A Systematic Mapping of Security Mechanisms

In the Internet Era, millions of computer systems are connected to the Internet and the number is increasing infinitely. Maintaining proper Control and configuration for all such networked systems has proved to be impossible. This loophole makes the Internet systems vulnerable to various type of attacks. The objective of this research is to systematically identify a wide list of attacks in transport, session and application layers (Host layers). 148 effective controls are identified for the security attacks in addition to the 113 standard controls. The identified controls are analyzed in order to map and categorize them to the corresponding security layers wise.

[1]  David A. Wagner,et al.  Dynamic pharming attacks and locked same-origin policies for web browsers , 2007, CCS '07.

[2]  Zhuoqing Morley Mao,et al.  Internet Censorship in China: Where Does the Filtering Occur? , 2011, PAM.

[3]  P. J. Criscuolo,et al.  Distributed System Intruder Tools, Trinoo and Tribe Flood Network , 1999 .

[4]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[5]  Sebastian Pape,et al.  Authentication in Insecure Environments , 2014, Springer Fachmedien Wiesbaden.

[6]  Zeeshan Shafi Khan,et al.  Issues of Security and Network Load in Presence - A Survey , 2010, FGIT-SecTech/DRBC.

[7]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[8]  Fuguo Deng,et al.  Improving the security of multiparty quantum secret sharing against Trojan horse attack , 2005, quant-ph/0506194.

[9]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[10]  Akash Mittal,et al.  A Review of DDOS Attack and its Countermeasures in TCP Based Networks , 2011 .

[11]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[12]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[13]  Gene Tsudik Message authentication with one-way hash functions , 1992, CCRV.

[14]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[15]  Christopher Krügel,et al.  SWAP: Mitigating XSS attacks using a reverse proxy , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[16]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[17]  P. J. Criscuolo Distributed Denial of Service Tools, Trin00, Tribe Flood Network, Tribe Flood Network 2000 and Stacheldraht. , 2000 .

[18]  Sahadeo Padhye,et al.  New proxy signature scheme with message recovery using verifiable self-certified public keys , 2011, 2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011).

[19]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[20]  Malek Ben Salem,et al.  Modeling User Search Behavior for Masquerade Detection , 2011, RAID.

[21]  Mike Shema,et al.  HTML Injection & Cross-Site Scripting (XSS) , 2012 .

[22]  Ponnurangam Kumaraguru,et al.  Emerging phishing trends and effectiveness of the anti-phishing landing page , 2014, 2014 APWG Symposium on Electronic Crime Research (eCrime).

[23]  G. Manimaran,et al.  Internet infrastructure security: a taxonomy , 2002, IEEE Netw..

[24]  Shun-Zheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[25]  José Carlos Brustoloni,et al.  Hardening Web browsers against man-in-the-middle and eavesdropping attacks , 2005, WWW '05.

[26]  Barbara Gengler CERT Victim of Three Day Denial-of-service Attack , 2001 .

[27]  T. Bass,et al.  E-mail bombs and countermeasures: cyber attacks on availability and brand integrity , 1998, IEEE Netw..

[28]  Mohamed Jellal,et al.  Insecure old‐age security , 2002 .

[29]  Christopher Krügel,et al.  Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.

[30]  Wei Sun,et al.  How the Nature of Exogenous Shocks and Crises Impact Company Performance?: The Effects of Industry Characteristics , 2017 .

[31]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.