A Taxonomy for Large-Scale Cyber Security Attacks

In an effort to examine the spread of large-scale cyber attacks, researchers have created various taxonomies. These taxonomies are purposefully built to facilitate the understanding and the comparison of these attacks, and hence counter their spread. Yet, existing taxonomies focus mainly on the technical aspects of the attacks, with little or no information about how to defend against them. As such, the aim of this work is to extend existing taxonomies by incorporating new features pertaining the defense strategy, scale, and others. We will compare the proposed taxonomy with existing state of the art taxonomies. We also present the analysis of 174 large cyber security attacks based on our taxonomy. Finally, we present a web tool that we developed to allow researchers to explore exiting data sets of attacks and contribute new ones. We are convinced that our work will allow researchers gain deeper insights into emerging attacks by facilitating their categorization, sharing and analysis, which results in boosting the defense efforts against cyber attack

A taxonomy of malicious traffic for intrusion detection systems

With the increasing number of network threats it is essential to have a knowledge of existing and new network threats to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets

Classification of logical vulnerability based on group attacking method

New advancement in the field of e-commerce software technology has also brought many benefits, at the same time developing process always face different sort of problems from design phase to implement phase. Software faults and defects increases the issues of reliability and security, that’s reason why a solution of this problem is required to fortify these issues. The paper addresses the problem associated with lack of clear component-based web application related classification of logical vulnerabilities through identifying Attack Group Method by categorizing two different types of vulnerabilities in component-based web applications. A new classification scheme of logical group attack method is proposed and developed by using a Posteriori Empirically methodology

Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence

Cyber threat intelligence is the provision of evidence-based knowledge about existing or emerging threats. Benefits of threat intelligence include increased situational awareness and efficiency in security operations and improved prevention, detection, and response capabilities. To process, analyze, and correlate vast amounts of threat information and derive highly contextual intelligence that can be shared and consumed in meaningful times requires utilizing machine-understandable knowledge representation formats that embed the industry-required expressivity and are unambiguous. To a large extend, this is achieved by technologies like ontologies, interoperability schemas, and taxonomies. This research evaluates existing cyber-threat-intelligence-relevant ontologies, sharing standards, and taxonomies for the purpose of measuring their high-level conceptual expressivity with regards to the who, what, why, where, when, and how elements of an adversarial attack in addition to courses of action and technical indicators. The results confirmed that little emphasis has been given to developing a comprehensive cyber threat intelligence ontology with existing efforts not being thoroughly designed, non-interoperable and ambiguous, and lacking semantic reasoning capability

Using Domain Knowledge to Facilitate Cyber Security Analysis

Network attack classification is an essential component in intrusion detection in that it can improve the performance of intrusion detection system. Several machine-learning methods have been applied in correlating attacks. There is one inherent limitation with these approaches that they strongly rely on datasets, and consequently their models for attack classification can hardly generalize beyond the training data. To address the above limitation, we propose to utilize domain knowledge in form of taxonomy and ontology to improve attack correlation in cyber security. In addition, we expect that the attack correlation results of machine-learning techniques can be used to refine the original attack taxonomy. The proposed methods are evaluated with several experiments. The findings of the experiments suggest that domain knowledge and machine-learning technique should be used together on attack classification tasks

Cyber Security Classification Model Evaluation and Comparison

Cyber incidents can be defined as violations of explicit or implied policies that can include unauthorized access, disruption, unauthorized use, or changes to systems, networks, hardware, and software (US Cert, 2018). This description does not account for all possibilities and cyber incidents continue to evolve and increase in visibility for organizations (Pescatore, 2017). Cyber incidents can have real costs associated with them to governments, companies, and individuals. For instance, in December of 2013 Target Corp. reported a data breach of 40 million credit card accounts (Krebs, 2013). According to their 2016 SEC filings, it cost the company $291 million and hurt their reputation in the market (Herberger, 2016). Another great example would be the StuxNet attack where a worm was able to physically damage lab equipment required to develop nuclear weapons in Iran. The costs of lost national security, development time, and cost of the equipment were huge, but are not easily calculated (Kushner, 2013). Further the recent cyber incident at Equifax, where on September 7th of 2017 an estimated 143 million U.S. consumers’ data was breached at Equifax. While this is costly to the organization it had larger implications for consumers and the economy (DeMarco, 2018)

Taxonomies for Reasoning About Cyber-physical Attacks in IoT-based Manufacturing Systems

The Internet of Things (IoT) has transformed many aspects of modern manufacturing, from design to production to quality control. In particular, IoT and digital manufacturing technologies have substantially accelerated product development- cycles and manufacturers can now create products of a complexity and precision not heretofore possible. New threats to supply chain security have arisen from connecting machines to the Internet and introducing complex IoT-based systems controlling manufacturing processes. By attacking these IoT-based manufacturing systems and tampering with digital files, attackers can manipulate physical characteristics of parts and change the dimensions, shapes, or mechanical properties of the parts, which can result in parts that fail in the field. These defects increase manufacturing costs and allow silent problems to occur only under certain loads that can threaten safety and/or lives. To understand potential dangers and protect manufacturing system safety, this paper presents two taxonomies: one for classifying cyber-physical attacks against manufacturing processes and another for quality control measures for counteracting these attacks. We systematically identify and classify possible cyber-physical attacks and connect the attacks with variations in manufacturing processes and quality control measures. Our taxonomies also provide a scheme for linking emerging IoT-based manufacturing system vulnerabilities to possible attacks and quality control measures