Mobile Phones as Computing Devices: The Viruses are Coming!
IEEE Pervasive Computing
Defining categories to select representative attack test-cases
Proceedings of the 2007 ACM workshop on Quality of protection
International Journal of Distributed Sensor Networks - Sensor Networks, Ubiquitous and Trustworthy Computing
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Filesystem activity following a SSH compromise: an empirical study of file sequences
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
METAL – a tool for extracting attack manifestations
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
Many classifications of attacks have been tendered, oftenin taxonomic form. A common basis of these taxonomies isthat they have been framed from the perspective of an attacker - they organize attacks with respect to the attacker's goals, such as privilege elevation from user to root (fromthe well known Lincoln taxonomy). Taxonomies based onattacker goals are attack-centric; those based on defendergoals are defense-centric. Defenders need a way of determiningwhether or not their detectors will detect a given attack.It is suggested that a defense-centric taxonomy wouldsuit this role more effectively than an attack-centric taxonomy.This paper presents a new, defense-centric attack taxonomy,based on the way that attacks manifest as anomaliesin monitored sensor data.Unique manifestations, drawn from 25 attacks, wereused to organize the taxonomy, which was validated throughexposure to an intrusion-detection system, confirming attackdetectability. The taxonomy's predictive utility wascompared against that of a well-known extant attack-centrictaxonomy. The defense-centric taxonomy is shown to be amore effective predictor of a detector's ability to detect specificattacks, hence informing a defender that a given detectoris competent against an entire class of attacks.