Taxonomy - 8/27/2007 Incident/Intrusion Taxonomy Wm. Arthur...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
8/27/2007 1 Incident/Intrusion Taxonomy Wm. Arthur Conklin, PhD Assistant Professor Department of Information & Logistics Technology College of Technology Why a Taxonomy? Provides a common frame of reference If no taxonomy then we If no taxonomy, then we: Can’t develop common reporting criteria Can’t develop processes and standardization 2 Ultimately-no IA “Common Language”
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8/27/2007 2 Must have these characteristics . . . Logically related columns + = 1 2 1 2 1 2 Must be: Mutually exclusive Exhaustive 3 4 5 3 3 4 Unambiguous Repeatable Accepted Useful Where to start? The inability to share data because of non- standard terminology is not a new problem For this reason several computer security taxonomies have already been developed Most comprehensive study done by Sandia Labs in conjunction with Carnegie Mellon University Currently in use at Carnegie Mellon’s CERT/CC Sandia Report: “A Common Language for Computer Security Incidents”, John D. Howard and Thomas A. Longstaff (October 1998)
Background image of page 2
8/27/2007 3 Action Probe Scan Target Account Process Incident Event Unauthorized Result Increased Access Disclosure of Objectives Challenge, Status, Thrills Political Attack Vulnerability Design Implementation Tool Physical Attack Information Attackers Hackers Spies Network Based Taxonomy Flood Authenticate Bypass Spoof Read Data Component Computer Network Internetwork Information Corruption of Information Denial of Service Theft of Resources Gain Financial Gain Damage Configuration Exchange User Command Script or Program Autonomous Agent Toolkit Distributed Terrorists Corporate Raiders Professional Criminals Vandals Voyeurs Copy Steal Modify Delete Tool Data Tap Basic Model Unauthorized Intrusions Tool Vulnerability Result Action Target Objectives Attackers Objectives Attackers Intruders
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8/27/2007 4 Intruders Hackers Computer Network Incident Terrorists Other Increased access Disclosure of info Theft of resources Defended Network Objectives Status/Thrills Political Gain Financial Gain Damage Corruption of info Denial of Service Intrusion Taxonomy Intrusion
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/21/2011 for the course CIS 3351 taught by Professor Conklin during the Spring '11 term at University of Houston.

Page1 / 13

Taxonomy - 8/27/2007 Incident/Intrusion Taxonomy Wm. Arthur...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online