Classifying Network Attack Scenarios using an Ontology

Van Heerden, R.P. and Irwin, Barry Vivian William and Burke, I.D. (2012) Classifying Network Attack Scenarios using an Ontology. In: 7th International Conference on Information Warfare and Security, University of Washington, 22-23 March, 2012, University of Washington, Seattle, USA..

[img] Text
Classifying Network.pdf

360Kb

Abstract

This paper presents a methodology using network attack ontology to classify computer-based attacks. Computer network attacks differ in motivation, execution and end result. Because attacks are diverse, no standard classification exists. If an attack could be classified, it could be mitigated accordingly. A taxonomy of computer network attacks forms the basis of the ontology. Most published taxonomies present an attack from either the attacker's or defender's point of view. This taxonomy presents both views. The main taxonomy classes are: Actor, Actor Location, Aggressor, Attack Goal, Attack Mechanism, Attack Scenario, Automation Level, Effects, Motivation, Phase, Scope and Target. The "Actor" class is the entity executing the attack. The "Actor Location" class is the Actor‟s country of origin. The "Aggressor" class is the group instigating an attack. The "Attack Goal" class specifies the attacker‟s goal. The "Attack Mechanism" class defines the attack methodology. The "Automation Level" class indicates the level of human interaction. The "Effects" class describes the consequences of an attack. The "Motivation" class specifies incentives for an attack. The "Scope" class describes the size and utility of the target. The "Target" class is the physical device or entity targeted by an attack. The "Vulnerability" class describes a target vulnerability used by the attacker. The "Phase" class represents an attack model that subdivides an attack into different phases. The ontology was developed using an "Attack Scenario" class, which draws from other classes and can be used to characterize and classify computer network attacks. An "Attack Scenario" consists of phases, has a scope and is attributed to an actor and aggressor which have a goal. The "Attack Scenario" thus represents different classes of attacks. High profile computer network attacks such as Stuxnet and the Estonia attacks can now be been classified through the “Attack Scenario” class.

Item Type:Conference or Workshop Item (Paper)
Additional Information:Proceedings published by Academic Conferences Limited. ISBN:978-1-908272-30-0; 978-1-908272-29-4
Uncontrolled Keywords:Network attacks; Information warfare; Information security; Ontology; Taxonomy; Computer Security; Network attack; Attack Scenario
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Faculty > Faculty of Science > Computer Science
ID Code:4170
Deposited By: Mrs Eileen Shepherd
Deposited On:04 Dec 2012 08:56
Last Modified:04 Dec 2012 08:56
0 full-text download(s) since 04 Dec 2012 08:56
0 full-text download(s) in the past 12 months
More statistics...

Repository Staff Only: item control page