Classification of Cybersecurity Threats, Vulnerabilities and Countermeasures in Database Systems  

作　　者：Mohammed Amin Almaiah Leen Mohammad Saqr Leen Ahmad Al-Rawwash Layan Ahmed Altellawi Romel Al-Ali Omar Almomani 

机构地区：[1]King Abdullah the II IT School,University of Jordan,Amman,11942,Jordan [2]The National Research Center for Giftedness and Creativity,King Faisal University,Al-Ahsa,31982,Saudi Arabia [3]Department of Networks and Cybersecurity,Al-Ahliyya Amman University,Amman,19328,Jordan

出　　处：《Computers, Materials & Continua》2024年第11期3189-3220,共32页计算机、材料和连续体（英文）

基　　金：supported by the Deanship of Scientific Research,Vice Presidency for Graduate Studies and Scientific Research,King Faisal University,Saudi Arabia(Grant No.KFU242068).

摘　　要：Database systems have consistently been prime targets for cyber-attacks and threats due to the critical nature of the data they store.Despite the increasing reliance on database management systems,this field continues to face numerous cyber-attacks.Database management systems serve as the foundation of any information system or application.Any cyber-attack can result in significant damage to the database system and loss of sensitive data.Consequently,cyber risk classifications and assessments play a crucial role in risk management and establish an essential framework for identifying and responding to cyber threats.Risk assessment aids in understanding the impact of cyber threats and developing appropriate security controls to mitigate risks.The primary objective of this study is to conduct a comprehensive analysis of cyber risks in database management systems,including classifying threats,vulnerabilities,impacts,and countermeasures.This classification helps to identify suitable security controls to mitigate cyber risks for each type of threat.Additionally,this research aims to explore technical countermeasures to protect database systems from cyber threats.This study employs the content analysis method to collect,analyze,and classify data in terms of types of threats,vulnerabilities,and countermeasures.The results indicate that SQL injection attacks and Denial of Service(DoS)attacks were the most prevalent technical threats in database systems,each accounting for 9%of incidents.Vulnerable audit trails,intrusion attempts,and ransomware attacks were classified as the second level of technical threats in database systems,comprising 7%and 5%of incidents,respectively.Furthermore,the findings reveal that insider threats were the most common non-technical threats in database systems,accounting for 5%of incidents.Moreover,the results indicate that weak authentication,unpatched databases,weak audit trails,and multiple usage of an account were the most common technical vulnerabilities in database systems,each accounting fo

关 键 词：Cyber threats database systems cyber risk assessment VULNERABILITIES COUNTERMEASURES 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]