Determination of key cyber attacks through the MICMAC technique and their economic and financial influence when acquiring automated security tools
Keywords:
Cybersecurity, personal data, economic influence, privacy, malicious codesAbstract
The purpose of this research was to determine the most common key cyber-attack techniques to consider when developing cybersecurity strategies and appropriate tools that can be applied to any company, asset or threat, its financial economic relationship and evidencing the relationship of influence and dependence of these attacks. The study was classified as qualitative, documentary review was carried out and brainstorming and MICMAC techniques were applied. As a result, it was obtained that attacks such as Botnets, Machine learning poisoning, Exploitation of vulnerabilities among others, are attacks that require a rigorous monitoring and monitoring that allows to verify the effectiveness of the control of common attacks in general, because they depend on the behavior of the attacks key. It is concluded that social engineering attack is decisive, when formulating strategies and tools that repel cyber-attacks. It is recommended to formulate strategies and tools focused on key attacks and determinants.
References
Arango, X. A., & Cuevas Pérez, V. A. (2014). Método de análisis estructural: matriz de impactos cruzados multiplicación aplicada a una clasificación (MICMAC) (Doctoral dissertation, Tirant Lo Blanch).
Bucur, C., & Babulak, E. (2019). Security validation testing environment in the cloud. IEEE International Conference on Big Data, (págs. 4240-4247). Los Angeles. doi:10.1109/BigData47090.2019.9006202.
Carrillo, M. R. (2018). Seguridad de redes y sistemas de información en la Unión Europea: ¿un enfoque integral? Revista de Derecho Comunitario Europeo, 22(60), 563-600.
Corradini, I., & Nardelli, E. (2019). Social Engineering and the Value of Data: The Need of Specific Awareness Programs. In International Conference on Applied Human Factors and Ergonomics (pp. 59-65). Springer, Cham.
Ding, D., Han, Q. L., Xiang, Y., Ge, X., & Zhang, X. M. (2018). A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing, 275, 1674-1683.
Fernández, A. V., & Rodríguez, J. M. C. (2017). Análisis de las ciberamenazas. Cuadernos de estrategia, (185), 97-138.
González C. Rafael E., Pérez, Jaime M., Tarón D. Arnulfo. (2016). Desarrollo y validación de un modelo matemático para describir el crecimiento de lactobacillus acidophilus microencapsulado en un sistema binario compuesto por goma gelana. Revista @limentech,Ciencia y Tecnología Alimentaría. ISSN: 1692-7125. Volumen 14 N°1. Pp. 74 -83.
Hernández, R., Fernández, C. y Baptista, M. (2014). Metodología de la investigación, México: McGraw Hill.
Hernández Bieliukas, Y. C., & Aranguren Peraza, G. (2016). Patrón tecnopedagógico: ruta de aprendizaje basado en actividades comprensivas. Revista vínculos, 13(2), 149-158. https://doi.org/10.14483/2322939X.11671
Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., & Li, B. (2018, May). Manipulating machine learning: Poisoning attacks and countermeasures for regression learning. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 19-35). IEEE.
Kang, J., & Won, Y. (2018). Malware Classification Using Machine Learning. In Advances in Computer Science and Ubiquitous Computing (pp. 279-284). Springer, Singapore.
Ma, L., Yan, Y., & Xie, H. (2019). A New Approach for Detecting Access Control Vulnerabilities. In 2019 7th International Conference on Information, Communication and Networks (ICICN) (pp. 109-113). IEEE.
Martelo. R., JIMENEZ-PITRE, I., & VILLABONA-GÓMEZ (2017). Determinación de factores para deserción de estudiantes en pregrado a través de las técnicas lluvia de ideas y MICMAC. Revista Espacios. Vol. 38 (Nº 20) Año 2017.
Mead, J., Vasatka, J. E., & Craig, J. A. (2017). U.S. Cybersecurity system with differentiated capacity to deal with complex cyber-attacks. Patent Application No. 14/872,698.
Nofal, D. E., & Amer, A. A. (2019). SQL Injection Attacks Detection and Prevention Based on Neuro-Fuzzy Technique. In International Conference on Advanced Intelligent Systems and Informatics (pp. 722-738). Springer, Cham.
OWASP (2017). Top 10 Web Application Security Risks. Recuperate of: https://owasp.org/www-project-top-ten/.
Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Tanabe, R., Ueno, W., Ishii, K., Yoshioka, K., Matsumoto, T., Kasama, T., ... & Rossow, C. (2018). Evasive malware via identifier implanting. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 162-184). Springer, Cham.
Pardo Garcia A, Castellanos González L. (2017). Automatización de Ambientes en Invernaderos Simulando Escenarios Futuros, Revista Colombiana de Tecnologías de Avanzada, ISSN: 1692-7257. Volumen1–Número 29-2017.
Palma Cardoso, E., Alarcón Linares, A. F., & Hernández Pava, E. A. (2018). Diseño de un sistema informático (software) para automatizar los procesos contables en el sector mecánico automotriz del régimen simplificado. Revista Innova ITFIP, 2(1), 62-70. Recuperado a partir de http://revistainnovaitfip.com/index.php/innovajournal/article/view/29
Peláez R. S. (2002) Análisis de seguridad de la familia de protocolos TCP/IP y sus servicios asociados, Edición I, junio de 2002. Recuperado de http://es.tldp.org/Manuales-LuCAS/doc-Seguridad-tcpip/Seguridad_en_TCP-IP_Ed1.pdf.
Valinsky, J. (2019). 7 de los mayores hackeos de la historia. CNN en español. Recuperado de: https://cnnespanol.cnn.com/2019/08/01/7-de-los-mayores-hackeos-de-la-historia/.
Vergel, M. y Martínez, J. (2015). Filosofía gerencial seis sigma en la gestión universitaria. FACE, 15 (2). Recuperado de http://revistas.unipamplona.edu.co/ojs_viceinves/index.php/FACE/article/view/1619
Yen, C. T., Lugani, S., Mukhopadhyay, S., & Daftary, K. (2014). U.S. Patent No. 8,661,544. Washington, DC: U.S. Patent and Trademark Office.
Downloads
Published
Issue
Section
License
Authors who publish in this journal agree to the following terms:
a. Authors give their rights to the article in a non-exclusive way for the magazine to be published for the first time by the journal as well as licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of authorship of work and initial publication in this magazine.
b. Authors can establish separate additional agreements for non-exclusive distribution of the version of the work published in the journal (for example, to an institutional repository or to publish it in a book), with an acknowledgment of its initial publication in this journal.
c. Authors are allowed and encouraged to disseminate their work electronically (e.g., in institutional repositories or your own website) prior to and during the submission process, as it can lead to productive exchanges, as well as a citation more early and most of published work (See the Effect of Open Access) (in English).
