How to systematically classify computer security intrusions

This paper presents a classification of intrusions with respect to the technique as well the result. The taxonomy is intended to be a step on the road to an established taxonomy of intrusions for use in incident reporting, statistics, warning bulletins, intrusion detection systems etc. Unlike previous schemes, it takes the viewpoint of the system owner and should therefore be suitable to a wider community than that of system developers and vendors only. It is based on data from a realistic intrusion experiment, a fact that supports the practical applicability of the scheme. The paper also discusses general aspects of classification, and introduces a concept called dimension. After having made a broad survey of previous work in the field, we decided to base our classification of intrusion techniques on a scheme proposed by Neumann and Parker (1989) and to further refine relevant parts of their scheme. Our classification of intrusion results is derived from the traditional three aspects of computer security: confidentiality, availability and integrit

A Framework for Security Metrics Based on Operational System Attributes

There exists a large number of suggestions for how to measure security, and in many cases the goal is to find a single overall metric of security. Given that security is a complex and multi-faceted property, we believe that there are fundamental problems to find such an overall metric. Thus, we suggest a framework for security metrics that is based on a number of system attributes taken from the security and the dependability disciplines. We then regroup those attributes according to an existing conceptual system model and propose a metrication framework in accordance. We suggest that there should be metrics related to protective attributes, to behavioural attributes and possibly to system correctness. Thus, the main idea is that security metrication should be split up and related to a number of specific attributes, and that a composite security metric is hard to define

Survey of Intrusion Detection Research

The literature holds a great deal of research in the intrusion detection area. Much of this describes the design and implementation of specific intrusion detection systems. While the main focus has been the study of different detection algorithms and methods, there are a number of other issues that are of equal importance to make these systems function well in practice. I believe that the reason that the commercial market does not use many of the ideas described is that there are still too many unresolved issues. This survey focuses on presenting the different issues that must be addressed to build fully functional and practically usable intrusion detection systems (IDSs). It points out the state of the art in each area and suggests important open research issues

Identifying Suitable Attributes for Security and Dependability Metrication

In this paper, we suggest a framework for security and dependability metrics that is based on a number of non-functional system attributes. The attributes are the traditional security attributes (the “CIA”) and a set of dependability attributes. Based on a system model, we group those attributes into protective attributes and behavioural attributes and propose that metrication should be done in accordance. We also discuss the dependence between these two sets of attributes and how it affects the corresponding metrics. The metrics themselves are only defined to a limited degree. The concepts of security and dependability largely reflect the same basic system meta-property and are partly overlapping. We claim that the suggested approach will facilitate making quantitative assessment of the integrated concept of security and dependability as reflected by those attributes

Security aspects of the in-vehicle network in the connected car

In this paper, we briefly survey the research with respect to the security of the connected car, and in particular its in-vehicle network. The aim is to highlight the current state of the research; which are the problems found, and what solutions have been suggested. We have structured our investigation by categorizing the research into the following five categories: problems in the in-vehicle network, architectural security features, intrusion detection systems, honeypots, and threats and attacks. We conclude that even though quite some effort has already been expended in the area, most of it has been directed towards problem definition and not so much towards security solutions. We also highlight a few areas that we believe are of immediate concern

Growth Response of Drought-Stressed Pinus sylvestris Seedlings to Single- and Multi-Species Inoculation with Ectomycorrhizal Fungi

Many trees species form symbiotic associations with ectomycorrhizal (ECM) fungi, which improve nutrient and water acquisition of their host. Until now it is unclear whether the species richness of ECM fungi is beneficial for tree seedling performance, be it during moist conditions or drought. We performed a pot experiment using Pinus sylvestris seedlings inoculated with four selected ECM fungi (Cenococcum geophilum, Paxillus involutus, Rhizopogon roseolus and Suillus granulatus) to investigate (i) whether these four ECM fungi, in monoculture or in species mixtures, affect growth of P. sylvestris seedlings, and (ii) whether this effect can be attributed to species number per se or to species identity. Two different watering regimes (moist vs. dry) were applied to examine the context-dependency of the results. Additionally, we assessed the activity of eight extracellular enzymes in the root tips. Shoot growth was enhanced in the presence of S. granulatus, but not by any other ECM fungal species. The positive effect of S. granulatus on shoot growth was more pronounced under moist (threefold increase) than under dry conditions (twofold increase), indicating that the investigated ECM fungi did not provide additional support during drought stress. The activity of secreted extracellular enzymes was higher in S. granulatus than in any other species. In conclusion, our findings suggest that ECM fungal species composition may affect seedling performance in terms of aboveground biomass