Article Preview
Top1. Introduction
Computer networks are attacked on a daily basis. Although each attack is unique and has different characteristics, attacks share some commonalities. The taxonomy and ontology presented in this paper exploit these commonalities to classify attacks. The authors classify computer network attacks into attack scenarios, extend their taxonomy in this paper, and use the taxonomy to serve as a basis for an ontology that can be used to classify computer network attacks. An ontology represents taxonomical information as well as relations between entities.
A significant body of research has been performed on the use of ontologies in classifying computer network attacks. An overview of taxonomies, network attack ontologies and other related research follow.
Hansman & Hunt (2003) developed a taxonomy which presents attack mythologies. Gandhi et al. (2011) aimed to thoroughly understand a cyber-attack by studying the nature and the motivation behind it, and then developed a taxonomy which classifies a hacker’s motivation into three classes: political, socio-cultural and economical. Lindqvist and Jonsson (1997) presented a classification of network intrusions. Their classification was build on intrusion experiments and used classes originally developed by Neumann and Parker (1989). Tutânescu & Sofron (2003) described active and passive computer network attacks. Simmonds et al. (2004) defined an extensible ontology for network security which followed from teaching a network security course at the University of Technology Sydney. They developed a map that demonstrates vulnerability relationships. Rounds and Pendgraft (2009) investigated the diversity in network attacker motivations and compiled a list of possible hacker agents. Debar et al. (1999) developed a taxonomy that defined families of intrusion-detection systems according to their properties. Undercoffer et al. (2004) designed an ontology that describes a model of computer attacks. This ontology is categorized according to target, attack strategy, attacker location and end result. Ye et al. (2008)designed an ontology for a Peer-to-Peer Multi-Agent Distributed Intrusion detection system. Using this ontology, a peer can detect suspicious activities from information received from other peers, and take action against future attacks.
In Section 2, we present a taxonomy of computer network attacks, followed in Section 3 by a framework for an ontology that classifies network attack scenarios with respect to the taxonomy. In Section 4 we summarize our research and propose avenues for future research.
Research related to specific classes in our taxonomy and ontology is mentioned in the subsequent sections.
Top2. Taxonomy
In this section the authors present an extended network attack taxonomy that describes a number of attack scenarios. The initial taxonomy was presented in van Heerden et al. (2012a). The detailed descriptions of the attack scenarios follow the next sub-section.
Hansman and Hunt (2003)listed the following requirements for a high-quality taxonomy. It must be:
Hansman& Hunt also stated that a taxonomy cannot always meet all the requirements.