A Defense-Centric Taxonomy Based on Attack Manifestations

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kevin S. Killourhy Articles by Roy A. Maxion Articles by Kymie M. C. Tan

2004 International Conference on Dependable Systems and Networks (DSN'04)

Florence, Italy

June 28-July 01

ISBN: 0-7695-2052-9

	ASCII Text	x
	Kevin S. Killourhy, Roy A. Maxion, Kymie M. C. Tan, "A Defense-Centric Taxonomy Based on Attack Manifestations," Dependable Systems and Networks, International Conference on, pp. 102, 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004.

	BibTex	x
	@article{ 10.1109/DSN.2004.1311881, author = {Kevin S. Killourhy and Roy A. Maxion and Kymie M. C. Tan}, title = {A Defense-Centric Taxonomy Based on Attack Manifestations}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2004}, isbn = {0-7695-2052-9}, pages = {102}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2004.1311881}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - A Defense-Centric Taxonomy Based on Attack Manifestations SN - 0-7695-2052-9 SP EP A1 - Kevin S. Killourhy, A1 - Roy A. Maxion, A1 - Kymie M. C. Tan, PY - 2004 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Kevin S. Killourhy, Carnegie Mellon University, Pittsburgh, Pennsylvania

Roy A. Maxion, Carnegie Mellon University, Pittsburgh, Pennsylvania

Kymie M. C. Tan, Carnegie Mellon University, Pittsburgh, Pennsylvania

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN.2004.1311881

Many classifications of attacks have been tendered, often in taxonomic form. A common basis of these taxonomies is that they have been framed from the perspective of an attacker - they organize attacks with respect to the attacker's goals, such as privilege elevation from user to root (from the well known Lincoln taxonomy). Taxonomies based on attacker goals are attack-centric; those based on defender goals are defense-centric. Defenders need a way of determining whether or not their detectors will detect a given attack. It is suggested that a defense-centric taxonomy would suit this role more effectively than an attack-centric taxonomy. This paper presents a new, defense-centric attack taxonomy, based on the way that attacks manifest as anomalies in monitored sensor data.

Unique manifestations, drawn from 25 attacks, were used to organize the taxonomy, which was validated through exposure to an intrusion-detection system, confirming attack detectability. The taxonomy's predictive utility was compared against that of a well-known extant attack-centric taxonomy. The defense-centric taxonomy is shown to be a more effective predictor of a detector's ability to detect specific attacks, hence informing a defender that a given detector is competent against an entire class of attacks.

Citation:

Kevin S. Killourhy, Roy A. Maxion, Kymie M. C. Tan, "A Defense-Centric Taxonomy Based on Attack Manifestations," dsn, pp.102, 2004 International Conference on Dependable Systems and Networks (DSN'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.