SlideShare a Scribd company logo

IRJET- Cyber Attacks and its different Types

IRJET Journal, profile picture
IRJET Journal

This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include: 1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service. 2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others. 3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users. 4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction. Countermeasures to these attacks include firewall

Engineering
1 of 4
Download to read offline
1
2
3
4
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4849 CYBER ATTACKS AND ITS DIFFERENT TYPES Jibi Mariam Biju1, Neethu Gopal2, Anju J Prakash3 1,2Mtech, CSE Department, Sree Buddha College of Engineering, Kerala, India 3Assistant Professor, CSE Department, Sree Buddha College of Engineering, Kerala, India ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Technology has made human life more straightforward as it brings everything to our finger tips. The invention of computers and mobile phones brought us higher attainment with time and they played a vital role in accomplishing our day to day task with ease both in professional as well as in personal lives. They are not only a simple means of gaining information and communication but also a means for data storing and data warehousingi.ewecan store much important information on them. They include credit card details, passwords, usercredential informationetc. Most of these data are stored in plain text and can be easily obtained. Cyber criminals aim at getting the information, gaining access to information between a clientandaserverby spreading malware and thereby gaining unauthorized access which is known as cyber-attack. There are different types of cyber-attacks and there is a need to be aware of such attacks in order to protect ourselves from attackers. This paper provides an overview of different cyber-attacksandhowitcan be prevented. Key Words: Cyber Attacks, Cyber Security, Malwares 1. INTRODUCTION Cyberattack is a kind of attack that targets computer or computer network in an attempt to steal, alter or destroy any critical data present in it. The attacker can be any individual or a process that gain unauthorized access oruse. Cyber-attack can be operated either by an individual or by groups. The aim of cyber-attack is to get the information system of an individual or a management. Cyberattack make use of malicious code and hence it changes the computer data, code or logic. This leads to disruptive effects and compromise data and lead to cybercrimes such as theft of information and identity. 2. WORKING OF CYBER ATTACK If cyber-attack is executed by an experienced and skilled rival, it may involve many repeated pages. Hence by understanding the different kind of attacks and the stages involved in it, one could protect himself from the attack. Attacks can be grouped into two types: targeted and un- targeted. Targeted attack: In this kind of attack, the attacker has a special concern on a particularorganizationorhasbeenpaid to target such organization. The preparation of such attack may take long time so as to find best way to carry out the exploit to the system. The targetedattack causesmorethreat than the untargeted as they are specifically made. Examples includes spear phishing, deploying a botnet, subverting the supply chain etc. Untargeted attack: In this kind of attack, the attacker targets as many devices or users widely. Here the attacker may take the advantage of the openness of the internet. Examples include phishing, ransomware, scanning. The different stages involved in most of the cyber-attack are survey, delivery, breach and affect.  Survey- In order to determine the possible threat information about the target is analyzed.  Delivery- Attending to the factor in a machine in which a vulnerability can be exploited.  Breach – Exploiting the vulnerabilities to take the advantage of unauthorized access.  Affect - Carrying out activities within a device that reap the attacker’s goal. 3. TYPES OF CYBER ATTACK 3.1 Denial-of-service (DoS) and distributed denial- of-service (DDoS) attacks A denial-of-service attack overruns the system resources so that it cannot answer to the service request. The host machine which are affected by malicious software that are controlled by an attacker launches DDoS attack. In this kind of cyber-attack, the machine or network resourcesaremade unavailable for the intended userbydisturbingtheserviceof the host which is connected to the internet. TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets are the different type of DoS and DDoS attacks. It is very difficult to prevent DoS attack as it is very challenging to differentiate a legitimateonefroma malicious traffic request as they use same port and protocol. In order to protect the system from denial-of-service attack, make sure that the system contain IDS,DDoSprotectionproduct.It is necessary to ensure that there is surplus of bandwidth internet connection on a particular organization. As there is large bandwidth for service traffic requests, it helps to protect against low-scale DDoS attacks.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4850 3.2 Man-in-the-middle (MitM) attack A MitM attack takes place when a third party comes in between the communication of a client and a server. The third party impersonates both the client and the server and gain access to the information between them. This kind of attack makes a threat actor to seize, sent and receive the data which intended for someone else others. AMITMattack misuses the real time operation of transactions, communication or exchange of other information. The different types of man-in-the-middle attack includessession hijacking, IP spoofing and reply. An intrusion detection system can be set up in order to avoid man-in-middleattack. It helps to give immediate alert if someone tries to hijack the network flow. Virtual private network can also be used to prevent man-in-middle attack. This helps to create additional secure layers when accessing a company’s confidential layer via Wi-Fi. 3.3 Phishing attacks Phishing attack is the means of sending fraudulent emails that seems to come from trusted sources. The main goal of this kind of attack is gaining personal and credential information. Phishing attack is a form of social engineering and technical trickery. It is in the form of emails which consists of embedded hyperlinks that loads malware onto our system. Sometimes this link also leads to an illegitimate website that makes us to download malware or give up our personal information. To get sensitive data phishing attack make use of some media tools, messages, calls etc. whaling, spear phishing, pharming and deceptive are the different phishing techniques. In order to reduce the risk of phishing attack, critical thinking, hovering over the links, analyzing email headers and sandboxing can be used. Moreover,bygivingawareness among the organization employees as well as forindividuals we can prevent phishing attack to some extent. 3. 4. Drive-by- download attack Drive-by-download attack is a common kind of cyber-attack carried out by the cyber criminals to spread malware and gain unauthorized access. This attack occurs when a computer becomes infected by a malicious software by simply visiting a website. The user does not need to click anywhere to get infected, that’s why it is called” drive-by” download attack. Here the criminals often use a legitimate website and inject a malicious object inside the web pages. The users cannot observe the infections and range from malicious JavaScript code to iFrames, links, redirects, cross- site scripting, and other malicious elements. At the time when a user visits that infected web page, malicious codes are automatically loaded into the user’s browser. Then it suddenly scans the computer security vulnerabilities in the operating system and other applications. Updating the software quickly and regularly, removal of unwanted software applications and browser plug-in, by using firewall and web filtering software can be used to prevent drive-by download attack. Moreover, any kind of malicious software can enter itself intoa system withoutany explicit permission when we are using a privileged account whenever to browse the internet. Such entry to the system can be prevented by keeping two separate account. One can be used for daily activities and other can be used for administrator account for installing software. 3.5 Password Attack The most common method to authenticate user is to use passwords and obtaining such passwords is an effective attack approach. Password attack is the technique in which user’s password is obtained or decrypted by illegitimate means. User password can be obtained by looking around the user’s desk, by guessing, accessing password database, sniffing the network connection to get the plaintext password etc. Password sniffers,dictionaryattacks,cracking programs are the different methods used by the cyber criminals in password attack. By changing the passwords frequently,usingunrecognizablewordsandminimumlength can the different means by which password attack can be defended. Brute force and dictionaryattack arethetwomain techniques in which passwordcanbeobtained.Bruteforceis a random method in which different passwords are tried expecting that one password will word whereas the later method gain access to a user’s computer and network. 3.6 SQL Injection Attack SQL (Structured Query Language) is a computer language that is used to store, manipulate and retrieve data stored in the database. SQL language uses commands like select, update, delete to perform the required task. SQL can also execute queries against the database, insert records to the database and can create new tables in the database. SQL Injection (SQI) attack make use of malicious code in order to access information bymanipulatingdatabaseatthebackend. This information may include any sensitive organization details, customer/ user private data etc. This may result in the illegal viewing of the user data, deletion of the table data and unauthorized attack of database. An attacker who wants to execute SQL injection will manipulate a standard SQL queryto exploitvulnerabilitiesin a database that are not validated. Attackers canalsousemis- filtered characters to alter SQL commands.Thereareseveral effective ways to prevent and protect against SQLI attacks if they occur. Input validation can be performed to identify unlawful user inputs which is the writing code practice that can. But this method is not much suitable as the mapping of all legal and illegal inputs is not feasible. Because of this, usually a web application firewall (WAF) is used to remove out SQLI. Signature recognition, IP reputation and other
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4851 security methods can also be used to identify and block SQL injections with a minimum of false positives. 3.7 Cross-site scripting (XSS) attack Cross-site scripting is a common type of injection attack that inserts malicious code into a trusted web site or into a sensitive web application. In other words, XSS occurs when the attacker injects a malicious code or JavaScript into website’s database. The intruderinjectsmaliciousJavaScript code into the end user’s webpage and make him/her to download the webpage. The browser of the victim executes the malicious script within theresponse,sendingthecookies of the victim to the server of the attacker. There are three main types of XSS attack: Persistent XSS, Reflected XSS and DOM based XSS. In persistent XSS, maliciouscodearosefrom the website’s database whereas in case of Reflected XSS, malicious code arose from the victim’s request. DOM based XSS is an alternate for above mentioned methods. Here the vulnerability is present in the client side not in the server side. Cross-site scripting can be prevented either by encoding or validation. Encoding escapes the user input so that the browser interprets it only as data, not as code and validation filters the user input to be interpreted by the browser as code without malicious commands. 3.8 Eavesdropping attack Also known as sniffing or snooping attack. Eavesdropping attack deals hacking data that are sent through digital devices. Attacker uses insecure network for communication and examines send and receive data. As they do not show any abnormal operation during transmission via network, this kind of attack are very hard to detect. Using this method an attacker can obtain various information like credit card number, password and other sensitive information that are sent across the network. Attacker may introduce snifferona computer or server to perform the eavesdropping attack seize data during transmission. This attack can be of two types: Passive Eavesdropping and Active Eavesdropping. Passive Eavesdropping takes place by listening to the message transmission in the network, attacker uncoversthe data. In Active Eavesdropping, attacker get the data by pretending himself asa friendlyunitandsendingtransmitter queries. Use of an anti-virus software, firewall, virtual private network,encryption andavoidingthepublic network for transmitting sensitive data helps to prevent eavesdropping attack. 3.9 Birthday Attack Birthday attack is a kind ofcryptographic attack belongingto a brute force attack class. It works on the principle of birthday problem in probability theory. This attack can be used to misuse the exchange of information between more than two parties. Birthday attacks are carriedoutusinghash algorithms to check themessageintegrity,softwareordigital signature. Hash function processed message produces a message digest of fixed length. This message digest exclusively defines the input message as it is independent of the length of the input message. Birthday attack is the process of finding two arbitrary messagethatgeneratesame message digest when processed by a hash function. If the sender calculated message digest is same as that of the message digest calculated by an attacker, the attacker can replace the message of sender with attacker message. Thereby the receiver of the message cannot recognize the message as fraud as it shows same message digest. 3. 10 Malware Attack Malware attack is a class of cyberattack in which malicious software is installed into the user’s computer without any consent of the user. This is what we called now as virus, spyware or ransomware etc. Malicious code is attached to the legitimate code, get propagated and executed by themselves. Malwares are able to access private network, interrupt certain computing operation, steal sensitive information or any other user data and thereby making money illicitly from the target. Now a day, malware aims more at business or financial information than any credential personal information. Most common type of malware includes:  Virus: A malicious software that get attached to any computer program, replicate and modify codes when executed. It canspread eitherbydownloading a file or running any program.  Worms: spread across computers or networks via email attachments. This may result in denial-of- service attacks  Trojans: One of the most danger malware which has malicious function. It hides in a useful program and do not replicate like viruses.  Ransomware: A type of malicious software that locks out the user data and threatens user unless a ransom is paid. It is very difficult to prevent this attack even though the code is simple.  Spyware: A kind of malware that inspects the user activity without user approval and report it to the attacker. 4. CONCLUSION Cyberattacks are one of the most ambiguousfactorswhichis quickly and constantly evolving that causes threat to computer or computer networks. Cyber criminals have introduced different hacking techniques and causes individual as well as business sectors more vulnerable to security problems. This paper outlined about the most common cyberattacks that are used bytheattackersinorder to compromise our critical information. These attacks cause a negative impact on the integrity, confidentiality and
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4852 security of the system as well as the network. The major thing that we can do is to protect ourselves from attack is to understand about the possible threat and take required steps to safeguard the system and network. REFERENCES [1] Cyber-Attacks-Different types and its prevention methods,https://www.cisco.com/c/en/us/products/sec urity/common-cyberattacks.html [2] Top 10 common cyber-attacksandit’scountermeasures https://blog.netwrix.com/2018/05/15/top-10-most- common-types-of-cyber-attacks.html [3] Andreea Bendovschi, “Cyber-attacks – trends, patterns and security countermeasures” in ResearchGate, 2016. [4] Antesar M.Shabut,” Cyber Attacks, Countermeasures, and Protection Schemes–AStateoftheArtSurvey”, 2016 10th International Conference on Software, Knowledge, Information Management & Applications. [5] L. Meyer ; W.T. Penzhorn “Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks”, IEEE AFRICON 2004 [6] Oliver Eigner “Detection of Man-in-the-Middle Attacks on Industrial Control Network”, 2016 International Conference on Software Security and Assurance https://www.veracode.com/security/man-middle- attack.html [7] Tommy Chin, Member, IEEE, Kaiqi Xiong, Senior Member, IEEE, and Chengbin Hu, “PhishLimiter: A Phishing Detection. [8] Aditya K. Sood,” Drive-By Download Attacks A Comparative Study”, IEEE Computer Society,2016 [9] Hong-Ning Dai ; Hao Wang ; Hong Xiao ; Xuran Li ; Qiu Wang, “On EavesdroppingAttacksinWirelessNetwork” [10] Rahul Raveendranath ;VenkiteswaranRajamani;Anoop Joseph Babu ; Soumya Kanti Datta, “Android malware attacks and countermeasures: Current and future directions” BIOGRAPHIES Jibi Mariam Biju, she is currently pursuing M.tech in Computer Scinece and Engineering in Sree Buddha College of Engineering, Elavumthitta. Her research areas include the field of data mining, cryptography and security. Anju J Prakash is working as Asst.Professor incomputerscience and engineering in Sree Buddha College of engineering, meanwhile pursuing her PhD in the field of image processing or data mining from Noorul Islam Centre for higher education. Neethu Gopal, she is currently pursuing Master’s Degree in Computer ScienceandEngineering in Sree Buddha College of Engineering, Elavumthitta, Kerala, India. Her research area of interest includes the field of Security and Blockchain Technology.

More Related Content

PDF
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
IJERA Editor
 
PDF
Chapter 2 konsep dasar keamanan
newbie2019
 
PDF
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
PDF
Designing Security Assessment of Client Server System using Attack Tree Modeling
ijtsrd
 
PDF
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
PDF
Em36849854
IJERA Editor
 
PDF
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
PDF
Fundamentals of information systems security ( pdf drive ) chapter 1
newbie2019
 
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
IJERA Editor
 
Chapter 2 konsep dasar keamanan
newbie2019
 
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
ijtsrd
 
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
Em36849854
IJERA Editor
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Fundamentals of information systems security ( pdf drive ) chapter 1
newbie2019
 

What's hot (20)

PDF
C02
newbie2019
 
PDF
Detection of Rogue Access Point in WLAN using Hopfield Neural Network
IJECEIAES
 
PDF
Cyber attacks
Anuradha Moti T
 
PPTX
Types of Cyber Attacks
Rubal Sagwal
 
PDF
Cybersecurity Goes Mainstream
Rob Marson
 
PDF
50120140502001 2
IAEME Publication
 
PPTX
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
PDF
Gg2511351142
IJERA Editor
 
PDF
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
PDF
Banking and Modern Payments System Security Analysis
CSCJournals
 
PDF
Network security chapter 1,2
Education
 
PDF
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
PDF
Survey of apt and other attacks with reliable security schemes in manet
ijctet
 
PPTX
Types of Cyber-Attacks
techexpert2345
 
PDF
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web Services
IJNSA Journal
 
PDF
Paper id 35201568
IJRAT
 
PDF
Prevention based mechanism for attacks in Network Security
Editor IJMTER
 
PDF
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET Journal
 
PDF
IRJET- A Novel Survey on DOS Attacks
IRJET Journal
 
PDF
Symantec Intelligence Quarterly Report - October - December 2010
Symantec
 
C02
newbie2019
 
Detection of Rogue Access Point in WLAN using Hopfield Neural Network
IJECEIAES
 
Cyber attacks
Anuradha Moti T
 
Types of Cyber Attacks
Rubal Sagwal
 
Cybersecurity Goes Mainstream
Rob Marson
 
50120140502001 2
IAEME Publication
 
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Gg2511351142
IJERA Editor
 
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Banking and Modern Payments System Security Analysis
CSCJournals
 
Network security chapter 1,2
Education
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
Survey of apt and other attacks with reliable security schemes in manet
ijctet
 
Types of Cyber-Attacks
techexpert2345
 
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web Services
IJNSA Journal
 
Paper id 35201568
IJRAT
 
Prevention based mechanism for attacks in Network Security
Editor IJMTER
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET Journal
 
IRJET- A Novel Survey on DOS Attacks
IRJET Journal
 
Symantec Intelligence Quarterly Report - October - December 2010
Symantec
 
Ad

Similar to IRJET- Cyber Attacks and its different Types (20)

PPTX
Cybersecurity
A. Shamel
 
PPTX
Presentation on Cyber Security
BalwantBesra
 
PPTX
Cyber.pptx
MahalakshmiShetty3
 
PPTX
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
PDF
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
IRJET Journal
 
PPTX
SEMINAR ON CYBER SECURITY.pptx
GauravWankar2
 
PPTX
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
PPTX
Lecture 3.pptx
MuhammadRehan856177
 
PPTX
Cyber Security PPT.pptx
AkshayKhade21
 
PPTX
CyberSecurity and Importance of cybersecurity
Home
 
PPTX
Cyber attack
Manjushree Mashal
 
PPTX
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
PPTX
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
PDF
cyber security
Naveed Ahmed Siddiqui
 
PDF
7 Major Types of Cyber Security Threats.pdf
PhD Assistance
 
PDF
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
Cyber security professional services- Detox techno
 
PPTX
Introduction Of Cyber Security in 2024.pptx
shivjohncena789
 
PPTX
hgfhvgggggggggggggggggggggggpresent.pptx
wellmove2222
 
PPTX
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
PPTX
Cyber Security PPT.pptx
AbhishekDas794104
 
Cybersecurity
A. Shamel
 
Presentation on Cyber Security
BalwantBesra
 
Cyber.pptx
MahalakshmiShetty3
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
IRJET Journal
 
SEMINAR ON CYBER SECURITY.pptx
GauravWankar2
 
Information system security Unit 1.pptx
Dr. Pallawi Bulakh
 
Lecture 3.pptx
MuhammadRehan856177
 
Cyber Security PPT.pptx
AkshayKhade21
 
CyberSecurity and Importance of cybersecurity
Home
 
Cyber attack
Manjushree Mashal
 
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
cyber security
Naveed Ahmed Siddiqui
 
7 Major Types of Cyber Security Threats.pdf
PhD Assistance
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
Cyber security professional services- Detox techno
 
Introduction Of Cyber Security in 2024.pptx
shivjohncena789
 
hgfhvgggggggggggggggggggggggpresent.pptx
wellmove2222
 
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Cyber Security PPT.pptx
AbhishekDas794104
 
Ad

More from IRJET Journal (20)

PDF
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
IRJET Journal
 
PDF
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
PDF
Kiona – A Smart Society Automation Project
IRJET Journal
 
PDF
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
PDF
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
PDF
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
PDF
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
PDF
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
PDF
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
PDF
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
PDF
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
PDF
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
PDF
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
PDF
Breast Cancer Detection using Computer Vision
IRJET Journal
 
PDF
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
PDF
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
PDF
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
PDF
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
PDF
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
PDF
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
IRJET Journal
 
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
Kiona – A Smart Society Automation Project
IRJET Journal
 
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
Breast Cancer Detection using Computer Vision
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 

Recently uploaded (20)

PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPTX
Strings in CPP - Strings in C++ are sequences of characters used to store and...
sangeethamtech26
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Strings in CPP - Strings in C++ are sequences of characters used to store and...
sangeethamtech26
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
Welding lecture in detail for understanding
sahilpoonia10
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Sustainable Sites - Green Building Construction
mhdumerali
 

IRJET- Cyber Attacks and its different Types

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4849 CYBER ATTACKS AND ITS DIFFERENT TYPES Jibi Mariam Biju1, Neethu Gopal2, Anju J Prakash3 1,2Mtech, CSE Department, Sree Buddha College of Engineering, Kerala, India 3Assistant Professor, CSE Department, Sree Buddha College of Engineering, Kerala, India ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Technology has made human life more straightforward as it brings everything to our finger tips. The invention of computers and mobile phones brought us higher attainment with time and they played a vital role in accomplishing our day to day task with ease both in professional as well as in personal lives. They are not only a simple means of gaining information and communication but also a means for data storing and data warehousingi.ewecan store much important information on them. They include credit card details, passwords, usercredential informationetc. Most of these data are stored in plain text and can be easily obtained. Cyber criminals aim at getting the information, gaining access to information between a clientandaserverby spreading malware and thereby gaining unauthorized access which is known as cyber-attack. There are different types of cyber-attacks and there is a need to be aware of such attacks in order to protect ourselves from attackers. This paper provides an overview of different cyber-attacksandhowitcan be prevented. Key Words: Cyber Attacks, Cyber Security, Malwares 1. INTRODUCTION Cyberattack is a kind of attack that targets computer or computer network in an attempt to steal, alter or destroy any critical data present in it. The attacker can be any individual or a process that gain unauthorized access oruse. Cyber-attack can be operated either by an individual or by groups. The aim of cyber-attack is to get the information system of an individual or a management. Cyberattack make use of malicious code and hence it changes the computer data, code or logic. This leads to disruptive effects and compromise data and lead to cybercrimes such as theft of information and identity. 2. WORKING OF CYBER ATTACK If cyber-attack is executed by an experienced and skilled rival, it may involve many repeated pages. Hence by understanding the different kind of attacks and the stages involved in it, one could protect himself from the attack. Attacks can be grouped into two types: targeted and un- targeted. Targeted attack: In this kind of attack, the attacker has a special concern on a particularorganizationorhasbeenpaid to target such organization. The preparation of such attack may take long time so as to find best way to carry out the exploit to the system. The targetedattack causesmorethreat than the untargeted as they are specifically made. Examples includes spear phishing, deploying a botnet, subverting the supply chain etc. Untargeted attack: In this kind of attack, the attacker targets as many devices or users widely. Here the attacker may take the advantage of the openness of the internet. Examples include phishing, ransomware, scanning. The different stages involved in most of the cyber-attack are survey, delivery, breach and affect.  Survey- In order to determine the possible threat information about the target is analyzed.  Delivery- Attending to the factor in a machine in which a vulnerability can be exploited.  Breach – Exploiting the vulnerabilities to take the advantage of unauthorized access.  Affect - Carrying out activities within a device that reap the attacker’s goal. 3. TYPES OF CYBER ATTACK 3.1 Denial-of-service (DoS) and distributed denial- of-service (DDoS) attacks A denial-of-service attack overruns the system resources so that it cannot answer to the service request. The host machine which are affected by malicious software that are controlled by an attacker launches DDoS attack. In this kind of cyber-attack, the machine or network resourcesaremade unavailable for the intended userbydisturbingtheserviceof the host which is connected to the internet. TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets are the different type of DoS and DDoS attacks. It is very difficult to prevent DoS attack as it is very challenging to differentiate a legitimateonefroma malicious traffic request as they use same port and protocol. In order to protect the system from denial-of-service attack, make sure that the system contain IDS,DDoSprotectionproduct.It is necessary to ensure that there is surplus of bandwidth internet connection on a particular organization. As there is large bandwidth for service traffic requests, it helps to protect against low-scale DDoS attacks.
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4850 3.2 Man-in-the-middle (MitM) attack A MitM attack takes place when a third party comes in between the communication of a client and a server. The third party impersonates both the client and the server and gain access to the information between them. This kind of attack makes a threat actor to seize, sent and receive the data which intended for someone else others. AMITMattack misuses the real time operation of transactions, communication or exchange of other information. The different types of man-in-the-middle attack includessession hijacking, IP spoofing and reply. An intrusion detection system can be set up in order to avoid man-in-middleattack. It helps to give immediate alert if someone tries to hijack the network flow. Virtual private network can also be used to prevent man-in-middle attack. This helps to create additional secure layers when accessing a company’s confidential layer via Wi-Fi. 3.3 Phishing attacks Phishing attack is the means of sending fraudulent emails that seems to come from trusted sources. The main goal of this kind of attack is gaining personal and credential information. Phishing attack is a form of social engineering and technical trickery. It is in the form of emails which consists of embedded hyperlinks that loads malware onto our system. Sometimes this link also leads to an illegitimate website that makes us to download malware or give up our personal information. To get sensitive data phishing attack make use of some media tools, messages, calls etc. whaling, spear phishing, pharming and deceptive are the different phishing techniques. In order to reduce the risk of phishing attack, critical thinking, hovering over the links, analyzing email headers and sandboxing can be used. Moreover,bygivingawareness among the organization employees as well as forindividuals we can prevent phishing attack to some extent. 3. 4. Drive-by- download attack Drive-by-download attack is a common kind of cyber-attack carried out by the cyber criminals to spread malware and gain unauthorized access. This attack occurs when a computer becomes infected by a malicious software by simply visiting a website. The user does not need to click anywhere to get infected, that’s why it is called” drive-by” download attack. Here the criminals often use a legitimate website and inject a malicious object inside the web pages. The users cannot observe the infections and range from malicious JavaScript code to iFrames, links, redirects, cross- site scripting, and other malicious elements. At the time when a user visits that infected web page, malicious codes are automatically loaded into the user’s browser. Then it suddenly scans the computer security vulnerabilities in the operating system and other applications. Updating the software quickly and regularly, removal of unwanted software applications and browser plug-in, by using firewall and web filtering software can be used to prevent drive-by download attack. Moreover, any kind of malicious software can enter itself intoa system withoutany explicit permission when we are using a privileged account whenever to browse the internet. Such entry to the system can be prevented by keeping two separate account. One can be used for daily activities and other can be used for administrator account for installing software. 3.5 Password Attack The most common method to authenticate user is to use passwords and obtaining such passwords is an effective attack approach. Password attack is the technique in which user’s password is obtained or decrypted by illegitimate means. User password can be obtained by looking around the user’s desk, by guessing, accessing password database, sniffing the network connection to get the plaintext password etc. Password sniffers,dictionaryattacks,cracking programs are the different methods used by the cyber criminals in password attack. By changing the passwords frequently,usingunrecognizablewordsandminimumlength can the different means by which password attack can be defended. Brute force and dictionaryattack arethetwomain techniques in which passwordcanbeobtained.Bruteforceis a random method in which different passwords are tried expecting that one password will word whereas the later method gain access to a user’s computer and network. 3.6 SQL Injection Attack SQL (Structured Query Language) is a computer language that is used to store, manipulate and retrieve data stored in the database. SQL language uses commands like select, update, delete to perform the required task. SQL can also execute queries against the database, insert records to the database and can create new tables in the database. SQL Injection (SQI) attack make use of malicious code in order to access information bymanipulatingdatabaseatthebackend. This information may include any sensitive organization details, customer/ user private data etc. This may result in the illegal viewing of the user data, deletion of the table data and unauthorized attack of database. An attacker who wants to execute SQL injection will manipulate a standard SQL queryto exploitvulnerabilitiesin a database that are not validated. Attackers canalsousemis- filtered characters to alter SQL commands.Thereareseveral effective ways to prevent and protect against SQLI attacks if they occur. Input validation can be performed to identify unlawful user inputs which is the writing code practice that can. But this method is not much suitable as the mapping of all legal and illegal inputs is not feasible. Because of this, usually a web application firewall (WAF) is used to remove out SQLI. Signature recognition, IP reputation and other
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4851 security methods can also be used to identify and block SQL injections with a minimum of false positives. 3.7 Cross-site scripting (XSS) attack Cross-site scripting is a common type of injection attack that inserts malicious code into a trusted web site or into a sensitive web application. In other words, XSS occurs when the attacker injects a malicious code or JavaScript into website’s database. The intruderinjectsmaliciousJavaScript code into the end user’s webpage and make him/her to download the webpage. The browser of the victim executes the malicious script within theresponse,sendingthecookies of the victim to the server of the attacker. There are three main types of XSS attack: Persistent XSS, Reflected XSS and DOM based XSS. In persistent XSS, maliciouscodearosefrom the website’s database whereas in case of Reflected XSS, malicious code arose from the victim’s request. DOM based XSS is an alternate for above mentioned methods. Here the vulnerability is present in the client side not in the server side. Cross-site scripting can be prevented either by encoding or validation. Encoding escapes the user input so that the browser interprets it only as data, not as code and validation filters the user input to be interpreted by the browser as code without malicious commands. 3.8 Eavesdropping attack Also known as sniffing or snooping attack. Eavesdropping attack deals hacking data that are sent through digital devices. Attacker uses insecure network for communication and examines send and receive data. As they do not show any abnormal operation during transmission via network, this kind of attack are very hard to detect. Using this method an attacker can obtain various information like credit card number, password and other sensitive information that are sent across the network. Attacker may introduce snifferona computer or server to perform the eavesdropping attack seize data during transmission. This attack can be of two types: Passive Eavesdropping and Active Eavesdropping. Passive Eavesdropping takes place by listening to the message transmission in the network, attacker uncoversthe data. In Active Eavesdropping, attacker get the data by pretending himself asa friendlyunitandsendingtransmitter queries. Use of an anti-virus software, firewall, virtual private network,encryption andavoidingthepublic network for transmitting sensitive data helps to prevent eavesdropping attack. 3.9 Birthday Attack Birthday attack is a kind ofcryptographic attack belongingto a brute force attack class. It works on the principle of birthday problem in probability theory. This attack can be used to misuse the exchange of information between more than two parties. Birthday attacks are carriedoutusinghash algorithms to check themessageintegrity,softwareordigital signature. Hash function processed message produces a message digest of fixed length. This message digest exclusively defines the input message as it is independent of the length of the input message. Birthday attack is the process of finding two arbitrary messagethatgeneratesame message digest when processed by a hash function. If the sender calculated message digest is same as that of the message digest calculated by an attacker, the attacker can replace the message of sender with attacker message. Thereby the receiver of the message cannot recognize the message as fraud as it shows same message digest. 3. 10 Malware Attack Malware attack is a class of cyberattack in which malicious software is installed into the user’s computer without any consent of the user. This is what we called now as virus, spyware or ransomware etc. Malicious code is attached to the legitimate code, get propagated and executed by themselves. Malwares are able to access private network, interrupt certain computing operation, steal sensitive information or any other user data and thereby making money illicitly from the target. Now a day, malware aims more at business or financial information than any credential personal information. Most common type of malware includes:  Virus: A malicious software that get attached to any computer program, replicate and modify codes when executed. It canspread eitherbydownloading a file or running any program.  Worms: spread across computers or networks via email attachments. This may result in denial-of- service attacks  Trojans: One of the most danger malware which has malicious function. It hides in a useful program and do not replicate like viruses.  Ransomware: A type of malicious software that locks out the user data and threatens user unless a ransom is paid. It is very difficult to prevent this attack even though the code is simple.  Spyware: A kind of malware that inspects the user activity without user approval and report it to the attacker. 4. CONCLUSION Cyberattacks are one of the most ambiguousfactorswhichis quickly and constantly evolving that causes threat to computer or computer networks. Cyber criminals have introduced different hacking techniques and causes individual as well as business sectors more vulnerable to security problems. This paper outlined about the most common cyberattacks that are used bytheattackersinorder to compromise our critical information. These attacks cause a negative impact on the integrity, confidentiality and
  • 4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 03 | Mar 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 4852 security of the system as well as the network. The major thing that we can do is to protect ourselves from attack is to understand about the possible threat and take required steps to safeguard the system and network. REFERENCES [1] Cyber-Attacks-Different types and its prevention methods,https://www.cisco.com/c/en/us/products/sec urity/common-cyberattacks.html [2] Top 10 common cyber-attacksandit’scountermeasures https://blog.netwrix.com/2018/05/15/top-10-most- common-types-of-cyber-attacks.html [3] Andreea Bendovschi, “Cyber-attacks – trends, patterns and security countermeasures” in ResearchGate, 2016. [4] Antesar M.Shabut,” Cyber Attacks, Countermeasures, and Protection Schemes–AStateoftheArtSurvey”, 2016 10th International Conference on Software, Knowledge, Information Management & Applications. [5] L. Meyer ; W.T. Penzhorn “Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks”, IEEE AFRICON 2004 [6] Oliver Eigner “Detection of Man-in-the-Middle Attacks on Industrial Control Network”, 2016 International Conference on Software Security and Assurance https://www.veracode.com/security/man-middle- attack.html [7] Tommy Chin, Member, IEEE, Kaiqi Xiong, Senior Member, IEEE, and Chengbin Hu, “PhishLimiter: A Phishing Detection. [8] Aditya K. Sood,” Drive-By Download Attacks A Comparative Study”, IEEE Computer Society,2016 [9] Hong-Ning Dai ; Hao Wang ; Hong Xiao ; Xuran Li ; Qiu Wang, “On EavesdroppingAttacksinWirelessNetwork” [10] Rahul Raveendranath ;VenkiteswaranRajamani;Anoop Joseph Babu ; Soumya Kanti Datta, “Android malware attacks and countermeasures: Current and future directions” BIOGRAPHIES Jibi Mariam Biju, she is currently pursuing M.tech in Computer Scinece and Engineering in Sree Buddha College of Engineering, Elavumthitta. Her research areas include the field of data mining, cryptography and security. Anju J Prakash is working as Asst.Professor incomputerscience and engineering in Sree Buddha College of engineering, meanwhile pursuing her PhD in the field of image processing or data mining from Noorul Islam Centre for higher education. Neethu Gopal, she is currently pursuing Master’s Degree in Computer ScienceandEngineering in Sree Buddha College of Engineering, Elavumthitta, Kerala, India. Her research area of interest includes the field of Security and Blockchain Technology.