Software security: Threats, solutions and challenges

Himani Mittal

Article ID: 3769
Vol 6, Issue 1, 2023

VIEWS - 519 (Abstract) 237 (PDF)

Abstract


Software security is of great concern as computers have entered almost all walks of life and people at large have become dependent on technology for not only entertainment and communication but for performing tasks involving money and a lot of stake. Software security not only involves securing the software but also user data and communication media. This paper states the several types of security threats that exist since the time networking has evolved, namely, malware, Trojans, viruses, denial of service attacks, and many more. This paper reviews several measures to address these threats. It includes logging, anti-malware, network security methods, and encryption methods. It has been identified that a lot of work has been done to deal with security threats, and it is not only limited to the protection of software but also extends to the protection of data and networks. The existing methods make extensive use of artificial intelligence, and it is identified that there is a need to develop a model that is able to identify known as well as unknown threats. There is a huge scope for research in this area.


Keywords


malware; social engineering; encryption; network security; malware detection

Full Text:

PDF


References


1. Negrea PC. A Comprehensive Analysis of High-Impact Cybersecurity Incidents: Case Studies and Implications [Master’s thesis] Babeș–Bolyai University; 2024.

2. Humayun M, Niazi M, Jhanjhi N, et al. Cyber security threats and vulnerabilities: A systematic mapping study. Arabian Journal for Science and Engineering 2020; 45(4): 3171–3189. doi: 10.1007/s13369-019-04319-2

3. Divya S. A survey on various security threats and classification of malware attacks, vulnerabilities and detection techniques. International Journal of Computer Science & Applications (TIJCSA) 2013; 2(04).

4. Kramer S, Bradfield JC. A general definition of malware. Journal in Computer Virology 2009; 6(2): 105–114. doi: 10.1007/s11416-009-0137-1

5. Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review 2004; 34(2): 39–53. doi: 10.1145/997150.997156

6. Jain V, Sahu DR, Tomar DS. Session hijacking: Threat analysis and countermeasures. In: Proceedings of 2015 International Conference on Futuristic Trends in Computational Analysis and Knowledge Management; 25–27 February 2015; Greater Noida, India.

7. Orabi M, Mouheb D, Al Aghbari Z, et al. Detection of bots in social media: A systematic review. Information Processing & Management 2020; 57(4): 102250. doi: 10.1016/j.ipm.2020.102250

8. Geer D. Malicious bots threaten network security. Computer 2005; 38(1): 18–20. doi: 10.1109/mc.2005.26

9. Ferrara E, Varol O, Davis C, et al. The rise of social bots. Communications of the ACM 2016; 59(7): 96–104. doi: 10.1145/2818717

10. Koyun A, Al Janabi E. Social engineering attacks. Journal of Multidisciplinary Engineering Science and Technology (JMEST) 2017; 4(6): 7533–7538.

11. Conti M, Dragoni N, Lesyk V. A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials 2016; 18(3): 2027–2051. doi: 10.1109/comst.2016.2548426

12. van der Merwe JR, Zubizarreta X, Lukcin I, et al. Classification of spoofing attack types. In: Proceedings of 2018 European Navigation Conference (ENC); 14–17 May 2018; Gothenburg, Sweden. pp. 91–99. doi: 10.1109/euronav.2018.8433227

13. Hong J. The state of phishing attacks. Communications of the ACM 2012; 55(1): 74–81. doi: 10.1145/2063176.2063197

14. Bhavsar V, Kadlak A, Sharma S. Study on phishing attacks. International Journal of Computer Applications 2018; 182(33): 27–29. doi: 10.5120/ijca2018918286

15. Guan A, Chen CM. A novel verification scheme to resist online password guessing attacks. IEEE Transactions on Dependable and Secure Computing 2022; 19(6): 4285–4293. doi: 10.1109/tdsc.2022.3174576

16. Christodorescu M, Jha S, Seshia SA, et al. Semantics-aware malware detection. In: Proceedings of 2005 IEEE Symposium on Security and Privacy (S&P’05); 8–11 May 2005; Oakland, CA, USA. pp. 32–46. doi: 10.1109/sp.2005.20

17. Ye Y, Li T, Adjeroh D, et al. A survey on malware detection using data mining techniques. ACM Computing Surveys 2017; 50(3): 1–40. doi: 10.1145/3073559

18. Sen S, Aydogan E, Aysan AI. Coevolution of mobile malware and anti-malware. IEEE Transactions on Information Forensics and Security 2018; 13(10): 2563–2574. doi: 10.1109/tifs.2018.2824250

19. Aslan O, Samet R. A comprehensive review on malware detection approaches. IEEE Access 2020; 8: 6249–6271. doi: 10.1109/access.2019.2963724

20. Gaurav A, Gupta BB, Panigrahi PK. A comprehensive survey on machine learning approaches for malware detection in IoT-based enterprise information system. Enterprise Information Systems 2022; 17(3). doi: 10.1080/17517575.2021.2023764

21. Gopinath M, Sethuraman SC. A comprehensive survey on deep learning based malware detection techniques. Computer Science Review 2023; 47: 100529. doi: 10.1016/j.cosrev.2022.100529

22. Mukkamala PP, Rajendran S. A survey on the different firewall technologies. International Journal of Engineering Applied Sciences and Technology 2020; 5(1): 363–365. doi: 10.33564/ijeast.2020.v05i01.059

23. Tudosi AD, Graur A, Balan DG, et al. Design and implementation of a distributed firewall management system for improved security. In: Proceedings of 2023 22nd RoEduNet Conference: Networking in Education and Research (RoEduNet); 21–22 September 2023; Craiova, Romania. pp. 1–6. doi: 10.1109/roedunet60162.2023.10274920

24. Rajkumar B, Arunakranthi G. Evolution for a secured path using NexGen firewalls. In: Proceedings of 2022 OPJU International Technology Conference on Emerging Technologies for Sustainable Development (OTCON); 8–10 February 2023; Raigarh, Chhattisgarh, India. pp. 1–6. doi: 10.1109/otcon56053.2023.10113935

25. Madhloom JK, Noori ZH, Ebis SK, et al. An information security engineering framework for modeling packet filtering firewall using neutrosophic petri nets. Computers 2023; 12(10): 202. doi: 10.3390/computers12100202

26. Marin GA. Network security basics. IEEE Security and Privacy Magazine 2005; 3(6): 68–72. doi: 10.1109/msp.2005.153

27. Guan ZH, Huang F, Guan W. Chaos-based image encryption algorithm. Physics Letters A 2005; 346(1–3): 153–157. doi: 10.1016/j.physleta.2005.08.006

28. Alexan W, Elkandoz M, Mashaly M, et al. Color image encryption through chaos and KAA map. IEEE Access 2023; 11: 11541–11554. doi: 10.1109/access.2023.3242311

29. Buchanan WJ, Li S, Asif R. Lightweight cryptography methods. Journal of Cyber Security Technology 2017; 1(3–4): 187–201. doi: 10.1080/23742917.2017.1384917

30. Hasan H, Ali G, Elmedany W, et al. Lightweight encryption algorithms for Internet of Things: A Review on security and performance aspects. In: Proceedings of 2022 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT); 20–21 November 2022; Sakheer, Bahrain. doi: 10.1109/3ict56508.2022.9990859




DOI: https://doi.org/10.24294/csma.v6i1.3769

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Creative Commons License

This site is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.