Abstract

Abstract
Vulnerability scanning tools are essential in detecting systems weaknesses caused by vulnerabilities in their components or wrong configurations. Corporations may use these tools to assess a system in advance and fix its vulnerabilities, thus preventing or mitigating the impact of real attacks. A set of these tools are organized by plugins, each intended to check a specific vulnerability, such as the case of the Tsunami Security Scanner tool released in 2020 by Google. Multiple plugins for this tool were proposed in a community-based approach and thus, it is important for the users and research community to have these plugins in a framework consistently categorized across multiple sources and types. This paper proposes a comprehensive taxonomy for all the 61 plugins available, hierarchically sorted into 2 main categories, 4 categories, 4 subcategories, and 7 types. An analysis and a discussion on statistics by categories and types over time are also provided. The analysis shows that, so far, there are 4 main contributors, being Google, Community, Facebook, and Govtech. The Google source is still the top contributor counting 39 out of 61 plugins and the highest number of plugins available are in the RCE subcategory. The plugins available are mainly focused on critical and high vulnerabilities.

Abstract
Cybersecurity skills are of utmost importance to prevent or mitigate the impact of cyberattacks. In higher education, there are graduations related to Information Technology (IT), where students are expected to develop technical skills, including cybersecurity. Thus, it is relevant to assess students' cybersecurity awareness regarding cybersecurity hygiene and cyber threats when they start their academic studies and to verify whether there are context-dependent differences. This paper presents the results of an assessment regarding the cybersecurity awareness level of 110 first-year students from computer science graduations from two different countries, Poland and Portugal. The assessment was designed as a survey divided into the following two main groups of questions: (1) awareness regarding cybersecurity hygiene and (2) awareness regarding major cyber threats considered in the European Union Agency for Cybersecurity (ENISA) 2021 cyber threat report. The survey results show that Polish and Portuguese students present different self-perceptions and knowledge regarding cybersecurity hygiene and knowledge of cybersecurity. In these areas, Polish students are generally more confident than Portuguese students. Also, Polish students presented better scores around 70%, against the ones obtained by the Portuguese students, scoring around 58%.

Abstract
Technology has enabled many devices to exchange huge amounts of data and communicate with each other as Edge Intelligence in Smart Cities (EISC), as a result of rapid technological advancements. When dealing with personal data, it is paramount to ensure that it is not disclosed and that there is no disclosure of any confidential information. In recent decades, academics and industry have spent considerable time and energy discussing security and privacy. Other systems, known as intrusion detection systems, are required to breach firewalls, antivirus software, and other security equipment to provide complete system security in smart operation systems. There are three aspects to an intrusion detection system: the intrusion detection method, the architecture, and the intrusion response method. In this study, we combined linear correlation feature selection methods and cross-information. The database used in this article is KDD99. This paper examines applying two feature selection methods in predicting attacks in intrusion detection systems based on INTERACT and A multilayer perceptron (MLP). Since the number of records associated with each attack type differs, one of our suggestions is to continue using data balancing techniques. As a result, the number of records associated with each type of network status becomes closer together. The results in the categories can also be improved using information synthesis methods, such as majority voting.

Abstract

Abstract
Cyberattacks are performed against all organizations including Higher Education Institutions (HEIs). When these attacks are successful, they can affect the regular operation of these institutions and may cause the leak of essential or sensitive data that can be misused or become inaccessible. Therefore, the adoption of current security services is important for devices and services exposed to the Internet that should run the latest and secure versions of web-related protocols and comply with the latest security-related guidelines and recommendations. This article surveys and analyzes the status of web-related security services, namely the Hyper Text Transfer Protocol Secure (HTTPS) and the Domain Name System Security Extensions (DNSSEC) services, in Brazilian HEIs. The results of this survey show that regarding HTTPS around 15% do not use any SSL / TLS certificate and of those supporting it, about 14% do not demand its usage. Regarding DNSSEC, the analysis shows that only around 2% of the HEIs are implementing this protocol. These results show that it is important to design an effective and continuous action plan for HEIs regarding the support or discontinuity of versions of these protocols, in order to improve their protection against cyberattacks.