International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

Emerging Threats and Trends in Cybersecurity: A Comprehensive

Analysis
Mr. Tanay Rambhia1, Mr. Atharva Gitaye2, Mrs. Abhilasha Maurya3

1Dept. of Information Technology, SVKM’s Shri Bhagubhai Mafatlal Polytechnic, Maharashtra, India
2Dept. of Information Technology, SVKM’s Shri Bhagubhai Mafatlal Polytechnic, Maharashtra, India
3Professor, Dept. of Information Technology, SVKM’s Shri Bhagubhai Mafatlal Polytechnic, Maharashtra, India

---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - The goal of this study is to give a thorough cybercriminals can be used for financial fraud,
review of cybersecurity, concentrating on the difficulties that identity theft, and other crimes [2].
come with living in the digital era, the methods used to reduce  Maintaining Business Continuity: Cyberattacks
cyber threats, and the future directions for improving have the potential to halt operations and result in
cybersecurity measures. The study examines how cyber threats losses. Cybersecurity precautions can aid in
have changed over time, the effects of cyber assaults on people, averting these interruptions and guaranteeing that
businesses, and society, and the value of cybersecurity in businesses can continue to run smoothly [2].
protecting sensitive data and vital infrastructure. Other topics  Preserving Reputation: A cybersecurity incident
covered include risk management, incident response, can harm a company's reputation and decrease
encryption, authentication, and user awareness. The report customer trust. A company's reputation and
also looks at upcoming cybersecurity trends and technologies customer trust can be preserved by investing in
like blockchain, cloud security, and artificial intelligence and cybersecurity [2].
their possible effects on cybersecurity in the future.  Compliance with Regulations: Many industries
must adhere to rules requiring them to safeguard
Key Words: Cybersecurity, Encryption, Cyber Threats, sensitive data from online threats. Failure to follow
Sensitive Data, Vital Infrastructure. these rules may have negative consequences [2].

1. INTRODUCTION 2. LIMITATION OF EXISTING SECURITY SYSTEMS

1.1 Importance of Cybersecurity in today’s digital  Lack of Integration and Interoperability: Businesses
age use diverse security technologies, causing inefficiency
and complexity in communication and correlated
Cybersecurity refers to the practice of protecting information. Prioritizing interoperability and consistent
computer systems, networks, and data from unauthorized security management strategies is crucial.
access, use, disclosure, disruption, modification, or  Complexity and Alert Fatigue: Complexity in security
destruction. Cybersecurity is crucial in today's digital age, as systems and high alert volume can cause alert fatigue,
it protects sensitive data, prevents financial losses, and hindering response to genuine threats. Investing in
preserves public trust. It serves as a defense against cyber advanced detection tools and automation is essential to
threats, safeguards critical infrastructure, and ensures prioritize critical alerts.
national security.  Limited Visibility and Monitoring: Security systems
lack visibility, making it challenging to detect
Compliance with data protection regulations is legal and sophisticated threats. Robust monitoring solutions,
maintains customer trust in the digital economy. including network and endpoint monitoring, enhance
Cybersecurity enables digital innovation, societal threat detection and incident response capabilities.
advancements, and economic growth by combating  Reactive Approach to Cybersecurity: Traditional
cybercrime and mitigating insider threats. Strong security systems respond reactively, allowing attackers
cybersecurity practices are essential for building resilience longer dwell time andadopt proactive measures for
against threats and maintaining a secure digital landscape. security.
Cybersecurity is important for many reasons, including:
3. HISTORICAL BACKGROUD OF CYBERSECURITY
 Protecting Sensitive Information: Cybersecurity
3.1 Evolution of Cyber Threats and Attacks
is essential to prevent sensitive information from
getting into the wrong hands given the growing use The world witnessed its first "cyber-attack" in 1970.
of digital systems to store and transmit sensitive Malware, ransomware, and phishing attacks, among other
data. Information that has been stolen by things, have become more sophisticated since then. In fact,

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 222
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

today's hackers, according to Security Magazine, attack PCs conducted infiltration and surveillance campaigns, with
with Internet connection every 39 seconds on average. malicious hacker groups targeting major corporations
A track record of cyberattacks: and government organizations. Large-scale
cybersecurity incidents became more common, with
 Creeper and Reaper: Bob Thomas, a BBN WannaCry, NotPetya, and Yahoo! breaches causing
Technologies engineer, is credited with developing global damage.
the first computer virus. The engineer built the code
for a software that could transfer between 4. CYBERSECURITY THREAT LANDSCAPE
computers and show a message once it arrived in
early 1970. "I'm the creeper: catch me if you can!" 4.1 Types of Cyber Threat Actors (Hackers,
said the message. In reaction to this 'joke,' Thomas' Cybercriminals, State Actors)
coworker, Ray Tomlinson, created new code that
could not only move from computer to computer but Threat actors, sometimes referred to as malicious actors
also reproduce itself as it traveled. This thus or cyber threat actors, are people or organizations who
abolished the 'Creeper' and the new code became actively damage digital systems or devices. Threat actors use
known as the 'Reaper'. Creeper and Reaper were flaws in software, networks, and computer systems to carry
more than just an irritation; they were the beginning out malware, ransomware, and phishing assaults, among
of a lengthy history of cyberattacks [3]. other types of cyberattacks.
 Morris’s Worm: The Morris worm was the first Threat actors are frequently divided into many groups
denial-of-service (DoS) attack in 1989. According to according to their intent and, to a lesser extent,
its developer, Robert Morris, the worm was designed sophistication:
to measure the extent of the internet and  Cybercriminals: Cybercriminals steal sensitive data
considerably slowed down every computer it and conduct ransomware attacks and phishing
infected. It may infect the same machine several schemes in order to commit financial crimes.
times before it crashed. After advocating that the  Nation-state actors: Because nation-state actors
internet be shut down as a solution to the Morris finance illicit activities like espionage and
worm, Computer Emergency Response Teams cyberwarfare, it is difficult to identify and intercept
(CERTs) were formed to deal with future cyber them and steal vital information.
emergencies. This case resulted in the first  Hacktivists: Hacktivists target people, businesses,
conviction under the 1986 Computer Fraud and and governments for sensitive information in order
Abuse Act [3]. to advance political or social goals [4].
 The Virus era: The "Virus Era" of the 1990s was  Thrill seekers: Thrill seekers frequently use pre-
dubbed. I LOVE YOU and Melissa viruses affected existing technologies to attack computer systems for
tens of millions of machines, crashing email systems pleasure, looking for sensitive data or trying to
throughout the world and costing millions of dollars. comprehend networks.
Unfortunately, the majority of the hacked emails  Insider threats: Through human negligence or
were unintentional victims of weak security cybercriminal access, insider threats can hurt an
solutions. These operations, which were primarily organization by stealing data for financial gain or
aimed at monetary gain or strategic purposes, made inflicting harm as payback [4].
headlines as they grabbed center stage in the realm  Cyberterrorists: Attacks with a political motivation
of cyberattacks [3]. are launched by cyberterrorists, who occasionally
pose as nation-states or non-governmental
3.2 Milestones in the Development of organizations and threaten or cause [4].
Cybersecurity

 In the 1960s, cybersecurity became crucial due to

time-sharing and ARPANET, the earliest internet
form. Malware emerged, but security was not a
concern.
 The 1980s saw the rise of the Internet Protocol Suite,
Figure I: Types of Cyber Threat Actors
leading to more potential targets and attackers.
 The 1990s saw the rise of viruses, causing unskilled
4.2 Common Cyber Attacks (Malware, Phishing,
script kiddies to launch attacks without code. The anti-
malware industry and large companies pushed for
DDoS, etc.)
improved cybersecurity.
 Malware: Malware, including spyware, ransomware,
 In the 2000s, more data digitized, leading to more data viruses, and worms, can breach networks through
breaches and ransomware attacks. Nation-states

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 223
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

vulnerabilities, blocking access, installing harmful also report what they find to SIEMs (Security
software, stealing information, and disrupting information and event management) so they can do
systems. It can also cause data transmission and more analysis and take action [6].
disruption, making it crucial to be cautious when  IDS uses two distinct detection techniques to
using it [5]. identify anomalies in packets in the network:
 Phishing: Phishing involves sending fraudulent Signature-based detection utilizes Identity
emails to steal sensitive data or install malware, and Access Management (IDS) to detect
becoming a common cyber threat. The goal is to steal anomalies in malicious packets, either by
sensitive information [5]. detecting patterns in the signature that match
 Man-in-the-middle: Attacks involve attackers known attacks, or by allowing the packet to
inserting themselves into two-party transactions, pass through the network [6].
stealing data through filtering and eavesdropping.  Anomaly-based detection utilizes predefined
Common entry points include unsecure public Wi-Fi packet filtering rules or patterns to detect
and malware-infected devices, allowing attackers to packets that do not match these rules,
process victim information [5]. triggering alerts and sending them to the
 Denial-of-service: Denial-of-service attack, also Security Information and Event Management
known as distributed-denial-of-service (DDoS), (SIEM) system [6].
exhausts resources and bandwidth in systems,  IPS: Intrusion Discovery and Prevention System
preventing legitimate requests from being fulfilled (IPS) is a sophisticated and effective system that
[5]. recognizes and stops vicious packets, reporting them
 SQL injection: SQL injection involves an attacker to SIEM, unlike Intrusion Detection System (IDS),
inserting malicious code into a server using SQL, which only report the packet [6].
causing it to reveal sensitive information. Learn to Three techniques are used by IPS to identify
defend against SQL injection attacks [5]. anomalies and block packets in the network:
 Signature-based detection: Using signatures
to detect through the usage of IPS, malicious
packet patterns are found using signature-
based detection. If the signature matches
known assaults, an alarm is raised, and if
required, the packet is dropped [6].
Figure II: Common Cyber Attacks  Anomaly-based detection: Anomaly-based
detection uses packet filtering to send alerts to
5. CYBERSECURITY TECHNOLOGIES AND SIEM based on predetermined criteria,
STRARTEGIES rejecting packets that don't meet the rules [6].
 Stateful protocol analysis detection: Stateful
5.1 Network Security (Firewalls, IDS/IPS, VPNs) protocol analysis detects packets based on
protocol divergence, discarding or permitting
 Firewall: A firewall is an external network security them based on their compatibility with
device that ensures all packets entering and exiting a acceptable definition profiles [6].
corporate network are checked to prevent unwanted
access. It scans all packets and, according to set
rules, accepts, rejects, or drops them. For example, it
may accept just HTTP packets or drop incoming
ICMP packets [6].
Two different types of firewalls have emerged:
 Network-based firewall: It handles all packets
entering and leaving the network and filters
traffic in accordance with the rules set up on Figure III: Network Security
the firewall [6].
 Host-based firewall: In contrast to network-
5.2 Endpoint Security (Antivirus, EDR)
based firewalls, which protect the entire Endpoint security uses antivirus software and EDR
network, host-based firewalls are software-
solutions to detect, prevent, and respond to security
based firewalls that are installed on personal
problems. It protects specific devices, such as laptops,
computers and filter traffic for a single desktops, servers, and mobiles, against security threats.
dedicated system [6].
 Antivirus: Heuristic analysis and integrity testing
 IDS: IDSs check network traffic for suspicious are used by heritage antivirus software to search
packets or suspicious activity and notify users. They

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 224
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

operating systems and train systems for known 6. VULNERABILITY ASSESMENT AND
contagions. Ultramodern antivirus software PENETRATION TESTING
employs machine literacy and artificial intelligence
to find new contagions, including zero-day pitfalls 6.1 Understanding Vulnerability Assessment
[7].
 EDR: EDR is a security system that continuously The process of identifying and assessing vulnerabilities in a
scans end-user devices for security events and takes system or network infrastructure is known as vulnerability
appropriate action. It captures all endpoint and assessment. It aids in the identification, classification, and
workload activity, providing security professionals prioritization of vulnerabilities that may expose the firm to
with real-time insight. EDR and VPNs can enhance cyber threats or dangers [10].
remote access endpoint security [7].
6.2 Conducting Penetration Testing
i. Planning and reconnaissance: Defining the scope
and goals of the test, acquiring intelligence about the
target system, and analyzing its possible
vulnerabilities are all part of this stage [11].
ii. Scanning: During this stage, the tester uses static
Figure IV: Endpoint Security and dynamic analysis techniques to determine how
the target application will react to intrusion
5.3 Data Encryption and Cryptography attempts. Static analysis is evaluating the
application's code to predict its behavior, and
 Data encryption: Data encryption is a crucial aspect of
dynamic analysis entails inspecting the code while it
data security, converting data into a code for authorized
is executing [11].
individuals to read only with a secret key or password.
iii. Gaining Access: This step focuses on exploiting
Data encryption may be divided into two categories:
vulnerabilities in the target system through web
 Asymmetric encryption: Asymmetric application exploits such as cross-site scripting and
encryption, commonly referred to as public-key SQL injection. Testers attempt to exploit these flaws
cryptography, uses two different cryptographic in order to gain a better understanding of the
asymmetric keys to encrypt and decode data. A potential harm they can do [11].
"public key" and a "private key" are the names iv. Maintaining Access: The purpose of this stage is to
of these two keys [8]. determine whether the found vulnerabilities can be
 Symmetric encryption: Symmetric encryption used to maintain a persistent presence in the
is a kind of encryption in which the plaintext attacked system. This is similar to the strategies used
and the cipher text are both encrypted and by advanced persistent threats, which seek to remain
decrypted using the same secret symmetric key unnoticed in a system for an extended period of time
[8]. [11].
Cryptography: Data is transformed using mathematical v. Analysis: Following the penetration test, the results
methods by cryptography to shield it from unauthorized are collated into a report that specifies the particular
readers and tampers. This makes it possible to communicate vulnerabilities exploited, any sensitive data accessed,
securely even in the presence of adversaries. It covers and the length of undetected system access [11].
methods for secure computing, interactive proofs,
sender/receiver identity authentication, digital signatures, 6.3 Importance of Ethical Hacking
and message integrity checks. Cryptography techniques
include symmetric encryption, asymmetric encryption, Ethical hacking assists in protecting businesses and
hashing, digital signatures, and key exchange algorithms. governmental institutions from problems brought on by
Encryption and decryption are crucial components of hackers attempting to steal crucial data. Hackers may be able
cryptography [8]. to use privacy invasion as a form of extortion or data
leakage. One can easily prevent security breaches by
strengthening digital network security through practical
testing [12].
If preventative measures are implemented in advance by
all the businesses, it is very beneficial. One can easily make
sure that clients and customers have complete faith in one's
business by focusing on safety. Hackers are knowledgeable
and are aware of every possible point of entry into the
system. To prevent a crisis, the entrance points must be fixed
Figure V: Data Encryption and Cryptography [12].

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 225
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

7. CYBERSECURITY POLICIES AND REGULATIONS i. NIST Cybersecurity Framework (CSF): A

voluntary framework developed by the National
7.1 Overview of International Cybersecurity Institute of Standards and Technology (NIST) to
Standards help organizations manage and reduce
cybersecurity risk [14].
Organizations can utilize cybersecurity standards as ii. ISO/IEC 27002 and 27001: Widely recognized
guidelines or best practices to strengthen their cybersecurity international standards for information security
posture. These guidelines are typically included in published management systems (ISMS) [14].
materials that aim to safeguard a user's or organization's iii. Payment Card Industry Data Security Standard
online environment, which includes users, networks, (PCI DSS): Requirements designed to ensure a
devices, all software, workflows, and information in storage secure environment for companies that handle
or transit, as well as applications, services, and systems that credit card information.
can be directly or indirectly connected to networks. iv. Center for Internet Security (CIS) Controls: A set
Organizations can utilize a variety of cybersecurity of 20 security controls designed to give specific and
frameworks and standards to strengthen their cybersecurity practicable ways to stop the most pervasive and
posture. The following are some of the most typical: dangerous attacks.
i. ISO 27000 Series: This is a series of international v. HITRUST CSF: A comprehensive security
standards that provide a framework for information framework specifically designed for healthcare
security management systems [13]. organizations to manage risk and comply with
ii. NIST SP 800-53: This is a set of security and privacy regulations.
controls for federal information systems and vi. Federal Risk and Authorization Management
organizations [13]. Program (FedRAMP): A government-wide
iii. NIST SP 800-171: This is a set of security program that offers a standardized method for
requirements for protecting the confidentiality of cloud product and service security assessment,
controlled unclassified information in nonfederal authorization, and ongoing monitoring.
systems and organizations [13]. vii. Cybersecurity Capability Maturity Model
iv. NIST CSF: This is a voluntary framework that (C2M2): This framework is developed by the
provides a common language for organizations to Department of Energy to help organizations assess
manage and reduce cybersecurity risk [13]. and improve their cybersecurity capabilities.
v. NIST SP 1800 Series: This is a set of guides that
complement the NIST SP 800 Series of standards and 8. CYBERSECURITY CHALLENGES AND FUTURE
frameworks, offering information on how to TRENDS
implement and apply standards-based cybersecurity
technologies in real-world applications [13]. 8.1 Insider Threats and Human Factor
vi. COBIT: This is a framework for the governance and
management of enterprise information and Insider threats and the human factor are some of the
technology [13]. most challenging components of cybersecurity. Insider
vii. ISO/SAE 21434: This standard covers the aspects of threats manifest in various ways such as violence, espionage,
automotive cybersecurity and includes a list of sabotage, theft, and cyber acts. The human factor is evident
requirements related to cybersecurity risk in insider threats, as malicious insiders pose a significant
management. threat, knowing the organization's cybersecurity measures
and sensitive data. According to the 2023 Insider Threat
7.2 Cybersecurity Frameworks Report by Cybersecurity Insiders, 74% of organizations are
at least moderately vulnerable to insider threats. Insider
Cybersecurity frameworks are sets of policies, practices, threat via a company’s own employees (and contractors and
and procedures implemented to create an effective security vendors) is one of the largest unsolved issues in
posture. They provide organizations with the guidance to cybersecurity, present in 50% of breaches reported in a
protect their assets from cyber threats by identifying, recent study. The cost of addressing an insider security
assessing, and managing risks that could lead to data problem has increased by 34% since 2020, from $11.45
breaches, system outages, or other disruptions. million in 2020 to $15.38 million in 2022. To manage insider
Cybersecurity frameworks provide a common language and threats, organizations should consider implementing a
set of standards for security leaders across countries and people-first cybersecurity approach to insider threat
industries to understand their security postures and those of management that considers the human factor [15].
their vendors. Implementing cybersecurity frameworks
helps businesses to comply with relevant regulations and
laws. Here are some of the most commonly used
cybersecurity frameworks:

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 226
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

8.2 Internet of Things (IoT) Security and steal data. And the cloud has begun collaborating
with it. The possibility of malware installation is
Securing the IoT devices is the strategy to protect IoT examined in the East Carolina University report on
devices and the vulnerable networks they connect to from security concerns on cloud computing vulnerabilities.
cyber-attacks. Devices used in IoT have no built-in security. "Malware injection assault has become a key security
IoT hardware lacks security by design. IoT devices operate concern in cloud computing systems," the author writes
undiscovered by traditional cybersecurity systems and [17].
transmit data over the internet without encryption,  Data Loss: Data loss is one of the issues of cloud
necessitating IoT security to assist avoid data breaches. IoT computing. A data leak is a common term used to
hardware was not developed with security in mind. The describe this. Access to sensitive information is available
likelihood that your company will be vulnerable to cyber to interposers like workers and business mates. thus, if a
threats is increased by the continuous diversity and cloud service's security is compromised, it's possible
proliferation of IoT devices and communication channels. that hackers will gain our particular information or
This can bring big IoT security challenges like Lack of sensitive data [17] [18].
encrypting data while forwarding through devices, Security Businesses employing cloud computing must give up
Vulnerabilities in software and firmware, Security concerns some control to the CSP (Cloud Service Provider) in
while communication [16]. order to address security pitfalls. As a result, someone
We can address this security concerns using various outside of your IT department may be in charge of
techniques like Conducting Security Assessment for IoT guarding some of your company's most important data.
devices, implementing strong communication and However, your business will lose its data and intellectual
authentication protocols, keep updating IoT devices with property and be responsible for any performing losses,
latest security patch and firmware updates [16]. If the cloud service provider is compromised or attacked
[17] [18].
8.3 Cloud Security Concerns
8.4 Blockchain for Cybersecurity
Cloud security concerns are a critical aspect of adopting
cloud computing. Organizations are increasingly worried Blockchain technology has the potential to revolutionize
about the security of their data and applications in the cloud. cybersecurity by providing a comprehensive risk
Several top cloud security threats and concerns have been management system for a blockchain network, using
identified, including: cybersecurity frameworks, assurance services, and best
 Misconfiguration: Data breaches in the cloud are practices. Here are some ways in which blockchain can be
caused in large part by incorrectly configured cloud used for cybersecurity:
security settings, which is a severe issue. Organizations  Data Integration and Protection: Because it is
struggle to ensure that data is only accessible to decentralized and immutable, blockchain guarantees the
authorized persons because cloud infrastructure is security and integrity of data.
designed to be user-friendly and speed up data A blockchain's data is tamper-proof because it is
transmission. Businesses that rely on cloud-based distributed over a number of network nodes, making it
infrastructure also don't have comprehensive insight difficult for hackers to corrupt or change the data.
into and control over that infrastructure, therefore in Because of this, blockchain technology is appropriate for
order to set up and secure their cloud installations, they use in industries where data integrity is essential, like
must use security tools provided by their cloud service finance, supply chain management, and healthcare
provider (CSP). Because many organizations are records.
unfamiliar with securing cloud infrastructure and  Secure Communication Channel: Blockchain can be
frequently deploy multiple clouds, each with a different used to establish secure communication channels
set of vendor-provided security controls, it is simple for between various devices, enabling secure
a configuration error or security lapse to expose an communication and data sharing [19].
organization's cloud-based resources to attackers [17] This is particularly applicable in the environment of the
[18]. Internet of Things (IoT), where the adding number of
 Malware Injections: Scripts or pieces of code known as connected devices raises security enterprises [19].
malware injections are added to cloud services. and By using blockchain technology, IoT and other devices
operate as SaaS from cloud servers while pretending to can be made more secure and less vulnerable to cyber-
be "legitimate instances". This suggests that malicious attacks [19].
software can be inserted into cloud services and be
mistaken for a part of the application or service running 8.5 Advancements in Cyber Threat Intelligence
on the cloud servers themselves [17].
Once the malware insertion is complete, attackers can Advancements in Cyber Threat Intelligence have been
eavesdrop, compromise the security of confidential data, significant in recent years, with the introduction of new

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 227
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

technologies and techniques. Here are some of the key 4. Define a callback function
advancements in Cyber Threat Intelligence: process_sniffed_packet(packet) to process each
 AI Enabled Threat Intelligence: The use of Artificial sniffed packet:
Intelligence (AI) in Cyber Threat Intelligence has  Check if the packet is an ARP packet
brought about significant productivity gains in Threat (packet.haslayer(scapy.ARP)) and if it is an
intelligence and security operations [20]. ARP Response (packet[scapy.ARP].op ==
AI has been used to make automated security systems, 2).
natural language processing, face discovery, and  Retrieve the original MAC address by
automatic Threat discovery. AI enabled Threat discovery calling the mac function with the source IP
systems can prognosticate new attacks and notify address (packet[scapy.ARP].psrc).
admins of any data breach directly [20].  Extract the MAC address from the ARP
 Enhanced Security Operations Centers (SOCs): Response (packet[scapy.ARP].hwsrc) as
Security Operations Centers (SOCs) play a crucial role in the response MAC address.
monitoring and protecting organizations from cyber 5. Finally, initiate packet sniffing on the "eth0"
threats [21]. network interface by calling sniff("eth0").
Advancements in threat intelligence have empowered
SOCs to become more effective in real-time monitoring,
investigating security events, and responding to cyber
threats [21].
This includes leveraging AI and machine learning
algorithms to automate threat detection, incident
response, and threat hunting processes [21].

9. SECURITY ALGORITHM
ARP Spoofing Detection
ARP (Address Resolution Protocol) spoofing, also known as
ARP poisoning, is a network attack where an attacker sends
malicious ARP messages to associate their own MAC address
with the IP address of another device on the network. This
can lead to traffic being redirected or intercepted, enabling
the attacker to perform various malicious activities, such as
eavesdropping, man-in-the-middle attacks, or network
disruption.

Algorithm:
1. Import the necessary modules, including Scapy.
2. Define a function mac(ipadd) to retrieve the MAC
address of a given IP address: Figure VI: ARP Spoof Detection
 Create an ARP request packet for the
specified IP address. 10. CONCLUSION
 Create an Ethernet frame with the
destination MAC address as broadcast. The study highlights cybersecurity challenges in the
 Combine the Ethernet frame and ARP digital age and emphasizes the need for effective safeguards
request packet. to protect vital infrastructure and sensitive data. It highlights
 Send the combined packet and receive a proactive risk management and incident response tactics
response. and analyses historical trends.
 Extract and return the MAC address from
the response. REFERENCES
3. Define a function sniff(interface) to capture packets
[1] What is Cybersecurity? | CISA,” Cybersecurity and
on a specified network interface:
Infrastructure Security Agency CISA, Feb. 01, 2021.
 Use Scapy's sniff function to capture
https://www.cisa.gov/news-events/news/what-
packets on the specified interface.
cybersecurity
 Set store to False to discard sniffed packets.
 Specify a callback function [2] M. Sadangi, “Cybersecurity: Why It’s More Important
prn=process_sniffed_packet to process Than Ever,” dzone.com, Apr. 27, 2023.
each captured packet.

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 228
 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 10 Issue: 11 | Nov 2023 www.irjet.net p-ISSN: 2395-0072

https://dzone.com/articles/cybersecurity-why-its- Company, Sep. 24, 2018.

more-important-than-ever https://www.mckinsey.com/capabilities/risk-and-
resilience/our-insights/insider-threat-the-human-
[3] “The Evolution of Cybersecurity Solutions & Threats | element-of-cyberrisk
SecurityScorecard,” SecurityScorecard, May 24, 2023.
https://securityscorecard.com/blog/cybersecurity- [16] “What is IoT Security? Definition and Challenges of IoT
solution-evolution/ Security,” Fortinet.
https://www.fortinet.com/resources/cyberglossary/iot
[4] R. Blog, “7 Types of Cyber Threat Actors And Their -security
Damage.” https://www.redlegg.com/blog/cyber-threat-
actor-types [17] A. Tarimela, “All You Need to Know About Top 10
Security Issues in Cloud Computing,” Jan. 02, 2023.
[5] “What Are the Most Common Cyber Attacks?,” Cisco, Oct. https://www.veritis.com/blog/top-10-security-issues-
04, 2021. in-cloud-computing/
https://www.cisco.com/c/en_in/products/security/co
mmon-cyberattacks.html [18] Chkadmin, “Top Cloud Security Issues, Threats and
Concerns,” Check Point Software, Jul. 15, 2022.
[6] “Firewalls and IDS/IPS | Infosec.” https://www.checkpoint.com/cyber-hub/cloud-
https://resources.infosecinstitute.com/topics/network- security/what-is-cloud-security/top-cloud-security-
security-101/firewalls-and-ids-ips/ issues-threats-and-concerns/

[7] “EDR vs Antivirus: Understanding Endpoint Protection [19] B. S. Solutions, “Blockchain and Cybersecurity:
Options,” Cynet, Oct. 23, 2023. Strengthening Data Protection.”
https://www.cynet.com/endpoint-protection-and- https://www.linkedin.com/pulse/blockchain-
edr/edr-vs-antivirus/ cybersecurity-strengthening-data-protection/
[8] “What is encryption? Data encryption defined | IBM.” [20] B. Arora, “How AI-Enabled Threat Intelligence Is
https://www.ibm.com/topics/encryption Becoming Our Future,” Forbes, Jul. 21, 2023.
https://forbes.com/sites/forbestechcouncil/2023/07/2
[9] “Cryptography | NIST,” NIST, May 27, 2022. 1/how-ai-enabled-threat-intelligence-is-becoming-our-
https://www.nist.gov/cryptography future
[10] “What Is Vulnerability Assessment? Benefits, Tools, and [21] “The Evolution of Security Operations and Strategies for
Process | HackerOne.” Building an Effective SOC,” ISACA.
https://www.hackerone.com/knowledge-center/what- https://www.isaca.org/resources/isaca-
vulnerability-assessment-benefits-tools-and-process journal/issues/2021/volume-5/the-evolution-of-
security-operations-and-strategies-for-building-an-
[11] P. Wall, “What is Penetration Testing | Step-By-Step
effective-soc
Process & Methods | Imperva,” Learning Center, Mar. 14,
2023. https://www.imperva.com/learn/application-
security/penetration-testing/

[12] “Why do We Need Ethical Hacking? Need and

Importance.”
https://www.knowledgehut.com/blog/security/need-
of-ethical-hacking

[13] P. Kirvan, “Top 10 IT security frameworks and standards

explained,” Security, Dec. 21, 2021.
https://www.techtarget.com/searchsecurity/tip/IT-
security-frameworks-and-standards-Choosing-the-
right-one

[14] “7 Cybersecurity Frameworks To Reduce Cyber Risk,”

Bitsight. https://www.bitsight.com/blog/7-
cybersecurity-frameworks-to-reduce-cyber-risk

[15] T. Bailey, B. Kolo, K. Rajagopalan, and D. Ware, “Insider

threat: The human element of cyberrisk,” McKinsey &

© 2023, IRJET | Impact Factor value: 8.226 | ISO 9001:2008 Certified Journal | Page 229