Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

2004 International Conference on Dependable Systems and Networks (DSN'04)   p. 102
A Defense-Centric Taxonomy Based on Attack Manifestations
Kevin S. Killourhy, Carnegie Mellon University, Pittsburgh, Pennsylvania
Roy A. Maxion, Carnegie Mellon University, Pittsburgh, Pennsylvania
Kymie M. C. Tan, Carnegie Mellon University, Pittsburgh, Pennsylvania
Full Article Text: Download PDF of full textBuy this articleGet full text from IEEE Xplore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN.2004.1311881
Send link to a friend

Abstract
Many classifications of attacks have been tendered, often in taxonomic form. A common basis of these taxonomies is that they have been framed from the perspective of an attacker - they organize attacks with respect to the attacker's goals, such as privilege elevation from user to root (from the well known Lincoln taxonomy). Taxonomies based on attacker goals are attack-centric; those based on defender goals are defense-centric. Defenders need a way of determining whether or not their detectors will detect a given attack. It is suggested that a defense-centric taxonomy would suit this role more effectively than an attack-centric taxonomy. This paper presents a new, defense-centric attack taxonomy, based on the way that attacks manifest as anomalies in monitored sensor data. Unique manifestations, drawn from 25 attacks, were used to organize the taxonomy, which was validated through exposure to an intrusion-detection system, confirming attack detectability. The taxonomy's predictive utility was compared against that of a well-known extant attack-centric taxonomy. The defense-centric taxonomy is shown to be a more effective predictor of a detector's ability to detect specific attacks, hence informing a defender that a given detector is competent against an entire class of attacks.
Additional Information

Citation:  Kevin S. Killourhy, Roy A. Maxion, Kymie M. C. Tan, "A Defense-Centric Taxonomy Based on Attack Manifestations," dsn, p. 102,  2004 International Conference on Dependable Systems and Networks (DSN'04),  2004

Similar Articles

Abstract Contents
Abstract
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

PDFs require Adobe Acrobat Reader.

Peer Review Notice

Give us Feedback