Ethical hacking based on trust tests: A vision oriented to cybersecurity and risk mitigation

John Jairo Castro-Maldonado; Paola Andrea Buitrago-Cadavid; Bernardo De Jesús Zapata-Baena; Robert David Urda-Benitez

doi:10.33571/rpolitec.v22n43a5

Autores/as

John Jairo Castro-Maldonado Servicio Nacional de Aprendizaje https://orcid.org/0000-0002-3823-4297
Paola Andrea Buitrago-Cadavid Universidad Nacional Abierta y a distancia https://orcid.org/0000-0001-8770-7794
Bernardo De Jesús Zapata-Baena Servicio Nacional de Aprendizaje https://orcid.org/0009-0004-0739-4345
Robert David Urda-Benitez Institución Universitaria Pascual Bravo https://orcid.org/0000-0003-4921-5195

DOI:

https://doi.org/10.33571/rpolitec.v22n43a5

Palabras clave:

Ethical Hacking, Penetration Testing, Security Testing, Vulnerability Assessment, Information Security, Cybersecurity, Cybert threats, Phishing

Resumen

In the context of increasing cybersecurity risks across interconnected sectors, ethical hacking and penetration testing have become crucial for safeguarding sensitive information and critical infrastructure. This systematic review examines current literature on cybersecurity anomalies and highlights the most effective machine learning techniques applied in critical sectors such as healthcare, finance, and government. The review identifies common security anomalies and their frequency, with AN05 and AN08 emerging as the most recurrent threats. Machine learning techniques like T01 and T18 are extensively utilized for detecting patterns and mitigating cyber threats, significantly enhancing digital security across sectors. Additionally, this study explores ethical and legal considerations surrounding ethical hacking, underscoring the need for regulatory frameworks tailored to each sector’s unique challenges. Significant research gaps are also identified, including the lack of standardized trust tests, limitations in machine learning transferability, and a dependence on human intervention. The integration of emerging technologies, particularly artificial intelligence, presents promising solutions for addressing these gaps, offering predictive capabilities and improved scalability in cybersecurity applications. This review provides a comprehensive vision aimed at advancing cybersecurity measures and risk mitigation strategies through the ethical application of trust-based tests.

Métricas de artículo

Resumen: 44 PDF: 28

Métricas PlumX

Biografía del autor/a

John Jairo Castro-Maldonado, Servicio Nacional de Aprendizaje

PhD en Educación, PhD en Ingeniería (C), Servicio Nacional de Aprendizaje SENA. Broward International University BIU

Paola Andrea Buitrago-Cadavid, Universidad Nacional Abierta y a distancia

MSc in Modeling and Computational Science, Faculty of Engineering, National Open and Distance University, GIDESTEC Research Group, Medellin-Colombia

Bernardo De Jesús Zapata-Baena, Servicio Nacional de Aprendizaje

Ingeniero Electrónico

Robert David Urda-Benitez, Institución Universitaria Pascual Bravo

MSc in Industrial Automation and Control, Faculty of Engineering, Pascual Bravo University Institution, GICEI Research Group, Medellin-Colombia

Citas

[1] P. Danso, S. Dadkhah, E. Neto, A. Zohourian, H. Molyneaux, R. Lu, et al., “Transferability of machine learning algorithm for IoT device profiling and identification,” IEEE Internet of Things Journal, vol. 11, pp. 2322–2335, 2024, doi: 10.1109/JIOT.2023.3292319.

[2] F. Santoso and A. Finn, “An in-depth examination of artificial intelligence-enhanced cybersecurity in robotics, autonomous systems, and critical infrastructures,” IEEE Transactions on Services Computing, vol. 17, pp. 1293–1307, 2024, doi: 10.1109/TSC.2023.3331083.

[3] F. Alsubaei, A. Almazroi, and N. Ayub, “Enhancing phishing detection: A novel hybrid deep learning framework for cybercrime forensics,” IEEE Access, vol. 12, pp. 8373–8389, 2024, doi: 10.1109/ACCESS.2024.3351946.

[4] R. Hamon, H. Junklewitz, J. Garrido, and I. Sanchez, “Three challenges to secure AI systems in the context of AI regulations,” IEEE Access, vol. 12, pp. 61022–61031, 2024, doi: 10.1109/ACCESS.2024.3391021.

[5] S. Barbaria, M. Mont, E. Ghadafi, H. Machraoui, and H. Rahmouni, “Leveraging patient information sharing using blockchain-based distributed networks,” IEEE Access, vol. 10, pp. 106334–106350, 2022, doi: 10.1109/ACCESS.2022.3206046.

[6] L. Kalabarige, R. Rao, A. Pais, and L. Gabralla, “A boosting-based hybrid feature selection and multi-layer stacked ensemble learning model to detect phishing websites,” IEEE Access, vol. 11, pp. 71180–71193, 2023, doi: 10.1109/ACCESS.2023.3293649.

[7] K. Agrawal, M. Aggarwal, S. Tanwar, G. Sharma, P. Bokoro, and R. Sharma, “An extensive blockchain-based applications survey: Tools, frameworks, opportunities, challenges, and solutions,” IEEE Access, vol. 10, pp. 116858–116873, 2022, doi: 10.1109/ACCESS.2022.3219160.

[8] S. Javed, M. Ahmad, M. Asif, W. Akram, K. Mahmood, A. Das, et al., “APT adversarial defence mechanism for industrial IoT enabled cyber-physical system,” IEEE Access, vol. 11, pp. 74000–74017, 2023, doi: 10.1109/ACCESS.2023.3291599.

[9] R. Abdillah, Z. Shukur, M. Mohd, T. Zamri, I. Oh, and K. Yim, “Performance evaluation of phishing classification techniques on various data sources and schemes,” IEEE Access, vol. 11, pp. 38721–38734, 2023, doi: 10.1109/ACCESS.2022.3225971.

[10] H. Lee, S. Lee, K. Kim, and H. Kim, “Hsviz-II: Octet layered hierarchy simplified visualizations for distributed firewall policy analysis,” IEEE Access, vol. 12, pp. 936–948, 2024, doi: 10.1109/ACCESS.2023.3346922.

[11] F. Liang, W. Hatcher, W. Liao, W. Gao, and W. Yu, “Machine learning for security and the internet of things: The good, the bad, and the ugly,” IEEE Access, vol. 7, pp. 158126–158137, 2019, doi: 10.1109/ACCESS.2019.2948912.

[12] N. Do, A. Selamat, O. Krejcar, E. Herrera-Viedma, and H. Fujita, “Deep learning for phishing detection: Taxonomy, current challenges and future directions,” IEEE Access, vol. 10, pp. 36429–36445, 2022, doi: 10.1109/ACCESS.2022.3151903.

[13] S. Remya, M. Pillai, K. Nair, S. Subbareddy, and Y. Cho, “An effective detection approach for phishing URL using ResMLP,” IEEE Access, vol. 12, pp. 79367–79382, 2024, doi: 10.1109/ACCESS.2024.3409049.

[14] V. Mullet, P. Sondi, and E. Ramat, “A review of cybersecurity guidelines for manufacturing factories in Industry 4.0,” IEEE Access, vol. 9, pp. 23235–23251, 2021, doi: 10.1109/ACCESS.2021.3056650.

[15] J. Schoenherr, “Insider threats and individual differences: Intention and unintentional motivations,” IEEE Transactions on Technology and Society, vol. 3, pp. 175–184, 2022, doi: 10.1109/TTS.2022.3192767.

[16] M. Almehdhar, A. Albaseer, M. Khan, M. Abdallah, H. Menouar, S. Al-Kuwari, et al., “Deep learning in the fast lane: A survey on advanced intrusion detection systems for intelligent vehicle networks,” IEEE Open Journal of Vehicular Technology, vol. 5, pp. 869–888, 2024, doi: 10.1109/OJVT.2024.3422253.

[17] L. Tidjon, M. Frappier, and A. Mammar, “Intrusion detection systems: A cross-domain overview,” IEEE Communications Surveys & Tutorials, vol. 21, pp. 3639–3661, 2019, doi: 10.1109/COMST.2019.2922584.

[18] T. Lewis and B. Rimal, “Effects of removing user-land hooks in endpoint protection during attack experiments,” IEEE Access, vol. 12, pp. 15820–15842, 2024, doi: 10.1109/ACCESS.2024.3357525.

[19] I. Ghafir, V. Prenosil, M. Hammoudeh, T. Baker, S. Jabbar, S. Khalid, et al., “BotDet: A system for real-time botnet command and control traffic detection,” IEEE Access, vol. 6, pp. 38947–38958, 2018, doi: 10.1109/ACCESS.2018.2846740.

[20] C. Grady, S. Rajtmajer, and L. Dennis, “When smart systems fail: The ethics of cyber–physical critical infrastructure risk,” IEEE Transactions on Technology and Society, vol. 2, pp. 6–13, 2021, doi: 10.1109/TTS.2021.3058605.

[21] A. Chorppath, T. Alpcan, and H. Boche, “Bayesian mechanisms and detection methods for wireless network with malicious users,” IEEE Transactions on Mobile Computing, vol. 15, pp. 2452–2463, 2016, doi: 10.1109/TMC.2015.2505724.

[22] Y. Lyu, H. Cho, P. Jung, and S. Lee, “A systematic literature review of issue-based requirement traceability,” IEEE Access, vol. 11, pp. 13334–13348, 2023.

[23] S. Marchal, J. François, R. State, and T. Engel, “PhishStorm: Detecting phishing with streaming analytics,” IEEE Transactions on Network and Service Management, vol. 11, pp. 458–471, 2014, doi: 10.1109/TNSM.2014.2377295.

[24] M. Jang and K. Lee, “An advanced approach for detecting behavior-based intranet attacks by machine learning,” IEEE Access, vol. 12, pp. 52480–52495, 2024, doi: 10.1109/ACCESS.2024.3387016.

[25] S. Kumar, S. Gupta, and S. Arora, “Research trends in network-based intrusion detection systems: A review,” IEEE Access, vol. 9, pp. 157761–157775, 2021, doi: 10.1109/ACCESS.2021.3129775.

[26] M. Hina, M. Ali, A. Javed, F. Ghabban, L. Khan, and Z. Jalil, “SEFACED: Semantic-based forensic analysis and classification of e-mail data using deep learning,” IEEE Access, vol. 9, pp. 98398–98411, 2021, doi: 10.1109/ACCESS.2021.3095730.

[27] I. Wiafe, F. Koranteng, E. Obeng, N. Assyne, A. Wiafe, and S. Gulliver, “Artificial intelligence for cybersecurity: A systematic mapping of literature,” IEEE Access, vol. 8, pp. 146598–146610, 2020, doi: 10.1109/ACCESS.2020.3013145.

[28] M. Marican, S. Razak, A. Selamat, and S. Othman, “Cyber security maturity assessment framework for technology startups: A systematic literature review,” IEEE Access, vol. 11, pp. 5442–5452, 2023, doi: 10.1109/ACCESS.2022.3229766.

[29] S. Salloum, T. Gaber, S. Vadera, and K. Shaalan, “A systematic literature review on phishing email detection using natural language processing techniques,” IEEE Access, vol. 10, pp. 65703–65719, 2022, doi: 10.1109/ACCESS.2022.3183083.

[30] Y. Fang, C. Zhang, C. Huang, L. Liu, and Y. Yang, “Phishing email detection using improved RCNN model with multilevel vectors and attention mechanism,” IEEE Access, vol. 7, pp. 81542–81554, 2019, doi: 10.1109/ACCESS.2019.2913705.

[31] D. Kim, M. Ahn, S. Lee, D. Lee, M. Park, and D. Shin, “Improved cyber defense modeling framework for modeling and simulating the lifecycle of cyber defense activities,” IEEE Access, vol. 11, pp. 114187–114200, 2023, doi: 10.1109/ACCESS.2023.3324901.

[32] F. Abri, J. Zheng, A. Namin, and K. Jones, “Markov decision process for modeling social engineering attacks and finding optimal attack strategies,” IEEE Access, vol. 10, pp. 109949–109964, 2022, doi: 10.1109/ACCESS.2022.3213711.

[33] B. Sun, T. Ban, C. Han, T. Takahashi, K. Yoshioka, J. Takeuchi, et al., “Leveraging machine learning techniques to identify deceptive decoy documents associated with targeted email attacks,” IEEE Access, vol. 9, pp. 87962–87971, 2021, doi: 10.1109/ACCESS.2021.3082000.

[34] F. Rosa, N. Maunero, P. Prinetto, F. Talentino, and M. Trussoni, “Threma: Ontology-based automated threat modeling for ICT infrastructures,” IEEE Access, vol. 10, pp. 116514–116531, 2022, doi: 10.1109/ACCESS.2022.3219063.

[35] J. Hu, S. Guo, X. Kuang, F. Meng, D. Hu, and Z. Shi, “I-HMM-based multidimensional network security risk assessment,” IEEE Access, vol. 8, pp. 1431–1442, 2020, doi: 10.1109/ACCESS.2019.2961997.

[36] N. Nejjari, K. Zkik, H. Hammouchi, M. Ghogho, and H. Benbrahim, “Assessing data breach factors through modern crime theory: A structural equation modeling approach,” IEEE Access, vol. 12, pp. 92198–92212, 2024, doi: 10.1109/ACCESS.2024.3423651.

[37] M. Zaoui, B. Yousra, S. Yassine, Y. Maleh, and K. Ouazzane, “A comprehensive taxonomy of social engineering attacks and defense mechanisms: Toward effective mitigation strategies,” IEEE Access, vol. 12, pp. 72224–72238, 2024, doi: 10.1109/ACCESS.2024.3403197.

[38] W. Meng, E. Tischhauser, Q. Wang, Y. Wang, and J. Han, “When intrusion detection meets blockchain technology: A review,” IEEE Access, vol. 6, pp. 10179–10188, 2018, doi: 10.1109/ACCESS.2018.2799854.

[39] A. Darem, A. Alhashmi, T. Alkhaldi, A. Alashjaee, S. Alanazi, and S. Ebad, “Cyber threats classifications and countermeasures in banking and financial sector,” IEEE Access, vol. 11, pp. 125138–125156, 2023, doi: 10.1109/ACCESS.2023.3327016.

[40] F. Ullah, H. Naeem, S. Jabbar, S. Khalid, M. Latif, F. Al-Turjman, et al., “Cyber security threats detection in internet of things using deep learning approach,” IEEE Access, vol. 7, pp. 124379–124389, 2019, doi: 10.1109/ACCESS.2019.2937347.

[41] F. Sabry, W. Labda, A. Erbad, and Q. Malluhi, “Cryptocurrencies and artificial intelligence: Challenges and opportunities,” IEEE Access, vol. 8, pp. 175840–175855, 2020, doi: 10.1109/ACCESS.2020.3025211.

[42] D. Jibat, S. Jamjoom, Q. Al-Haija, and A. Qusef, “A systematic review: Detecting phishing websites using data mining models,” Intelligent and Converged Networks, vol. 4, pp. 326–341, 2023, doi: 10.23919/ICN.2023.0027.

[43] F. Heiding, B. Schneier, A. Vishwanath, J. Bernstein, and P. Park, “Devising and detecting phishing emails using large language models,” IEEE Access, vol. 12, pp. 42131–42144, 2024, doi: 10.1109/ACCESS.2024.3375882.

[44] S. Maroofi, M. Korczyński, A. Hölzel, and A. Duda, “Adoption of email anti-spoofing schemes: A large scale analysis,” IEEE Transactions on Network and Service Management, vol. 18, pp. 315–330, 2021, doi: 10.1109/TNSM.2021.3065422.

[45] A. Aloseel, H. He, C. Shaw, and M. Khan, “Analytical review of cybersecurity for embedded systems,” IEEE Access, vol. 9, pp. 961–975, 2021, doi: 10.1109/ACCESS.2020.3045972.

[46] K. Chen, F. Cao, L. Hao, M. Xiang, and M. M. Kamruzzaman, “Application analysis of digital neural network-based data mining method in maximizing the performance of sports training,” Rev. Bras. Med. Esporte, vol. 29, p. e2022_0152, 2023, doi: 10.1590/1517-8692202329012022_0152.

[47] S. Mohan, C. Thirumalai, and G. Srivastava, “Effective heart disease prediction using hybrid machine learning techniques,” IEEE Access, vol. 7, pp. 81542–81554, 2019, doi: 10.1109/ACCESS.2019.2923707.

[48] A. Yeboah-Ofori, S. Islam, S. Lee, Z. Shamszaman, K. Muhammad, M. Altaf, et al., “Cyber threat predictive analytics for improving cyber supply chain security,” IEEE Access, vol. 9, pp. 94318–94334, 2021, doi: 10.1109/ACCESS.2021.3087109.

[49] J. Ndibwile, E. Luhanga, D. Fall, D. Miyamoto, G. Blanc, and Y. Kadobayashi, “An empirical approach to phishing countermeasures through smart glasses and validation agents,” IEEE Access, vol. 7, pp. 130758–130771, 2019, doi: 10.1109/ACCESS.2019.2940669.

[50] A. Dimitriadis, E. Lontzetidis, B. Kulvatunyou, N. Ivezic, D. Gritzalis, and I. Mavridis, “Fronesis: Digital forensics-based early detection of ongoing cyber-attacks,” IEEE Access, vol. 11, pp. 728–743, 2023, doi: 10.1109/ACCESS.2022.3233404.

[51] M. Ayyash, T. Alsboui, O. Alshaikh, I. Inuwa-Dutse, S. Khan, and S. Parkinson, “Cybersecurity education and awareness among parents and teachers: A survey of Bahrain,” IEEE Access, vol. 12, pp. 86596–86613, 2024, doi: 10.1109/ACCESS.2024.3416045.

[52] Y. Huang, Y. Li, and Z. Cai, “Security and privacy in metaverse: A comprehensive survey,” Big Data Mining and Analytics, vol. 6, pp. 234–247, Jun. 2023, doi: 10.26599/BDMA.2022.9020047.

[53] S. Kalhoro, M. Rehman, V. Ponnusamy, and F. Shaikh, “Extracting key factors of cyber hygiene behaviour among software engineers: A systematic literature review,” IEEE Access, vol. 9, pp. 99339–99362, 2021, doi: 10.1109/ACCESS.2021.3097144.

[54] S. Sai, U. Yashvardhan, V. Chamola, and B. Sikdar, “Generative AI for cyber security: Analyzing the potential of ChatGPT, DALL-E, and other models for enhancing the security space,” IEEE Access, vol. 12, pp. 53497–53512, 2024, doi: 10.1109/ACCESS.2024.3385107.

[55] F. Djebbar and K. Nordström, “A comparative analysis of industrial cybersecurity standards,” IEEE Access, vol. 11, pp. 85315–85330, 2023, doi: 10.1109/ACCESS.2023.3303205.

[56] G. White, R. Allen, A. Samuel, A. Abdullah, and R. Thomas, “Antecedents of cyber-security implementation: A study of the cyber-preparedness of U.K. social enterprises,” IEEE Transactions on Engineering Management, vol. 69, pp. 3826–3837, 2022, doi: 10.1109/TEM.2020.2994981.

[57] F. Valenza, E. Karafili, R. Steiner, and E. Lupu, “A hybrid threat model for smart systems,” IEEE Transactions on Dependable and Secure Computing, vol. 20, pp. 4403–4417, 2023, doi: 10.1109/TDSC.2022.3213577.

[58] A. Ajmal, M. Shah, C. Maple, M. Asghar, and S. Islam, “Offensive security: Towards proactive threat hunting via adversary emulation,” IEEE Access, vol. 9, pp. 126023–126033, 2021, doi: 10.1109/ACCESS.2021.3104260.

[59] R. Marinho and R. Holanda, “Automated emerging cyber threat identification and profiling based on natural language processing,” IEEE Access, vol. 11, pp. 58915–58930, 2023, doi: 10.1109/ACCESS.2023.3260020.

[60] E. Alkeem, S. Kim, C. Yeun, M. Zemerly, K. Poon, G. Gianini, et al., “An enhanced electrocardiogram biometric authentication system using machine learning,” IEEE Access, vol. 7, pp. 123069–123075, 2019, doi: 10.1109/ACCESS.2019.2937357.

[61] F. Gallardo and A. Yuste, “SCER spoofing attacks on the Galileo open service and machine learning techniques for end-user protection,” IEEE Access, vol. 8, pp. 85515–85530, 2020, doi: 10.1109/ACCESS.2020.2992119.

[62] M. Keshk, B. Turnbull, E. Sitnikova, D. Vatsalan, and N. Moustafa, “Privacy-preserving schemes for safeguarding heterogeneous data sources in cyber-physical systems,” IEEE Access, vol. 9, pp. 55077–55089, 2021, doi: 10.1109/ACCESS.2021.3069737.

[63] T. Ustun, S. Farooq, and S. Hussain, “A novel approach for mitigation of replay and masquerade attacks in smartgrids using IEC 61850 standard,” IEEE Access, vol. 7, pp. 156044–156053, 2019, doi: 10.1109/ACCESS.2019.2948117.

[64] M. Tsiodra, S. Panda, M. Chronopoulos, and E. Panaousis, “Cyber risk assessment and optimization: A small business case study,” IEEE Access, vol. 11, pp. 44467–44480, 2023, doi: 10.1109/ACCESS.2023.3272670.

[65] M. Erendor and M. Yildirim, “Cybersecurity awareness in online education: A case study analysis,” IEEE Access, vol. 10, pp. 52319–52335, 2022, doi: 10.1109/ACCESS.2022.3171829.

[66] O. Falowo and J. Abdo, “2019–2023 in review: Projecting DDoS threats with ARIMA and ETS forecasting techniques,” IEEE Access, vol. 12, pp. 26759–26771, 2024, doi: 10.1109/ACCESS.2024.3367240.

[67] J. Nicholls, A. Kuppa, and N.-A. Le-Khac, “Financial cybercrime: A comprehensive survey of deep learning approaches to tackle the evolving financial crime landscape,” IEEE Access, vol. 9, pp. 163965–163980, 2021, doi: 10.1109/ACCESS.2021.3134076.

[68] W. Syafitri, Z. Shukur, U. Mokhtar, R. Sulaiman, and M. Ibrahim, “Social engineering attacks prevention: A systematic literature review,” IEEE Access, vol. 10, pp. 39325–39340, 2022, doi: 10.1109/ACCESS.2022.3162594.

[69] K. Zheng, T. Wu, X. Wang, B. Wu, and C. Wu, “A session and dialogue-based social engineering framework,” IEEE Access, vol. 7, pp. 67781–67794, 2019, doi: 10.1109/ACCESS.2019.2919150.

[70] A. Alturki, N. Alshwihi, and A. Algarni, “Factors influencing players’ susceptibility to social engineering in social gaming networks,” IEEE Access, vol. 8, pp. 97383–97391, 2020, doi: 10.1109/ACCESS.2020.2995619.

[71] B. Zyoud and S. Lutfi, “The role of information security culture in zero trust adoption: Insights from UAE organizations,” IEEE Access, vol. 12, pp. 72420–72438, 2024, doi: 10.1109/ACCESS.2024.3402341.

[72] M. Slunjski, D. Sumina, S. Groš, and I. Erceg, “Off-the-shelf solutions as potential cyber threats to industrial environments and simple-to-implement protection methodology,” IEEE Access, vol. 10, pp. 114735–114748, 2022, doi: 10.1109/ACCESS.2022.3217797.

[73] P. Frontera and E. Rodríguez-Seda, “Network attacks on cyber–physical systems project-based learning activity,” IEEE Transactions on Education, vol. 64, pp. 110–116, 2021, doi: 10.1109/TE.2020.3014268.

[74] A. Battah, K. Salah, R. Jayaraman, I. Yaqoob, and A. Khalil, “Using blockchain for enabling transparent, traceable, and trusted university ranking systems,” IEEE Access, vol. 11, pp. 23792–23806, 2023, doi: 10.1109/ACCESS.2023.3253948.

[75] R. Liu, “Data analysis of educational evaluation using K-Means clustering method,” Computational Intelligence and Neuroscience, vol. 2022, pp. 1–10, Jul. 2022, doi: 10.1155/2022/3762431.

[76] S. Sengupta, A. Chowdhary, A. Sabur, A. Alshamrani, D. Huang, and S. Kambhampati, “A survey of moving target defenses for network security,” IEEE Communications Surveys & Tutorials, vol. 22, pp. 1909–1940, 2020, doi: 10.1109/COMST.2020.2982955.

[77] H. Abroshan, J. Devos, G. Poels, and E. Laermans, “Phishing happens beyond technology: The effects of human behaviors and demographics on each step of a phishing process,” IEEE Access, vol. 9, pp. 44928–44943, 2021, doi: 10.1109/ACCESS.2021.3066383.

[78] H. Aldawood and G. Skinner, “Analysis and findings of social engineering industry experts explorative interviews: Perspectives on measures, tools, and solutions,” IEEE Access, vol. 8, pp. 67321–67329, 2020, doi: 10.1109/ACCESS.2020.2983280.

[79] P. Jarupunphol, S. Seatun, and W. Buathong, “Measuring vulnerability assessment tools’ performance on the university web application,” Pertanika Journal of Science & Technology, vol. 31, pp. 2973–2993, 2023, doi: 10.47836/pjst.31.6.19.

[80] Y. Malhotra, “Bridging networks, systems, and controls frameworks for cybersecurity curricula standards development,” in 2015 NY Cyber Security Engineering Technology Association Conference, Rochester, NY, USA, 2015, doi: 10.21314/JOP.2018.201.

[81] J. Young and S. Farshadkhah, “Teaching tip: Hook, line, and sinker – the development of a phishing exercise to enhance cybersecurity awareness,” Journal of Information Systems Education, vol. 34, pp. 347–359, 2023, doi: 10.21125/jise.2023.347359.

[82] A. Nourian and S. Madnick, “A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet,” IEEE Transactions on Dependable and Secure Computing, vol. 20, pp. 1–18, 2023, doi: 10.1109/TDSC.2022.2509994.

[83] P. Dedousis, G. Stergiopoulos, G. Arampatzis, and D. Gritzalis, “Enhancing operational resilience of critical infrastructure processes through chaos engineering,” IEEE Access, vol. 11, pp. 106172–106185, 2023, doi: 10.1109/ACCESS.2023.3316028.

[84] A. Razaque, B. Alotaibi, M. Alotaibi, F. Amsaad, A. Manasov, S. Hariri, et al., “Blockchain-enabled deep recurrent neural network model for clickbait detection,” IEEE Access, vol. 10, pp. 3144–3159, 2022, doi: 10.1109/ACCESS.2021.3137078.

[85] N. Karim, O. Khashan, H. Kanaker, W. Abdulraheem, H. Alshinwan, and A.-K. Al-Banna, “Online banking user authentication methods: A systematic literature review,” IEEE Access, vol. 12, pp. 741–753, 2024, doi: 10.1109/ACCESS.2023.3346045.

[86] A. Masarweh and J. Al-Saraireh, “Threat led advanced persistent threat penetration test,” International Journal of Security and Networks, vol. 16, pp. 240–253, 2021, doi: 10.1504/IJSN.2022.10050431.

[87] P. Lachkov, L. Tawalbeh, and S. Bhatt, “Vulnerability assessment for applications security through penetration simulation and testing,” Journal of Web Engineering, vol. 21, pp. 2187–2208, 2022, doi: 10.13052/jwe1540-9589.2178.

[88] O. Keskin, K. Caramancion, I. Tatar, O. Raza, and U. Tatar, “Cyber third-party risk management: A comparison of non-intrusive risk scoring reports,” Electronics, vol. 10, p. 1168, 2021, doi: 10.3390/electronics10101168.

[89] A. Majumder, C. Veilleux, and J. Miller, “A cyber-physical system to detect IoT security threats of a smart home heterogeneous wireless sensor node,” IEEE Access, vol. 8, pp. 205989–206002, 2020, doi: 10.1109/ACCESS.2020.3037032.

[90] S. Shandilya, “Paradigm shift in adaptive cyber defense for securing the web data: The future ahead,” Journal of Web Engineering, vol. 21, pp. 1371–1376, 2022, doi: 10.13052/jwe1540-9589.21416.

[91] A. Singh and S. Lukose, “A recent advancement in techniques for investigating cybercrimes, digital crimes and audio forensics,” Indian Journal of Forensic Medicine and Pathology, vol. 14, pp. 739–742, 2021, doi: 10.21088/ijfmp.0974.3383.14321.46.

[92] M. Shah, F. Iqbal, U. Rehman, and P. Hung, “A comparative assessment of human factors in cybersecurity: Implications for cyber governance,” IEEE Access, vol. 11, pp. 87970–87982, 2023, doi: 10.1109/ACCESS.2023.3296580.

[93] J. Robertson, J. Fossaceca, and K. Bennett, “A cloud-based computing framework for artificial intelligence innovation in support of multidomain operations,” IEEE Transactions on Engineering Management, vol. 69, pp. 3913–3922, 2022, doi: 10.1109/TEM.2021.3088382.

[94] H. Choi, S. Park, and J. Kang, “Enhancing participatory security culture in public institutions: An analysis of organizational employees’ security threat recognition processes,” IEEE Access, vol. 12, pp. 47543–47556, 2024, doi: 10.1109/ACCESS.2024.3383311.

[95] I. Kandhro, S. Alanazi, F. Ali, A. Kehar, K. Fatima, M. Uddin, et al., “Detection of real-time malicious intrusions and attacks in IoT empowered cybersecurity infrastructures,” IEEE Access, vol. 11, pp. 9136–9148, 2023, doi: 10.1109/ACCESS.2023.3238664.

[96] M. Eskandari, Z. Janjua, M. Vecchio, and F. Antonelli, “Passban IDS: An intelligent anomaly-based intrusion detection system for IoT edge devices,” IEEE Internet of Things Journal, vol. 7, pp. 6882–6894, 2020, doi: 10.1109/JIOT.2020.2970501.

[97] S. Torabi, A. Boukhtouta, C. Assi, and M. Debbabi, “Detecting internet abuse by analyzing passive DNS traffic: A survey of implemented systems,” IEEE Communications Surveys & Tutorials, vol. 20, pp. 3389–3410, 2018, doi: 10.1109/COMST.2018.2849614.

[98] T. Santhi and K. Srinivasan, “Chat-GPT based learning platform for creation of different attack model signatures and development of defense algorithm for cyberattack detection,” IEEE Transactions on Learning Technologies, vol. 17, pp. 1–12, 2024, doi: 10.1109/TLT.2024.3417252.

[99] P. Krishnamurthy, J. Kabara, and T. Anusas-amornkul, “Security in wireless residential networks,” IEEE Transactions on Consumer Electronics, vol. 48, pp. 157–166, 2002, doi: 10.1109/TCE.2002.1000199.

[100] C. Kolias, G. Kambourakis, A. Stavrou, and S. Gritzalis, “Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset,” IEEE Communications Surveys & Tutorials, vol. 18, pp. 184–211, 2016, doi: 10.1109/COMST.2015.2402161.

[101] H. Alipour, Y. Al-Nashif, P. Satam, and S. Hariri, “Wireless anomaly detection based on IEEE 802.11 behavior analysis,” IEEE Transactions on Information Forensics and Security, vol. 10, pp. 2158–2170, 2015, doi: 10.1109/TIFS.2015.2433898.

[102] Y. Zou, J. Zhu, X. Wang, and L. Hanzo, “A survey on wireless security: Technical challenges, recent advances, and future trends,” Proceedings of the IEEE, vol. 104, pp. 1727–1765, 2016, doi: 10.1109/JPROC.2016.2558521.

[103] F. Jiang, D. Dong, L. Cao, and M. Frater, “Agent-based self-adaptable context-aware network vulnerability assessment,” IEEE Transactions on Network and Service Management, vol. 10, pp. 255–268, 2013, doi: 10.1109/TNSM.2013.090313.120388.

[104] M. Ghanem, T. Chen, M. Ferrag, and M. Kettouche, “ESASCF: Expertise extraction, generalization and reply framework for optimized automation of network security compliance,” IEEE Access, vol. 11, pp. 129840–129853, 2023, doi: 10.1109/ACCESS.2023.3332834.

[105] C. Griffy-Brown, H. Miller, V. Zhao, D. Lazarikos, and M. Chun, “Making better risk decisions in a new technological environment,” IEEE Engineering Management Review, vol. 48, pp. 77–84, 2020, doi: 10.1109/EMR.2020.2969121.

[106] J. Ragsdale and R. Boppana, “On designing low-risk honeypots using generative pre-trained transformer models with curated inputs,” IEEE Access, vol. 11, pp. 117528–117543, 2023, doi: 10.1109/ACCESS.2023.3326104.

[107] L. Tang and Q. Mahmoud, “A deep learning-based framework for phishing website detection,” IEEE Access, vol. 10, pp. 1509–1521, 2022, doi: 10.1109/ACCESS.2021.3137636.

[108] J. Song, C. Cadar, and P. Pietzuch, “SymbexNet: Testing network protocol implementations with symbolic execution and rule-based specifications,” IEEE Transactions on Software Engineering, vol. 40, pp. 695–711, 2014, doi: 10.1109/TSE.2014.2323977.

[109] M. Agarwal, S. Purwar, S. Biswas, and S. Nandi, “Intrusion detection system for PS-Poll DoS attack in 802.11 networks using real-time discrete event system,” IEEE/CAA Journal of Automatica Sinica, vol. 4, pp. 792–808, 2017, doi: 10.1109/JAS.2016.7510178.

[110] A. Emer, M. Unterhofer, and E. Rauch, “A cybersecurity assessment model for small and medium-sized enterprises,” IEEE Engineering Management Review, vol. 49, pp. 98–109, 2021, doi: 10.1109/EMR.2021.3078077.

[111] Y. Wei and Y. Sekiya, “Sufficiency of ensemble machine learning methods for phishing websites detection,” IEEE Access, vol. 10, pp. 124103–124113, 2022, doi: 10.1109/ACCESS.2022.3224781.

[112] P. Russo, A. Caponi, M. Leuti, and G. Bianchi, “A web platform for integrated vulnerability assessment and cyber risk management,” Information, vol. 10, p. 242, 2019, doi: 10.3390/info10070242.

[113] A. Almadhoob and R. Valverde, “Cybercrime prevention in the Kingdom of Bahrain via IT security audit plans,” Journal of Theoretical and Applied Information Technology, vol. 65, pp. 274–292, 2014.

[114] R. Heartfield, G. Loukas, and D. Gan, “You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks,” IEEE Access, vol. 4, pp. 6910–6925, 2016, doi: 10.1109/ACCESS.2016.2616285.

[115] Z. El-Rewini, K. Sadatsharan, N. Sugunaraj, D. Selvaraj, S. Plathottam, and P. Ranganathan, “Cybersecurity attacks in vehicular sensors,” IEEE Sensors Journal, vol. 20, pp. 13752–13765, 2020, doi: 10.1109/JSEN.2020.3004275.

[116] B. Al-Sada, A. Sadighian, and G. Olgieri, “Analysis and characterization of cyber threats leveraging the MITRE ATT&CK database,” IEEE Access, vol. 12, pp. 1217–1233, 2024, doi: 10.1109/ACCESS.2023.3344680.

[117] D. Tayouri, N. Baum, A. Shabtai, and R. Puzis, “A survey of MulVAL extensions and their attack scenarios coverage,” IEEE Access, vol. 11, pp. 27974–27988, 2023, doi: 10.1109/ACCESS.2023.3257721.

[118] Y. Yang, Y. Li, Y. Shi, and D. Quevedo, “The vulnerability analysis of remote estimation with batch-data detectors against integrity attacks,” IEEE Transactions on Automatic Control, vol. 69, pp. 3096–3107, 2024, doi: 10.1109/TAC.2023.3332013.

[119] S. Bokhari and S. Myeong, “The influence of artificial intelligence on e-governance and cybersecurity in smart cities: A stakeholder’s perspective,” IEEE Access, vol. 11, pp. 69783–69796, 2023, doi: 10.1109/ACCESS.2023.3293480.

[120] M. Yusof, A. Almohammedi, V. Shepelev, and O. Ahmed, “Visualizing realistic benchmarked IDS dataset: CIRA-CIC-DoHBrw-2020,” IEEE Access, vol. 10, pp. 94624–94638, 2022, doi: 10.1109/ACCESS.2022.3204690.

[121] S. Gong, J. Cho, and C. Lee, “A reliability comparison method for OSINT validity analysis,” IEEE Transactions on Industrial Informatics, vol. 14, pp. 5428–5435, 2018, doi: 10.1109/TII.2018.2857213.

[122] G. Falco, C. Caldera, and H. Shrobe, “IIoT cybersecurity risk modeling for SCADA systems,” IEEE Internet of Things Journal, vol. 5, pp. 4486–4495, 2018, doi: 10.1109/JIOT.2018.2822842.

[123] P. Nespoli, F. Mármól, and J. Vidal, “A bio-inspired reaction against cyberattacks: AIS-powered optimal countermeasures selection,” IEEE Access, vol. 9, pp. 60971–60984, 2021, doi: 10.1109/ACCESS.2021.3074021.

[124] S. Enoch, Z. Huang, C. Moon, D. Lee, M. Ahn, and D. Kim, “Harmer: Cyber-attacks automation and evaluation,” IEEE Access, vol. 8, pp. 129397–129412, 2020, doi: 10.1109/ACCESS.2020.3009748.

[125] N. Koroniotis, N. Moustafa, F. Schiliro, P. Gauravaram, and H. Janicke, “A holistic review of cybersecurity and reliability perspectives in smart airports,” IEEE Access, vol. 8, pp. 209802–209818, 2020, doi: 10.1109/ACCESS.2020.3036728.

[126] T. Kushal, K. Lai, and M. Illindala, “Risk-based mitigation of load curtailment cyber attack using intelligent agents in a shipboard power system,” IEEE Transactions on Smart Grid, vol. 10, pp. 4741–4750, 2019, doi: 10.1109/TSG.2018.2867809.

[127] M. Gupta, C. Akiri, K. Aryal, E. Parker, and L. Praharaj, “From ChatGPT to ThreatGPT: Impact of generative AI in cybersecurity and privacy,” IEEE Access, vol. 11, pp. 80218–80237, 2023, doi: 10.1109/ACCESS.2023.3300381.

[128] Z. Ling, J. Luo, K. Wu, W. Yu, and X. Fu, “Torward: Discovery, blocking, and traceback of malicious traffic over Tor,” IEEE Transactions on Information Forensics and Security, vol. 10, pp. 2515–2528, 2015, doi: 10.1109/TIFS.2015.2465934.

[129] A. Neupane, N. Saxena, J. Maximo, and R. Kana, “Neural markers of cybersecurity: An fMRI study of phishing and malware warnings,” IEEE Transactions on Information Forensics and Security, vol. 11, pp. 1969–1983, 2016, doi: 10.1109/TIFS.2016.2566265.

[130] W.-B. Hsieh, J.-S. Leu, and J.-I. Takada, “Use chains to block DNS attacks: A trusty blockchain-based domain name system,” Journal of Communications and Networks, vol. 24, pp. 347–356, 2022, doi: 10.23919/JCN.2022.000009.

[131] X. Koutsoukos, G. Karsai, A. Laszka, H. Neema, P. Volgyesi, Y. Vorobeychik, et al., “SURE: A modeling and simulation integration platform for evaluation of secure and resilient cyber–physical systems,” Proceedings of the IEEE, vol. 106, pp. 93–109, 2018, doi: 10.1109/JPROC.2017.2731741.

[132] C. Amrutkar, P. Traynor, and P. C. van Oorschot, “An empirical evaluation of security indicators in mobile web browsers,” IEEE Transactions on Mobile Computing, vol. 14, pp. 889–903, 2015, doi: 10.1109/TMC.2013.90.

[133] A. Shahid, A. Almogren, N. Javaid, F. Al-Zahrani, M. Zuair, and M. Alam, “Blockchain-based agri-food supply chain: A complete solution,” IEEE Access, vol. 8, pp. 69230–69243, 2020, doi: 10.1109/ACCESS.2020.2986257.

[134] N. Capuano, G. Fenza, V. Loia, and C. Stanzione, “Explainable artificial intelligence in cybersecurity: A survey,” IEEE Access, vol. 10, pp. 93575–93586, 2022, doi: 10.1109/ACCESS.2022.3204171.

[135] E. S. Gualberto, R. T. de Sousa Jr., T. P. B. Vieira, J. P. C. L. da Costa, and C. G. Duque, “The answer is in the text: Multi-stage methods for phishing detection based on feature engineering,” IEEE Access, vol. 8, pp. 223529–223544, 2020, doi: 10.1109/ACCESS.2020.3043396.

[136] O. Sahingoz, E. Buber, and E. Kugu, “DePhIDes: Deep learning based phishing detection system,” IEEE Access, vol. 12, pp. 8052–8068, 2024, doi: 10.1109/ACCESS.2024.3352629.

[137] M. Ozkan-Okay, E. Akin, S. Kosunalp, T. Iliev, I. Stoyanov, et al., “A comprehensive survey: Evaluating the efficiency of artificial intelligence and machine learning techniques on cyber security solutions,” IEEE Access, vol. 12, pp. 12229–12243, 2024, doi: 10.1109/ACCESS.2024.3355547.

[138] K. Nimmy, S. Sankaran, K. Achuthan, and P. Calyam, “Lightweight and privacy-preserving remote user authentication for smart homes,” IEEE Access, vol. 10, pp. 176–187, 2022, doi: 10.1109/ACCESS.2021.3137175.

[139] X. Hu, D. Cheng, J. Chen, X. Jin, and B. Wu, “Multiontology construction and application of threat model based on adversarial attack and defense under ISO/IEC 27032,” IEEE Access, vol. 10, pp. 117955–117972, 2022, doi: 10.1109/ACCESS.2022.3220637.

[140] B. Alkhazi, M. Alshaikh, S. Alkhezi, and H. Labbaci, “Assessment of the impact of information security awareness training methods on knowledge, attitude, and behavior,” IEEE Access, vol. 10, pp. 132132–132143, 2022, doi: 10.1109/ACCESS.2022.3230286.

[141] M. Sahinoglu, “An input–output measurable design for the security meter model to quantify and manage software security risk,” IEEE Transactions on Instrumentation and Measurement, vol. 57, pp. 1251–1260, 2008, doi: 10.1109/TIM.2007.915139.

[142] G. Panigrahi, P. Sethy, S. Behera, M. Gupta, F. Alenizi, P. Suanpang, et al., “Analytical validation and integration of CIC-BELL-DNS-EXF-2021 dataset on security information and event management,” IEEE Access, vol. 12, pp. 83043–83056, 2024, doi: 10.1109/ACCESS.2024.3409413.

[143] G. Ahn, J. Jang, S. Choi, and D. Shin, “Research on improving cyber resilience by integrating the zero trust security model with the MITRE ATT&CK matrix,” IEEE Access, vol. 12, pp. 89291–89307, 2024, doi: 10.1109/ACCESS.2024.3417182.

[144] A. Alquwayzani, R. Aldossri, and M. Frikha, “Mitigating security risks in firewalls and web applications using vulnerability assessment and penetration testing (VAPT),” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 15, pp. 1348–1362, 2024, doi: 10.14569/IJACSA.2024.0150510.

[145] T. Caldwell, “Ethical hackers: Putting on the white hat,” Network Security, pp. 10–13, 2011, doi: 10.1016/S1353-4858(11)70078-2.

[146] Y. Nikoloudakis, I. Kefaloukos, S. Klados, S. Panagiotakis, E. Pallis, C. Skianis, et al., “Towards a machine learning based situational awareness framework for cybersecurity: An SDN implementation,” Sensors, vol. 21, p. 4939, 2021, doi: 10.3390/s21144939.

[147] S. Rehman, M. Mahmud, A. Rahman, I. Haq, and M. Safdar, “Information security in business: A bibliometric analysis of the 100 top cited articles,” Library Philosophy and Practice (e-journal), 2021. (sin DOI en tu fuente)

[148] D. Kongara and S. Krishnama, “A process of penetration testing using various tools,” Mesopotamian Journal of Cybersecurity, pp. 93–103, 2023, doi: 10.58496/MJCS/2023/014.

[149] B. Arfaj, S. Mishra, and M. Alshehri, “Efficacy of unconventional penetration testing practices,” Intelligent Automation & Soft Computing, vol. 31, pp. 224–239, 2022, doi: 10.32604/iasc.2022.019485.