Developing a Defense-Centric Attack Taxonomy

Abstract

Most attack taxonomies are organized from the perspective of attackers' goals. One example of an attacker goal is privilege escalation from user to root. Taxonomies based on attacker goals are attack-centric, largely serving the goals of an attacker, and to a lesser extent, the defender. Defenders need a way of determining whether or not their detectors will detect a given attack. A defense-centric taxonomy may be better suited to this role than an attack centric taxonomy. This research presents a new, defense-centric attack taxonomy, based on the way that attacks manifest as anomalies in monitored sensor data. The new taxonomy is validated against the manifestations of 25 attacks, as well as against the performance of an intrusion detection system.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2005
Accession Number
ADA435079

Entities

People

  • Kevin S. Killourhy
  • Kymie M. Tan
  • Roy A. Maxion

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes
  • Sensors

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Biological Sciences
  • Computer Programs
  • Cybersecurity
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Operating Systems
  • Security
  • System Software
  • Taxonomy

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Theoretical Analysis.