Categorization of Attacks

• Traditionally based on disclosure, integrity, denial of service and fabrication
• usually attacks fall into one of these categories
• Recently more reported attacks don’t easily fit into one of these categories
• New attack taxonomies are being developed that are more appropriate to some systems
• simple
• risk-based empirical

Simple Attack Taxonomy

• Introduces new categories seen as the main areas of computer vulnerability
• Decomposes each category further into types of perpetrators
• A matrix is created such that each cell describes a potential combination of attack and perpetrator

Risks-Based Empirical Attack Taxonomy Categories

• External Information Theft
• External Abuse of Resources
• Masquerading
• Pest Programs
• Bypassing Authentication or Authority
• Authority Abuse
• Abuse Through Inaction
• Indirect Abuse

Trojan Horse Program

• A practical method to launch an attack
• Any program that is expected to perform some desirable function, but actually performs some unexpected and undesirable function
• It may perform the expected function, and in addition perform a malicious function

Virus

• Any Trojan Horse program that has been designed to self-reproduce and propagate
• can modify other programs
• including a possibly modified copy of the virus
• Can propagate across different computer systems
• including different subsystems within the same computer system and different portions of the same subsystem

Code Propagation

• Many ways to propagate code
• hand delivered floppy disks
• relatively slow propagation
• high speed transmission over networks
• virus spread speeds up as long as transmission software is available
• connected systems that allow users to remotely execute programs
• things really speed up

Typical Virus Operation

• Find a connected system
• Send self-reproducing code via the remote copying command
• Initiate a remote compilation of the self-reproducing code via the remote execution command