Taxonomies of attacks and vulnerabilities in computer systems

Igure, Vinay M.; Williams, Ronald D.

doi:10.1109/comst.2008.4483667

Cited by 109 publications

(56 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A comprehensive analysis of security-related taxonomies published between 1974 and 2006 was given by Igure and Williams (Igure & Williams, 2008). There, two main groups are built, attack-and vulnerability-related taxonomies.…”

Section: Overview Of Current Taxonomiesmentioning

confidence: 99%

“…For example, Neumann presented a taxonomy based on 26 kinds of attacks which were grouped into nine categories like hardware misuses, bypasses and active misuse. Anyway, because of the lack of a common dimension, it is possible that other attack classes could have been left out (Igure & Williams, 2008). Because of that, Lindquist and Johnson used the attack result for the arrangement of attacks and built three classes, namely exposure, DoS and erroneous output.…”

Section: Overview Of Current Taxonomiesmentioning

confidence: 99%

See 1 more Smart Citation

A Revised Attack Taxonomy for a New Generation of Smart Attacks

Koch¹,

Golling²,

Rodosek³

2014

CIS

View full text Add to dashboard Cite

The last years have seen an unprecedented amount of attacks. Intrusions on IT-Systems are rising constantlyboth from a quantitative as well as a qualitative point of view. Well-known examples like the hack of the Sony Playstation Network or the compromise of RSA are just some samples of high-quality attack vectors. Since these Smart Attacks are specifically designed to permeate state of the art technologies, current systems like Intrusion Detection Systems (IDSs) are failing to guarantee an adequate protection. In order to improve the protection, a comprehensive analysis of Smart Attacks needs to be performed to provide a basis against emerging threats.Following these ideas and inspired by the original definition of the term Advanced Persistent Threat (APT) given by U.S. Department of Defense, this publication starts with defining the terms, primarily the group of Smart Attacks. Thereafter, individual facets of Smart Attacks are presented in more detail, before recent examples are illustrated and classified using these dimensions. Next to this, current taxonomies are presented including their individual shortcomings. Our revised taxonomy is introduced, specifically addressing the latest generation of Smart Attacks. The different classes of our taxonomy are discussed, showing how to address the specifics of sophisticated, modern attacks. Finally, some ideas of addressing Smart Attacks are presented.

show abstract

Section: Overview Of Current Taxonomiesmentioning

confidence: 99%

Section: Overview Of Current Taxonomiesmentioning

confidence: 99%

A Revised Attack Taxonomy for a New Generation of Smart Attacks

Koch¹,

Golling²,

Rodosek³

2014

CIS

View full text Add to dashboard Cite

show abstract

“…6 Going back to our Systema Naturae analogy, it is almost as if the efforts in taxonomy so far have looked at classifying all Equidae and Canidae. To define a complete taxonomy, we will need to take a few steps back to get the big picture.…”

Section: Introductionmentioning

confidence: 99%

“…They found none but identified features useful in such a taxonomy. 6 The Common Vulnerabilities and Exposures list 7 provides a unique id for every known vulnerability; however, this taxonomy only tells us the year that a vulnerability was discovered. It provides a fine key into the database but does not help classify the problem in any meaningful way.…”

Section: Introductionmentioning

confidence: 99%

A Proposal for a Taxonomy for Vulnerabilities in Supervisory Control and Data Acquisition (SCADA) Systems

Smith¹

2014

View full text Add to dashboard Cite

Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

“…Many of the current efforts in security assessment involve searching for known vulnerabilities [2]. Computer controlled systems should be subjected to scrutiny and this is often ignored at the management level.…”

Section: Scada Security For Field Devicesmentioning

confidence: 99%

Microkernel security evaluation.

Kurtz

View full text Add to dashboard Cite

Taxonomies of attacks and vulnerabilities in computer systems

Cited by 109 publications

References 44 publications

A Revised Attack Taxonomy for a New Generation of Smart Attacks

A Revised Attack Taxonomy for a New Generation of Smart Attacks

A Proposal for a Taxonomy for Vulnerabilities in Supervisory Control and Data Acquisition (SCADA) Systems

Microkernel security evaluation.

Contact Info

Product

Resources

About