ISU Electrical and Computer Engineering Archives

A method for classifying attack implementations based upon its primary objective

Ryon, Luke E. (2004) A method for classifying attack implementations based upon its primary objective. Masters thesis, Iowa State University.

Full text available as:

PDF - Requires Adobe Acrobat Reader or other PDF viewer.

Abstract

A method for classifying attack implementations is a valuable structure for understanding attack implementations. An attack implementation is a specific way that an act, regardless of success, with the intention of causing harm or violating an explicit or implied security policy is done. The current state of computer security is that new attack implementations are being developed daily. Correspondingly, it is important for computer security professionals to be able to understand these attack implementations in order to develop more effective defenses. A method for classifying attack implementations will provide the basis for professionals to be able to develop attack implementation databases and to systematically study attack implementations. Each of these applications can be used to more fully understand attack implementations. A method for classifying attack implementations must be simple, unambiguous, comprehensive, and repeatable. These characteristics allow this method to be used in many different situations. A method for classifying attack implementations was developed that is based upon the primary objective of the attack implementation. Every attack implementation has exactly one primary objective. Correspondingly, a primary objective can be used to classify an attack implementation. A review of the possible resources of attack implementations was performed as part of an evaluation of this method for classifying attack implementations. This method for classifying attack implementations satisfies each of the four characteristics: simple, unambiguous, comprehensive, and repeatable. The method for classifying attack implementations presented in this research provides a valuable structure for studying attack implementations. This understanding will encourage future research and the development of methods for defending against computer attacks.

EPrint Type:Thesis (Masters)
Uncontrolled Keywords:attack implementations, exploit, vulnerability, classification
Subjects:Computer Engineering > INFORMATION SYSTEMS SECURITY & NETWORKING > Information Assurance
Computer Engineering > INFORMATION SYSTEMS SECURITY & NETWORKING > Computer Networking and Security
ID Code:37
Identification Number:TR-2004-03-3
Deposited By:Luke Ryon
Deposited On:16 April 2004

Archive Staff Only: edit this record