A Computer Network Attack Taxonomy and Ontology

A Computer Network Attack Taxonomy and Ontology

R. P. van Heerden (CSIR, Pretoria, South Africa & Rhodes University, Grahamstown, South Africa), B. Irwin (Rhodes University, Grahamstown, South Africa), I. D. Burke (CSIR, Pretoria, South Africa) and L. Leenen (CSIR, Pretoria, South Africa)
Copyright: © 2012 |Pages: 14
DOI: 10.4018/ijcwt.2012070102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Computer network attacks differ in the motivation of the entity behind the attack, the execution and the end result. The diversity of attacks has the consequence that no standard classification exists. The benefit of automated classification of attacks, means that an attack could be mitigated accordingly. The authors extend a previous, initial taxonomy of computer network attacks which forms the basis of a proposed network attack ontology in this paper. The objective of this ontology is to automate the classification of a network attack during its early stages. Most published taxonomies present an attack from either the attacker's or defender's point of view. The authors’ taxonomy presents both these points of view. The framework for an ontology was developed using a core class, the “Attack Scenario”, which can be used to characterize and classify computer network attacks.
Article Preview

1. Introduction

Computer networks are attacked on a daily basis. Although each attack is unique and has different characteristics, attacks share some commonalities. The taxonomy and ontology presented in this paper exploit these commonalities to classify attacks. The authors classify computer network attacks into attack scenarios, extend their taxonomy in this paper, and use the taxonomy to serve as a basis for an ontology that can be used to classify computer network attacks. An ontology represents taxonomical information as well as relations between entities.

A significant body of research has been performed on the use of ontologies in classifying computer network attacks. An overview of taxonomies, network attack ontologies and other related research follow.

Hansman & Hunt (2003) developed a taxonomy which presents attack mythologies. Gandhi et al. (2011) aimed to thoroughly understand a cyber-attack by studying the nature and the motivation behind it, and then developed a taxonomy which classifies a hacker’s motivation into three classes: political, socio-cultural and economical. Lindqvist and Jonsson (1997) presented a classification of network intrusions. Their classification was build on intrusion experiments and used classes originally developed by Neumann and Parker (1989). Tutânescu & Sofron (2003) described active and passive computer network attacks. Simmonds et al. (2004) defined an extensible ontology for network security which followed from teaching a network security course at the University of Technology Sydney. They developed a map that demonstrates vulnerability relationships. Rounds and Pendgraft (2009) investigated the diversity in network attacker motivations and compiled a list of possible hacker agents. Debar et al. (1999) developed a taxonomy that defined families of intrusion-detection systems according to their properties. Undercoffer et al. (2004) designed an ontology that describes a model of computer attacks. This ontology is categorized according to target, attack strategy, attacker location and end result. Ye et al. (2008)designed an ontology for a Peer-to-Peer Multi-Agent Distributed Intrusion detection system. Using this ontology, a peer can detect suspicious activities from information received from other peers, and take action against future attacks.

In Section 2, we present a taxonomy of computer network attacks, followed in Section 3 by a framework for an ontology that classifies network attack scenarios with respect to the taxonomy. In Section 4 we summarize our research and propose avenues for future research.

Research related to specific classes in our taxonomy and ontology is mentioned in the subsequent sections.

2. Taxonomy

In this section the authors present an extended network attack taxonomy that describes a number of attack scenarios. The initial taxonomy was presented in van Heerden et al. (2012a). The detailed descriptions of the attack scenarios follow the next sub-section.

Hansman and Hunt (2003)listed the following requirements for a high-quality taxonomy. It must be:

  • Acceptable;

  • Comprehensible;

  • Complete;

  • Deterministic;

  • Mutually exclusive;

  • Repeatable;

  • Constant and contain a defined terminology;

  • Unambiguous; and

  • Useful.

Hansman& Hunt also stated that a taxonomy cannot always meet all the requirements.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing