote workers were targeted by cybercriminals with a 450
percent increase in phishing attacks (IBM).
8. Cybersecurity job postings have increased by 94 percent since 2013,
with an estimated 3.5 million unfilled cybersecurity positions world-
wide (Cybersecurity Ventures).
.

These statistics highlight the growing threat of cybercrime and the need
for organizations to take proactive measures to protect their data and
systems. Implementing strong security measures, providing regular
cybersecurity training to employees, and keeping software up to date can
help to mitigate the risks of cyber threats

1.3 Principles of Cybersecurity

1.3.1 Confidentiality, Integrity, Availability (CIA) triad
The principles of cybersecurity are designed to help protect computer
systems and networks from cyber threats. Here are some of the key
principles:

• Confidentiality: This principle involves protecting sensitive infor-

mation from unauthorized access or disclosure. This can be achieved
through measures such as encryption, access controls, and secure stor-
age.
• Integrity: This principle involves ensuring the accuracy and com-
pleteness of data by protecting it from unauthorized modification or
destruction. This can be achieved through measures such as data
backups, digital signatures, and access controls.

21
 • vailability: This principle involves ensuring that computer systems
and networks are available to authorized users when needed. This can
be achieved through measures such as redundancy, fault tolerance,
and disaster recovery planning.
• Authentication: this principle involves verifying the identity of
users and devices to prevent unauthorized access. This can be achieved
through measures such as passwords, biometrics, and two-factor au-
thentication.
• Authorization: This principle involves ensuring that users and de-
vices have the appropriate level of access to resources based on their
roles and responsibilities. This can be achieved through measures
such as access controls, privilege management, and network segmen-
tation.
• Accountability: This principle involves holding individuals and or-
ganizations responsible for their actions and ensuring that they can
be traced back to the source. This can be achieved through measures
such as audit trails, logging, and incident response planning.

By following these principles, organizations can create a strong

foundation for cybersecurity and help to minimize the risks of cyber
threats.(Retrieved from National Institute of Standards and Technology.
(2017). Framework for Improving Critical Infrastructure Cybersecurity )

1.3.2 Defence in depth stategy

The idea behind this strategy is to provide multiple lines of defense, so
that if one layer of security is breached, there are additional layers in
place to prevent further damage.The defense in depth strategy involves

several layers of security controls, including physical security measures

such as security cameras and access controls, network security measures
such as firewalls and intrusion detection systems, and application security
measures such as encryption and access controls. The benefits of defense

in depth are that it provides a comprehensive and layered approach to

cybersecurity, making it more difficult for cybercriminals to breach the
system. Additionally, if a breach does occur, the impact can be
minimized, as the attacker will only be able to access a limited amount of
data or systems. One of the challenges of defense in depth is that it can
be complex and costly to implement.It requires a significant investment

in security technologies and personnel to manage and maintain the

22
various layers of security controls.Overall, the defense in depth strategy

is an effective approach to cybersecurity that can help organizations to

better protect their computer systems and networks from cyber threats.

1.3.3 Risks assessment and management

Risk assessment and management are critical components of cyber
security. They involve identifying, evaluating, and prioritizing potential
risks and taking measures to mitigate them.The first step in risk

assessment and management is to identify potential risks to the

organization’s computer systems and networks. This can include threats
such as malware, hacking, phishing attacks, and employee errors. Once
potential risks have been identified, they are evaluated based on their
likelihood and potential impact.After evaluating risks, organizations can

prioritize them based on their severity and likelihood. This helps to

determine which risks should be addressed first and allocate resources
accordingly.Once risks have been identified and prioritized, organizations

can take steps to mitigate them. Additionally, employee training and

awareness programs can help to reduce the risk of human error.Risk

assessment and management are ongoing processes that require regular

review and updates. As new threats emerge, organizations need to
continually reassess their risks and adjust their security measures
accordingly.Effective risk assessment and management can help

organizations to identify and mitigate potential threats, reducing the risk

of a cyber attack and minimizing the impact if one occurs.

1.4 Cybersecurity Measures and Best Practices

1.4.1 Firewall and Intrusion Detection/Prevention Systems
• Firewalls and intrusion detection/prevention systems (IDS/IPS) are
critical components of cybersecurity that help to protect computer
systems and networks from cyber threats.
• A firewall is a software or hardware device that sits between a com-
puter system or network and the internet, controlling the flow of data
between them. Firewalls use a set of rules to determine which traffic
is allowed to pass through and which traffic is blocked. By doing so,

23
 they can help to prevent unauthorized access to a network and pro-
tect against malware and other cyber threats.(What Is a Firewall?
(2022). Retrieved from
https://www.cisco.com/c/en/us/products/security/ firewalls/what-is-
a-firewall.html)
• Intrusion detection and prevention systems (IDS/IPS) are designed
to monitor network traffic and identify potential security threats. IDS
systems detect and alert administrators to suspicious activity, while
IPS systems can take immediate action to block potential threats.
• IDS/IPS systems use a combination of signature-based and behavior-
based detection methods to identify potential threats. Signature-
based detection involves comparing network traffic to a database of
known threat signatures, while behavior-based detection looks for
abnormal patterns of activity that may indicate a new or unknown
threat.
• Effective firewall and IDS/IPS systems can significantly improve an
organization’s cybersecurity posture by helping to prevent unautho-
rized access and detect and prevent potential cyber attacks.
(Intrusion Detection and Prevention Systems (IDPS). (2022). Re-
trieved from
https://www.cisco.com/c/en/us/products/security/intrusion-detection-
prevention-systems/index.html)

1.4.2 Antivirus and Anti-malware software

Antivirus and anti-malware software are essential components of
cybersecurity that help to protect computer systems and networks from
malware and other cyber threats. Antivirus software is designed to
detect and remove viruses, which are a type of malicious software
(malware) that can infect computer systems and cause a range of
damage, from minor disruptions to complete system failures. Antivirus
software uses a combination of signature-based detection and behavioral
analysis to identify and remove viruses.
Anti-malware software is a broader term that refers to software designed
to detect and remove a wide range of malware, including viruses, worms,
Trojans, and other malicious software. Like antivirus software,
anti-malware software uses a combination of signature-based detection
and behavioral analysis to identify and remove malware. Effective
antivirus and anti-malware software can significantly improve an

24
organization’s cybersecurity posture by helping to detect and remove
malware before it can cause damage to computer systems and networks.
It is important to note that antivirus and anti-malware software should
be kept up to date, as new threats are constantly emerging. Regular
updates to antivirus and anti-malware software ensure that it has the
latest threat signatures and can detect and remove new and emerging
threats.

25
 1.4.3 Encryption
Encryption is a crucial cybersecurity measure that involves converting
plain text data into a coded or scrambled form, making it unreadable to
anyone who does not have the key to decrypt it. Encryption helps to
protect sensitive data from unauthorized access and theft, particularly
when it is transmitted over insecure networks or stored on vulnerable
devices. Encryption works by using mathematical algorithms to convert
plain text data into a cipher text that can only be read with the correct
key. The strength of the encryption depends on the length and
complexity of the key used to encrypt the data. Two fundamental
encryption methods exist: symmetric encryption and asymmetric
encryption.. Symmetric encryption involves the utilization of a single key
for both encrypting and decrypting data.. This type of encryption is
faster than asymmetric encryption but requires a secure way to share the
key between the sender and receiver. Asymmetric encryption, also known
as public key encryption, uses two keys: a public key and a private key.
The public key is used to encrypt the data, and the private key is used to
decrypt it. Asymmetric encryption is slower than symmetric encryption
but is more secure because the private key is kept secret by the owner.
Encryption is used in many areas of cybersecurity, including data
protection, secure communication, and secure storage. It is also a critical
component of many cybersecurity regulations and standards, including
the General Data Protection Regulation (GDPR) and the Payment Card
Industry Data Security Standard (PCI DSS).

1.4.4 User authentication and access control

User authentication and access control are critical components of
cybersecurity that help to ensure that only authorized individuals have
access to sensitive data and systems.
User authentication is the process of verifying the identity of a user
before allowing them access to a system or application. This is typically
achieved through a combination of a username and password, although
other methods such as biometrics, security tokens, and multi-factor
authentication may also be used.practices for user authentication include:
• Strong password policies: Passwords should be complex, unique, and
changed regularly to reduce the risk of unauthorized access. Users
should also be encouraged not to reuse passwords across multiple
accounts.

26
 • Multi-factor authentication: Using multiple factors to verify a user’s
identity, such as a password and a security token, can greatly
increase the security of the authentication process.
• Account lockout policies: After a certain number of unsuccessful
login attempts, user accounts should be locked out to prevent
brute-force attacks.
• Regular security awareness training: Users should be educated on
the importance of strong passwords and other security best practices
to reduce the risk of social engineering attacks.
• Access control is the process of managing user permissions and
privileges to ensure that only authorized individuals have access to
sensitive data and systems. Access control policies should be based
on the principle of least privilege, which means that users should
only have the minimum level of access required to perform their job
functions.
Best practices for access control include:
• Role-based access control: Users should be assigned roles based on
their job functions, with permissions and privileges assigned
accordingly.
• Regular access reviews: Access should be reviewed regularly to
ensure that users still require their current level of access.
• Separation of duties: Critical tasks should be divided among
multiple users to reduce the risk of insider threats.
Effective user authentication and access control are essential components
of cybersecurity that help to protect sensitive data and systems from
unauthorized access and misuse.

1.4.5 Backup and disaster recovery

Backup and disaster recovery are critical components of cybersecurity
that help to ensure that data can be recovered in the event of a security
breach or system failure.
Best practices for backup and disaster recovery include:
• Regular backups: Data should be backed up on a regular basis to
minimize the risk of data loss in the event of a security breach or
system failure.
• Offsite backups: Backups should be stored offsite to protect against
physical damage or loss of the primary system.

27
 • Testing backups: Backups should be tested regularly to ensure that
they are functional and can be used to restore data if necessary.
• Disaster recovery plan: A disaster recovery plan should be in place
to ensure that critical systems can be restored quickly in the event
of a major outage or disaster.
• Redundancy: Critical systems and data should have redundant
backups and failover mechanisms in place to minimize downtime and
ensure continuity of operations.
Implementing backup and disaster recovery best practices can help
organizations to minimize the impact of cybersecurity incidents and
other disasters, and ensure that critical data and systems are protected

1.5 Cybersecurity Education and Training

1.5.1 Importance of education and training in promoting
cybersecurity awareness
Education and training play a critical role in promoting cybersecurity
awareness and improving overall cybersecurity posture. As the frequency
and sophistication of cyber threats continue to increase, organizations
must prioritize cybersecurity education and training to ensure that their
employees are equipped with the knowledge .
Some key reasons why education and training are important for
promoting cybersecurity awareness include:
• Understanding Cyber Threats: Employees who receive cybersecurity
education and training are better able to understand the nature of
cyber threats, including common attack methods and tactics used
by cybercriminals. This knowledge can help them to recognize
suspicious activity, report incidents promptly, and take appropriate
action to prevent attacks.
• Building a Security Culture: Education and training can help to
promote a security-conscious culture within an organization, where
all employees understand the importance of cybersecurity and take
steps to protect sensitive data and systems. This can include regular
security awareness campaigns, training sessions, and exercises to
reinforce best practices and promote a culture of vigilance.
• Improved Incident Response: Education and training can help to
improve an organization’s incident response capabilities, including
identifying, containing, and mitigating the impact of cyber attacks.

28
 Employees who are trained in incident response protocols are better
equipped to respond quickly and effectively to incidents, minimizing
damage and reducing downtime.
• Compliance Requirements: Many industries are subject to
compliance requirements, such as HIPAA for healthcare or PCI-DSS
for payment card processing. Education and training can help
organizations to understand and meet these requirements, reducing
the risk of regulatory penalties and other legal consequences.
Overall, education and training are critical components of a successful
cybersecurity strategy. By investing in cybersecurity education and
training, organizations can reduce the risk of cyber attacks, protect
sensitive data, and maintain the trust of their customers and
stakeholders.

1.5.2 Examples of cybersecurity training programs and

resources
There are many cybersecurity training programs and resources available
that can help organizations to improve their cybersecurity posture and
promote cybersecurity awareness among employees. Some examples
include:

• Cybersecurity training courses: Many online training platforms offer

cybersecurity courses that cover a range of topics, from basic
cybersecurity awareness to more advanced topics such as network
security and incident response.
• Webinars and workshops: Many cybersecurity vendors and industry
organizations offer webinars and workshops that cover a range of
cybersecurity topics. These events can be a great way to learn about
the latest threats and best practices in a collaborative environment.
• Cybersecurity awareness campaigns: Regular cybersecurity
awareness campaigns can help to reinforce best practices and
promote a culture of cybersecurity within an organization. These
campaigns can include posters, emails, and other materials that
provide tips and advice on how to stay safe online.
• Tabletop exercises: Tabletop exercises refer to controlled simulations
designed to assess an organization’s incident response capabilities..
These exercises can help to identify gaps in the response plan and
improve the organization’s ability to respond to real-world cyber
attacks.

29
 • Certification programs: Many cybersecurity certification programs
are available, including CompTIA Security+, Certified Information
Systems Security Professional (CISSP), and Certified Ethical Hacker
(CEH). These programs can provide employees with the knowledge
and skills needed to secure networks and systems.

Overall, there are many cybersecurity training programs and resources

available that can help organizations to promote cybersecurity awareness
and improve their cybersecurity posture. By investing in cybersecurity
education and training, organizations can reduce the risk of cyber attacks
and protect sensitive data and systems.

1.6 Conclusion
In conclusion, cybersecurity is a critical issue that affects individuals,
businesses, and governments alike. With the increasing sophistication
and frequency of cyber attacks, it is essential to implement effective
cybersecurity measures and promote cybersecurity awareness and
education. This chapter has discussed the importance of cybersecurity,
the various threats to cybersecurity, the principles of cybersecurity, and
cybersecurity measures and best practices.It has also highlighted the
importance of cybersecurity education and training and provided
examples of cybersecurity training programs and resources. By following
best practices and promoting cybersecurity awareness and education,
organizations can reduce the risk of cyber attacks and protect their
sensitive data and systems.It is important to remain vigilant and
proactive in addressing cybersecurity threats to ensure the safety and
security of our digital world.

30
Chapter 2

Chapter02

31
Bibliography

[1] Muhammad Shabbir Abbasi, Harith Al-Sahaf, Masood Mansoori, and

Ian Welch. Behavior-based ransomware classification: A particle
swarm optimization wrapper-based approach for feature selection. Ap-
plied Soft Computing, 121:108744, 2022.
[2] Ahmed Aleroud and Lina Zhou. Phishing environments, techniques,
and countermeasures: A survey. Computers & Security, 68:160–196,
2017.
[3] Swarup Bhunia, Michael S Hsiao, Mainak Banga, and Seetharam
Narasimhan. Hardware trojan attacks: Threat analysis and coun-
termeasures. Proceedings of the IEEE, 102(8):1229–1247, 2014.
[4] Sumitra Biswal. Real-time intelligent vishing prediction and aware-
ness model (rivpam). In 2021 International Conference on Cyber Situ-
ational Awareness, Data Analytics and Assessment (CyberSA), pages
1–2. IEEE, 2021.
[5] S Sibi Chakkaravarthy, D Sangeetha, and V Vaidehi. A survey on
malware analysis and mitigation techniques. Computer Science Re-
view, 32:1–23, 2019.
[6] Kang Leng Chiew, Kelvin Sheng Chek Yong, and Choon Lin Tan.
A survey of phishing attacks: Their types, vectors and technical ap-
proaches. Expert Systems with Applications, 106:1–20, 2018.
[7] Daniel Gibert, Carles Mateu, and Jordi Planes. The rise of machine
learning for detection and classification of malware: Research devel-
opments, trends and challenges. Journal of Network and Computer
Applications, 153:102526, 2020.
[8] Manish Goyal and Raman Kumar. A survey on malware classification
using machine learning and deep learning. J. Comput. Networks Appl,
8(6):758–775, 2021.
[9] Ryan Heartfield, George Loukas, Sanja Budimir, Anatolij Bezem-
skij, Johnny RJ Fontaine, Avgoustinos Filippoupolitis, and Etienne
Roesch. A taxonomy of cyber-physical threats and impact in the
smart home. Computers & Security, 78:398–428, 2018.

32
[10] Syed Ibrahim Imtiaz, Saif ur Rehman, Abdul Rehman Javed, Zunera
Jalil, Xuan Liu, and Waleed S Alnumay. Deepamd: Detection and
identification of android malware using high-efficient deep artificial
neural network. Future Generation computer systems, 115:844–856,
2021.
[11] Evanson Mwangi Karanja, Shedden Masupe, and Mandu Gasennelwe
Jeffrey. Analysis of internet of things malware using image texture fea-
tures and machine learning techniques. Internet of Things, 9:100153,
2020.
[12] Ömer Kasim. An ensemble classification-based approach to detect
attack level of sql injections. Journal of Information Security and
Applications, 59:102852, 2021.
[13] Seungmin Kim, Gyunyoung Heo, Enrico Zio, Jinsoo Shin, and Jae-
gu Song. Cyber attack taxonomy for digital environment in nuclear
power plants. Nuclear Engineering and Technology, 52(5):995–1001,
2020.
[14] Jerry John Kponyo, Justice Owusu Agyemang, Griffith Selorm Klogo,
and Joshua Ofori Boateng. Lightweight and host-based denial of ser-
vice (dos) detection and defense mechanism for resource-constrained
iot devices. Internet of Things, 12:100319, 2020.
[15] Koundinya Kuppa, Anushka Dayal, Shashank Gupta, Amit Dua,
Pooja Chaudhary, and Shailendra Rathore. Convxss: A deep learning-
based smart ict framework against code injection attacks for html5
web applications in sustainable smart city infrastructure. Sustainable
Cities and Society, 80:103765, 2022.
[16] Youngsun Kwak, Seyoung Lee, Amanda Damiano, and Arun Vish-
wanath. Why do users not report spear phishing emails? Telematics
and Informatics, 48:101343, 2020.
[17] Maisha Maliha. A supervised learning approach: Detection of cyber
attacks. In 2021 IEEE International Conference on Telecommunica-
tions and Photonics (ICTP), pages 1–5. IEEE, 2021.
[18] Sandhya Mishra and Devpriya Soni. Smishing detector: A security
model to detect smishing through sms content analysis and url be-
havior analysis. Future Generation Computer Systems, 108:803–815,
2020.
[19] Giang L Nguyen, Braulio Dumba, Quoc-Dung Ngo, Hai-Viet Le, and
Tu N Nguyen. A collaborative approach to early detection of iot
botnet. Computers & Electrical Engineering, 97:107525, 2022.

33
[20] Jordan J Plotnek and Jill Slay. Cyber terrorism: A homogenized
taxonomy and definition. Computers & Security, 102:102145, 2021.
[21] Arun Babu Puthuparambil and Jithin Jose Thomas. Freestyle, a ran-
domized version of chacha for resisting offline brute-force and dic-
tionary attacks. Journal of Information Security and Applications,
49:102396, 2019.
[22] Valerian Rey, Pedro Miguel Sánchez Sánchez, Alberto Huertas
Celdrán, and Gérôme Bovet. Federated learning for malware detec-
tion in iot devices. Computer Networks, 204:108693, 2022.
[23] Ragil Saputra, Beta Noranita, et al. Analysis of gpgpu-based brute-
force and dictionary attack on sha-1 password hash. In 2019 3rd
International Conference on Informatics and Computational Sciences
(ICICoS), pages 1–4. IEEE, 2019.
[24] Rashi Saxena and E Gayathri. Cyber threat intelligence challenges:
Leveraging blockchain intelligence with possible solution. Materials
Today: Proceedings, 51:682–689, 2022.
[25] Shishir Kumar Shandilya, Saket Upadhyay, Ajit Kumar, and Atulya K
Nagar. Ai-assisted computer network operations testbed for nature-
inspired cyber security based adaptive defense simulation and analy-
sis. Future Generation Computer Systems, 127:297–308, 2022.
[26] Jagdeep Singh and Sunny Behal. Detection and mitigation of ddos
attacks in sdn: A comprehensive review, research challenges and fu-
ture directions. Computer Science Review, 37:100279, 2020.
[27] Jagsir Singh and Jaswinder Singh. A survey on machine learning-
based malware detection in executable files. Journal of Systems Ar-
chitecture, 112:101861, 2021.
[28] N Sivasankari and S Kamalakkannan. Detection and prevention of
man-in-the-middle attack in iot network using regression modeling.
Advances in Engineering Software, 169:103126, 2022.
[29] Peng Tang, Weidong Qiu, Zheng Huang, Huijuan Lian, and Guozhen
Liu. Detection of sql injection based on artificial neural network.
Knowledge-Based Systems, 190:105528, 2020.
[30] Mingtao Wu and Young B Moon. Taxonomy of cross-domain attacks
on cybermanufacturing system. Procedia Computer Science, 114:367–
374, 2017.

34
[31] Pooja Yadav, Neeraj Menon, Vinayakumar Ravi, Sowmya Vish-
vanathan, and Tuan D Pham. A two-stage deep learning framework
for image-based android malware detection and variant classification.
Computational Intelligence, 38(5):1748–1771, 2022.
[32] Ruibo Yan, Xi Xiao, Guangwu Hu, Sancheng Peng, and Yong Jiang.
New deep learning method to detect code injection attacks on hybrid
applications. Journal of Systems and Software, 137:67–77, 2018.

35