Browse > Article
http://dx.doi.org/10.22937/IJCSNS.2021.21.8.1

AVOIDITALS: Enhanced Cyber-attack Taxonomy in Securing Information Technology Infrastructure  

Syafrizal, Melwin (Faculty of Computer Science, Universitas AMIKOM Yogyakarta)
Selamat, Siti Rahayu (Fakulti Teknologi Maklumat dan Komunikasi, Universiti Teknikal Malaysia Melaka)
Zakaria, Nurul Azma (Fakulti Teknologi Maklumat dan Komunikasi, Universiti Teknikal Malaysia Melaka)
Publication Information
International Journal of Computer Science & Network Security / v.21, no.8, 2021 , pp. 1-12 More about this Journal
Abstract
An operation of an organization is currently using a digital environment which opens to potential cyber-attacks. These phenomena become worst as the cyberattack landscape is changing rapidly. The impact of cyber-attacks varies depending on the scope of the organization and the value of assets that need to be protected. It is difficult to assess the damage to an organization from cyberattacks due to a lack of understanding of tools, metrics, and knowledge on the type of attacks and their impacts. Hence, this paper aims to identify domains and sub-domains of cyber-attack taxonomy to facilitate the understanding of cyber-attacks. Four phases are carried in this research: identify existing cyber-attack taxonomy, determine and classify domains and sub-domains of cyber-attack, and construct the enhanced cyber-attack taxonomy. The existing cyber-attack taxonomies are analyzed, domains and sub-domains are selected based on the focus and objectives of the research, and the proposed taxonomy named AVOIDITALS Cyber-attack Taxonomy is constructed. AVOIDITALS consists of 8 domains, 105 sub-domains, 142 sub-sub-domains, and 90 other sub-sub-domains that act as a guideline to assist administrators in determining cyber-attacks through cyber-attacks pattern identification that commonly occurred on digital infrastructure and provide the best prevention method to minimize impact. This research can be further developed in line with the emergence of new types and categories of current cyberattacks and the future.
Keywords
Cyber-attack taxonomy; AVOIDITALS; Cyber-attack domain;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Joshi, C. and Singh, U. K.: ADMIT- A Five Dimensional Approach Towards Standardization of Network and Computer Attack Taxonomies. International Journal of Computer Applications, 100(5), pp. 30-36 (2014)   DOI
2 Agrafiotis, I. et al.: A Taxonomy of Cyber-Harms: Defining the Impacts of Cyber-Attacks and Understanding How They Propagate. Journal of Cybersecurity, 4(1), pp. 1-15 (2018)
3 Howard, J. D.: An Analysis of Security Incidents on The Internet 1989 - 1995. Carnegie Mellon University. (1997)
4 Treadstone71: Treadstone 71 Cyber Attack Taxonomy. In: Website the Cyber Shafarat - Treadstone 71. Available at: https://treadstone71llc.files.wordpress.com/2014/11/cyberattack-taxonomy-treadstone-71.jpg (Accessed: 4 June 2021).
5 Kiltz, S., Lang, A. and Dittmann, J.: Taxonomy for Computer Security Incidents. In: Cyber Warfare and Cyber Terrorism, pp. 412-417 (2008)
6 John D. Howard and Thomas A Longstaff: A Common Language for Computer Security Incidents. Albuquerque, New Mexico; Livermore, California (1998)
7 Lough, D. L.: A Taxonomy of Computer Attacks with Applications to Wireless Networks. In: PhD Thesis. Virginia Polytechnic Institute and State University (2001)
8 Mirkovic, J. and Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), p. 39-54 (2004)   DOI
9 Zhu, B., Joseph, A. and Sastry, S.: A Taxonomy of Cyber Attacks on SCADA Systems. In: Proceedings - 2011 IEEE International Conferences on Internet of Things and Cyber, Physical and Social Computing, iThings/CPSCom 2011, pp. 380-388 (2011)
10 Gao, J. B. et al.: Ontology-Based Model of Network and Computer Attacks for Security Assessment. Journal of Shanghai Jiaotong University (Science), 18(5), pp. 554-562 (2013)   DOI
11 Iqbal, S. et al.: On Cloud Security Attacks: A Taxonomy and Intrusion Detection and Prevention as a Service. Journal of Network and Computer Applications. Elsevier, 74, pp. 98-120 (2016)   DOI
12 Heartfield, R. and Loukas, G.: Detecting Semantic Social Engineering Attacks with The Weakest Link: Implementation and Empirical Evaluation of a Human-As-A-Security-Sensor Framework. Computers & Security. Elsevier Ltd. (2018)
13 Magar, A.: State-of-the-Art in Cyber Threat Models and Methodologies, Sphyma Security (2016)
14 Loukas, G., Gan, D. and Vuong, T.: A Taxonomy of Cyber Attack and Defence Mechanisms for Emergency Management Networks. In: Proc. of 2013 IEEE International Conference on Pervasive Computing and Communications Workshops, March, pp. 534-539 (2013)
15 Cebula, J. J., Popeck, M. E. and Young, L. R.: A Taxonomy of Operational Cyber Security Risks Version 2. In: Technical Report of Carnegie Mellon University Software Engineering Institute, CMU/SEI-2014-TN-006 (2014)
16 Drias, Z., Serhrouchni, A. and Vogel, O.: Taxonomy of Attacks on Industrial Control Protocols. In: Proc. Of International Conference on Protocol Engineering, ICPE 2015 and International Conference on New Technologies of Distributed Systems, NTDS 2015 (2015)
17 Douad, M. A. and Dahmani, Y.: ARTT Taxonomy and Cyber-attack Framework. In: Proc. Of First International Conference on New Technologies of Information and Communication (NTIC), pp. 1-6 (2015)
18 Juliadotter, N. V. and Choo, K. K. R.: Cloud Attack and Risk Assessment Taxonomy. IEEE Cloud Computing, 2(1), pp. 14-20 (2015)   DOI
19 Wu, M. and Moon, Y. B.: Taxonomy of Cross-Domain Attacks on CyberManufacturing System. Procedia Computer Science. Elsevier B.V., 114, pp. 367-374 (2017)   DOI
20 Banga, A., Gupta, D. and Bathla, R.: Towards a Taxonomy of Cyber Attacks on SCADA System. In: Proc. of 2019 International Conference on Intelligent Computing and Control Systems, ICCS 2019. IEEE, (ICICCS), pp. 343-347 (2019)
21 Kim, S. et al.: Cyber Attack Taxonomy for Digital Environment in Nuclear Power Plants. Nuclear Engineering and Technology. Elsevier Ltd, 52(5), pp. 995-1001 (2020)   DOI
22 Xenofontos, C. et al.: Consumer, Commercial and Industrial IoT (In) Security: Attack Taxonomy and Case Studies. IEEE Internet of Things Journal, 4662(c), pp. 1-1 (2021)   DOI
23 Sanjeev Relia, C.: Cyber Warfare: Its Implication on National Security, Cyber Warfare. New Delhi: Vij Books India Pvt Ltd. (2015)
24 Simmons, C. B. et al.: ADAPT: A Game Inspired AttackDefense and Performance Metric Taxonomy. In: IFIP International Information Security Conference, 405, pp. 344-365 (2013)
25 Derbyshire, R. et al.: An Analysis of Cyber Security Attack Taxonomies. In: Proc. of 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018. IEEE, pp. 153-161 (2018)
26 Klaper, D. and Hovy, E.: A Taxonomy and A Knowledge Portal for Cybersecurity. In: Proceedings of the 15th Annual International Conference on Digital Government Research, pp. 79-85 (2014)
27 Louis Marinos and ENISA: ENISA Threat Taxonomy-A Tool for Structuring Threat Information. Athens (2016)
28 ENISA.: ENISA Threat Landscape Report 2017. ENISA (2018)
29 Simmons, C. B. et al.: AVOIDIT: A Cyber Attack Taxonomy. In: 9th Annual Symposium on Information Assurance, (June 3-4), pp. 12-22 (2014)
30 Myers, C., Powers, S. and Faissol, D.: Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches. Lawrence Livermore National Laboratory, (August 2007), pp. 1-22 (2009)
31 Hansman, S. and Hunt, R.: A Taxonomy of Network and Computer Attacks. Computers and Security, 24(1), pp. 31-43 (2005)   DOI