A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

Konev, Anton; Shelupanov, Alexander; Kataev, Mikhail Yu.; Ageeva, Valeriya; Nabieva, Alina

doi:10.3390/sym14030549

Cited by 8 publications

(6 citation statements)

References 93 publications

(114 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…В работах [4,5] Не менее важным аспектом становится описание и моделирование узлов и сетей, подверженных уязвимостям, а также соответствующих атак. Методам и нотациям формального описания компьютерных атак посвящено немалое количество научных работ [9][10][11][12][13][14]. В работах [10,11] объясняется важность выбора правильной методологии для описания угроз информационным системам, в работах [12][13][14] предлагаются различные подходы к описанию угроз кибербезопасности.…”

Section: обзор исследованийunclassified

“…Методам и нотациям формального описания компьютерных атак посвящено немалое количество научных работ [9][10][11][12][13][14]. В работах [10,11] объясняется важность выбора правильной методологии для описания угроз информационным системам, в работах [12][13][14] предлагаются различные подходы к описанию угроз кибербезопасности. Предложенные подходы сравниваются в статье [9], в заключении которой упоминается удобство использования MAL для описания сценариев кибератак.…”

Section: обзор исследованийunclassified

See 1 more Smart Citation

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

2024

Cybersecurity Issues

View full text Add to dashboard Cite

The purpose of the article: development of a vulnerable node, which includes the analysis of the vulnerability under study, implementation of its automated exploitation, formalization of the attack process, description of detection methods, as well as protection measures.1 Конев Антон Александрович, кандидат технических наук, доцент, ФГБОУ ВО «Томский государственный университет систем управления и радиоэлектроники» (ТУСУР), г. Томск, Россия.

show abstract

Section: обзор исследованийunclassified

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

2024

Cybersecurity Issues

View full text Add to dashboard Cite

show abstract

“…Over the past ten years, there has been an exceptional increase in the number of Internet of Things (IoT) devices, which include a wide range of products such as smart home appliances and industrial sensors. The rapid increase in the number of connected devices is fueled by technological advancements, which allow ordinary objects to establish internet connections, exchange information, and seamlessly communicate with one another [1], [2]. The widespread adoption of IoT has resulted in a notable rise in device connectivity, which in turn has led to the generation of immense volumes of data.…”

Section: Introductionmentioning

confidence: 99%

A Hybrid Perspective on Threat Analysis and Activity-Based Attack Modeling for Strengthening Access Control in IoT

Parikshit N. Mahalle,Gitanjali Rahul Shinde,Nilesh P. Sable

2024

jes

View full text Add to dashboard Cite

The rapid expansion of Internet of Things (IoT) devices has resulted in an unparalleled surge in the production of data and interconnectivity. Nevertheless, as IoT ecosystems become increasingly intricate, security concerns become of utmost importance, particularly in access control systems. The objective of this research is to improve the security of IoT access control by utilizing a hybrid model for analyzing threats and modeling attacks based on activities. This study has two primary objectives: a) A hybrid classification model is used to predict labels (attack or not) in binary classification with an impressive accuracy of 98.18%. b) Another hybrid classification model is employed to predict types of attacks in M2M communication, achieving a commendable accuracy of 90%. The primary goal is to create and assess a hybrid classification model for binary classification. This model will differentiate between regular system behavior and malicious attacks on access control schemes in the Internet of Things (IoT). The hybrid model, which combines the strengths of Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) networks, achieves an exceptional accuracy rate of 98.18%. The model's high accuracy demonstrates its effectiveness in precisely detecting potential threats and minimizing false positives, thereby establishing a strong basis for improving access control security. The second objective focuses on the complex area of security, with the goal of categorizing distinct forms of attacks in Machine-to-Machine (M2M) communication within the Internet of Things (IoT) framework. The hybrid classification model, employing both GRU and LSTM networks, achieves a remarkable accuracy of 90%. This accomplishment showcases the model's aptitude in detecting and distinguishing different types of attacks, including Distributed Denial of Service (DDoS) and Man-in-the-Middle attacks. The hybrid model provides security professionals with valuable insights to proactively respond to diverse threats in M2M communication by accurately classifying attack types. This strengthens the overall security posture of IoT access control systems. Overall, this study offers a thorough and efficient combination of threat analysis and activity-based attack modeling to enhance access control in IoT. The obtained accuracies in binary classification and prediction of attack types highlight the practical usability of the suggested hybrid model, establishing a strong basis for improving the security of IoT access control systems against evolving cyber threats

show abstract

“…This research reveals a notable shortage of vulnerability information sources, especially concerning the severity of identified vulnerabilities. Addition to that this research introduces a novel method for calculating risks, incorporating both the impact and financial aspects [4], which increase the accuracy of risk assessments. Ultimately this research paper outlines the importance of creating a comprehensive yet userfriendly security solution for web applications that remains affordable for any organization.…”

Section: Introductionmentioning

confidence: 99%

WebGuardian: Holistic Approach to Address Dynamic Web Application Threat Landscape

P.A.G.P.B,

M.H,

H.N.K

et al. 2023

IRJIET

View full text Add to dashboard Cite

Web applications have become an integral part of our daily lives, transforming various industries, and enabling smooth online interactions. The increasing number of web applications has also led to significant security challenges. People with malicious intent continuously exploit weaknesses in these web applications, posing a risk to the confidentiality, integrity, and availability of web applications. The primary objective of this research is to develop a comprehensive system that automates the identification and mitigation of vulnerabilities, prevention of threats, assessment of risks, and management of user access in web applications. This system uses advanced technologies like machine learning, runtime application self-protection (RASP), and risk calculation algorithms to take a well-rounded approach to web application security. This research project presents a comprehensive system that automates web application security, addressing the challenges posed by evolving threats. By utilizing advanced technologies and combining various security elements, the system offers a strong and effective solution to improve the security of web applications. This ensures their ability to withstand and maintain their integrity in today's interconnected digital world.

show abstract

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

Cited by 8 publications

References 93 publications

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

A Hybrid Perspective on Threat Analysis and Activity-Based Attack Modeling for Strengthening Access Control in IoT

WebGuardian: Holistic Approach to Address Dynamic Web Application Threat Landscape

Contact Info

Product

Resources

About