Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2006.13C.4.405

A Symptom based Taxonomy for Network Security  

Kim Ki-Yoon (성균관대학교 컴퓨터공학과)
Choi Hyoung-Kee (성균관대학교 정보통신공학부 컴퓨터공학과)
Choi Dong-Hyun (성균관대학교 컴퓨터공학과)
Lee Byoung-Hee (성균관대학교 컴퓨터공학과)
Choi Yoon-Sung (성균관대학교 컴퓨터공학과)
Bang Hyo-Chan (ETRI 능동보안기술연구팀)
Na Jung-Chan (ETRI 능동보안기술연구팀)
Publication Information
The KIPS Transactions:PartC / v.13C, no.4, 2006 , pp. 405-414 More about this Journal
Abstract
We present a symptom based taxonomy for network security. This taxonomy classifies attacks in the network using early symptoms of the attacks. Since we use the symptom it is relatively easy to access the information to classify the attack. Furthermore we are able to classify the unknown attack because the symptoms of unknown attacks are correlated with the one of known attacks. The taxonomy classifies the attack in two stages. In the first stage, the taxonomy identifies the attack in a single connection and then, combines the single connections into the aggregated connections to check if the attacks among single connections may create the distribute attack over the aggregated connections. Hence, it is possible to attain the high accuracy in identifying such complex attacks as DDoS, Worm and Bot We demonstrate the classification of the three major attacks in Internet using the proposed taxonomy.
Keywords
Network Attack; Symptom; Attack Taxonomy; Network Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Akira Kanamaru, Kohei Ohta, Nei Kato, Glenn Mansfield and Yoshiaki Nemoto, 'A simple packet aggregation technique for fault detection,' International Journal of Network Management 2000, Vol. 10, Issue 4, pp.215-228, August, 2000   DOI   ScienceOn
2 Nong Ye, Joseph Giordano and John Feldman, 'A Process Control Approach to Cyber Attack Detection,' Communications of the ACM, Vol 44 No 8, pp 76-82, August, 2001   DOI   ScienceOn
3 Cristina Abad, Jed Taylor, Cigdem Sengul, William Yurcik, Yuanyuan Zhou, and Ken Rowe, 'Log Correlation for Intrusion Detection: A Proof of Concept,' Computer Security Applications Conference, December, 2003
4 N. D. Jayaram and P. L. R. Morse, 'Network security: A taxonomic view,' In European Conf. Sec. and Detection, IEEE, pp.124-127, April, 1997
5 CERT, 'CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks,' CERT/CC, January 1998, available at http://www.cert.org/advisories/CA-1998-01.html
6 Catherine Cook et al., 'An Introduction to Tivoli Enterprise,' IBM, pp. 679 - 726, October 1999, available at http://www.redbooks.ibm.com/redbooks/pdfs/ sg245494.pdf
7 CERT, 'CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks,' CERT/CC, September, 1996, available at http://www.cert.org/advisories/CA-1996-21.html
8 Jeffrey Undercoffer and John Pinkston, 'Modeling Computer Attacks: A Target-Centric Onto-pogy for Intrusion Detection,' CADIP Research Symposium 2002, October, 2002
9 Kevin S. Killourhy, Roy A. Maxion, and Kyrnie M. C. Tan, 'A defence-centric taxonomy based on attack manifestations,' In Proceedings of the International Conference on Dependable Systems and Networks 2004, June, 2004   DOI
10 James P. Anderson, 'Computer Security Threat Monitoring and Surveillance' James P. Anderson Co., Fort Washington, PA, April, 1980
11 John D. Howard and Thomas A. Longstaff, 'A Common Language for Computer Security Incidents,' Sandia Report SAND98-8667, October, 1998
12 Tim Grance, Karen Kent and Brian Kim, 'Computer Security Incident Handling Guide,' NIST Special Publication 800-61, January, 2004
13 Dean Turner et al., 'Syrnantec Internet Security Threat Report Trends for July 05 - December 05 Volume IX, March 2006,' Symantec, March, 2006
14 John D. Howard, 'An Analysis Of Security Incidents On The Internet 1989-1995,' PhD thesis, Carnegie Mellon University, April, 1997