a taxonomy of network and computer attacks simon hansman & ray hunt computers & security...
TRANSCRIPT
![Page 1: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/1.jpg)
A Taxonomy of Network and Computer Attacks
Simon Hansman & Ray Hunt
Computers & Security (2005)
Present by Mike Hsiao, 20080613
S. Hansman and R. Hunt, “A Taxonomy of Network and ComputerAttacks,” Comp. & Sec., vol. 24, no. 1, Feb. 2005, pp. 31–43.
![Page 2: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/2.jpg)
2
Before going to details (1/2)
Why do we need taxonomy? Their main goal was to organize
information about known vulnerabilities or attacks, so that designers could use that information to build more secure systems or defense systems.
If the classification is based on the actual vulnerability exploited by the attack, the dimension of classification can be considered as the cause of flaw.
![Page 3: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/3.jpg)
3
Before going to details (2/2)
Why do we need taxonomy? The taxonomy provides useful information
to find unknown vulnerabilities as well as to avoid introducing similar vulnerabilities in future designs.
They provide a classification of testing techniques based on the vulnerability the test is meant to discover. Each test class discovers all the vulnerabilities that have similar characteristics.
![Page 4: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/4.jpg)
4
In This Paper
The authors aim to develop a “pragmatic taxonomy that is useful to those dealing with attacks on a regular basis.”
They conclude that it is difficult to develop an effective tree-structure taxonomy of attacks. developing a single tree-structure taxonom
y incorporating all these dimensions would be cumbersome.
![Page 5: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/5.jpg)
5
Example: tree
![Page 6: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/6.jpg)
6
Outline
Introduction [X] Requirements and existing classifica
tion methods Proposal for a new prototype taxonom
y Classification using dimensions Classification case study Conclusions
![Page 7: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/7.jpg)
7
Introduction: Attack sophistication vs. intruder technical knowledge
![Page 8: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/8.jpg)
8
Introduction
The proposed taxonomy is an attempt to provide a common
classification scheme that can be shared between organizations.
allows previous knowledge to be applied to new attacks as well as providing a structured way to view such attacks.
aims to take into account all parts of the attack (from the vulnerability, to the target, to the attack itself) and talk in terms of the target being.
![Page 9: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/9.jpg)
9
Requirements 1
Accepted (Amoroso, 1994; Howard, 1997): The taxonomy should be structured so that it can become generally approved.
Comprehensible (Lindqvist and Jonsson, 1997): A comprehensible taxonomy will be able to be understood by those who are in the security field, as well as those who only have an interest in it.
Completeness (Amoroso, 1994)/Exhaustive (Howard, 1997; Lindqvist and Jonsson, 1997): For a taxonomy to be complete/exhaustive, it should account for all possible attacks and provide categories accordingly. While it is hard to prove a taxonomy that is complete or e
xhaustive, it can be justified through the successful categorization of actual attacks.
![Page 10: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/10.jpg)
10
Requirements 2
Determinism (Krsul, 1998): The procedure of classifying must be clearly defined.
Mutually exclusive (Howard, 1997; Lindqvist and Jonsson, 1997): A mutually exclusive taxonomy will categorize each attack into, at most, one category.
Repeatable (Howard, 1997; Krsul, 1998): Classifications should be repeatable.
Terminology complying with established security terminology (Lindqvist and Jonsson, 1997)
![Page 11: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/11.jpg)
11
Requirements 3
Terms well defined (Bishop, 1999): There should be no confusion as to what a term means.
Unambiguous (Howard, 1997; Lindqvist and Jonsson, 1997): Each category of the taxonomy must be clearly defined so that there is no ambiguity with respect to an attack’s classification.
Useful (Howard, 1997; Lindqvist and Jonsson, 1997): A useful taxonomy will be able to be used in the security industry and particularly by incident response teams.
![Page 12: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/12.jpg)
12
Taxonomy:animal kingdom’s taxonomy?
The initial approach was to create a taxonomy analogous to the animal kingdom’s taxonomy. The resulting taxonomy would be a tree-like
structure with the more general categories at the top, and specific categories at the leaves.
However, How to deal with blended attacks? Attacks, unlike animals, often do not have
many common traits.
![Page 13: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/13.jpg)
13
Taxonomy:list-based (flat-list of categories)?
A flat-list with general categories could be suggested, general categories are of limited use
or secondly, a flat-list with very specific categories could be proposed. the list would become almost infinite, with
few instances within each category
![Page 14: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/14.jpg)
14
Proposal for a new prototypetaxonomy: alternative
using the concept of dimensions1. attack vector
the method by which an attack reaches its target2. attack target
classified down to very specific targets, such as Sendmail 8.12.10 or can cover a class of targets, such as Unix-based systems.
3. vulnerabilities and exploits do not have a structured classification, CVE
4. possibility for an attack to have a payload or effect beyond itself For example, a virus that installs a trojan horse, i
s still clearly a virus, but has a trojan as a payload.
![Page 15: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/15.jpg)
15
1st dimension: attack vector
the method by which an attack reaches its target If the attack uses a single attack vector, cat
egorise by the vector. Otherwise find the most appropriate categ
ory, using the descriptions for each category below.
![Page 16: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/16.jpg)
16
1st dimension: nine classes
![Page 17: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/17.jpg)
17
2nd dimension: attack target
classified down to very specific targets Hardware
Computer Hard-disks Network Equipment Peripheral devices
Software Operating System
Windows family Unix family MacOS family
Application Server User
Network Protocols
![Page 18: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/18.jpg)
18
3rd dimension: vulnerabilities and exploits
Common Vulnerabilities and Exposures (CVE)
Or Vulnerability in implementation Vulnerability in design Vulnerability in configuration
![Page 19: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/19.jpg)
19
4th dimension: payloads or effects
1. First dimension attack payload2. Corruption of information3. Disclosure of information4. Theft of service
use a system’s services without authorization
5. Subversion gain control over part of the target and us
e it for its own use
![Page 20: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/20.jpg)
20
other dimensions
Damage: A damage dimension would attempt to measure the amount of damage that the attack does.
Cost: Cleaning up after an attack costs money. Propagation: The speed at which it reproduc
es or spreads. Defense: The methods by which an attack ha
s been defended against could be made into a further defense dimension.
![Page 21: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/21.jpg)
21
![Page 22: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/22.jpg)
22
Conclusion
Attacks are easily categorized. Some requirements have not been fully
met. The issue here is not so much the taxon
omy, but how the blended attacks have been analyzed and described.
![Page 23: A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, 20080613 S. Hansman and R. Hunt,](https://reader036.vdocuments.mx/reader036/viewer/2022062308/56649e205503460f94b0c492/html5/thumbnails/23.jpg)
23
Comments
All network activities conduct through the network protocols.
A communication between two hosts relies on the undergoing protocol stacks.
Attack itself is a kind of communication, however this specific communication it can exploit certain vulnerabilities to get remote access, (many other goals, intentions, ...)
Producing a taxonomy of network protocol vulnerabilities seems an alternative to classify the attacks. flaws caused by implementation or specification