A taxonomy of networks and computer attacks

Attacks over the years have become both increasingly numerous and sophisticated. This paper focuses on the provisioning of a method for the analysis and categorisation of both computer and network attacks, thus providing assistance in combating new attacks, improving computer and network security as well as providing consistency in language when describing attacks. Such a taxonomy is designed to be useful to information bodies such as CERTs (Computer Emergency Response Teams) who have to handle and categorise an every increasing number of attacks on a daily basis. Information bodies could use the taxonomy to communicate more effectively as the taxonomy would provide a common classification scheme. The proposed taxonomy consists of four dimensions which provide a holistic taxonomy in order to deal with inherent problems in the computer and network attack field. The first dimension covers the attack vector and the main behaviour of the attack. The second dimension allows for classification of the attack targets. Vulnerabilities are classified in the third dimension and payloads in the fourth. Finally, to demonstrate the usefulness of this taxonomy, a case study applies the taxonomy to a number of well known attacks. (C) 2005 Elsevier Ltd. All rights reserved.