Modeling Web Security Analysis Attacks with CySeMoL Tool

Abbas A. Abdulhameed, Razi J. Al-Azawi, Basil M. Al-Mahdawi

Abstract


The utilize of the web has made humans and companies powerless to exterior assaults. Indeed, cyber problems essentially influence information frameworks with distinctive types of malicious attacks such as spyware, virus, social engineering, etc. The Internet e-mail service, in particular, has become one of the most dependable methods of communication among people, institutions, and companies. The development of digital signatures to e-mail services has raised the e-mail security, which led to replacing the standard mailing of registered letters. Unfortunately, the process of sending and receiving e-mails has created a negative impact means on security and privacy from cybercriminals by diffusing spam and malware. As a result, e-mail hosts are constantly under attack by malicious programs that are often attached to e-mails. In this paper, the simulation model and prototype of an email traffic monitor developed and tested in order to prove the ability of our proposed method for detecting new viruses. This paper states the success possibility of this new method based on the simulation results. The results of the analysis suggest that the Cyber Security Modeling Language (CySeMoL) model has a good performance of operating system vulnerability prediction. At last, some useful suggestions in the context of the CySeMoL model are presented.

Keywords


Virus detection, CySeMoL, Traffic monitor, Web security, Simulations, Cybersecurity.

Full Text:

PDF

References


D. J. McManus, C. Sankar, H. H. Carr, and F. N. Ford, "Intraorganizational versus interorganizational uses and benefits of electronic mail," Information Resources Management Journal (IRMJ), vol. 15, no. 3, pp. 5-13, 2002.

CrossRef

I. E. Korshunov, M. V. Lyadvinsky, S. M. Beloussov, and A. Sergeev, "System and method for restoration of MICROSOFT exchange server mail," Nov. 5 2019, uS Patent 10,467,187.

A. Boiko, V. Shendryk, and O. Boiko, "Information systems for supply chain management: uncertainties, risks and cyber security," Procedia Computer Science, vol. 149, pp. 65-70, 2019.

CrossRef

J. L. Ferrer-Gomilla, J. A. Onieva, M. Payeras, and J. Lopez, "Certified electronic mail: Properties revisited," Computers & Security, vol. 29, no. 2, pp. 167- 179, 2010.

CrossRef

A. Bhowmick and S. M. Hazarika, "Machine learning for E-mail spam filtering: review, techniques and trends," arXiv preprint arXiv:1606.01042, 2016.

CrossRef

A. Gonzalez-Torres, V. L. Byrd, and P. Parsons, "VKE: a Visual Analytics Tool for CyberSecurity Data," in Proceedings of the International Conference on Security and Management (SAM). The Steering Committee of The World Congress in Computer Science, Computer., 2019, pp. 56-62.

T. M. Chen and J.-M. Robert, "The evolution of viruses and worms," Statistical methods in computer security, vol. 1, pp. 1-16, 2004.

D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, "Inferring internet denial-of-service activity," ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp. 115-139, 2006.

CrossRef

C. Wang, J. C. Knight, and M. C. Elder, "On computer viral infection and the effect of immunization," in Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00). IEEE, 2000, pp. 246-256.

S. J. Stolfo, E. Eskin, M. Bhattacharyya, and S. Herskop, "System and methods for detecting malicious email transmission," Jan. 17 2019, uS Patent App. 16/026,801.

S. K. Sahay and A. Sharma, "A Survey on the Detection of Windows Desktops Malware," in Ambient Communications and Computer Systems. Springer, 2019, pp. 149-159.

CrossRef

R. Bhargava, D. P. Reese et al., "System and method for passive threat detection using virtual memory inspection," Mar. 14 2017, uS Patent 9,594,881.

J. Aizen, I. Rabinowitz, L. Kovacevich, M. Mccole, and L. Dauter, "Automated real estate transaction workflow management application extending and improving an existing email application," Dec. 27 2018, uS Patent App. 16/013,702.

A. A. Akinola, "Quantitative evaluation of cyberattacks on a hypothetical school computer network," 2019.

CrossRef

P. Marsh, "Knowledge swarming using mobile knowledge mentoring-the emergence of the ubiquitous cyber sage: knowledge transfer," Civil Engineering= Siviele Ingenieurswese, vol. 2016, no. v24i7, pp. 57- 63, 2016.

T. Sommestad, M. Ekstedt, and H. Holm, "The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures," IEEE Systems Journal, vol. 7, no. 3, pp. 363-373, 2012.

CrossRef

H. Holm, T. Sommestad, M. Ekstedt, and L. Nordstrom, "CySeMoL: A tool for cyber security analysis ¨ of enterprises," in 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013). IET, 2013, pp. 1-4.

CrossRef

K. Ahmad, S. Verma, N. Kumar, and J. Shekhar, "Classification of internet security attacks," in Proceeding of the 5th National Conference INDIACom2011Bharti Vidyapeeth's Institute of Computer Applications and Management, New Delhi ISSN, 2011, pp. 0973-7529.

A. Abdulhameed, A. Hammad, H. Mountassir, and B. Tatibouet, "An approach to verify SysML functional requirements using Promela/SPIN," in 2015 12th International Symposium on Programming and Systems (ISPS). IEEE, 2015, pp. 1-9.

CrossRef

M. Valja, M. Korman, R. Lagerstr ¨ om, U. Franke, and ¨ M. Ekstedt, "Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case," in 2016 Portland international conference on management of engineering and technology (PICMET). IEEE, 2016, pp. 14-22.

CrossRef




DOI: http://dx.doi.org/10.23851/mjs.v31i3.876

Refbacks

  • There are currently no refbacks.


Copyright (c) 2020 Al-Mustansiriyah Journal of Science

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.


Copyright (c) 2018 by Al-Mustansiriyah Journal of Science
ISSN: 1814-635X (Print), ISSN: 2521-3520 (online)