How to systematically classify computer security intrusions
Lindqvist, U.; Jonsson, E.
Security and Privacy, 1997. Proceedings., 1997 IEEE Symposium on
Volume , Issue , 4-7 May 1997 Page(s):154 - 163
Digital Object Identifier 10.1109/SECPRI.1997.601330
Summary:This paper presents a classification of intrusions with respect to
the technique as well the result. The taxonomy is intended to be a step
on the road to an established taxonomy of intrusions for use in incident
reporting, statistics, warning bulletins, intrusion detection systems
etc. Unlike previous schemes, it takes the viewpoint of the system owner
and should therefore be suitable to a wider community than that of
system developers and vendors only. It is based on data from a realistic
intrusion experiment, a fact that supports the practical applicability
of the scheme. The paper also discusses general aspects of
classification, and introduces a concept called dimension. After having
made a broad survey of previous work in the field, we decided to base
our classification of intrusion techniques on a scheme proposed by
Neumann and Parker (1989) and to further refine relevant parts of their
scheme. Our classification of intrusion results is derived from the
traditional three aspects of computer security: confidentiality,
availability and integrity
View citation and abstract |
Cart
