Abstract
This paper investigates how the measurement of a network attack taxonomy can be related to human perception. Network attacks do not have a time limitation, but the earlier its detected, the more damage can be prevented and the more preventative actions can be taken. This paper evaluate how elements of network attacks can be measured in near real-time(60 seconds). The taxonomy we use was developed by van Heerden et al (2012) with over 100 classes. These classes present the attack and defenders point of view. The degree to which each class can be quantified or measured is determined by investigating the accuracy of various assessment methods. We classify each class as either defined, high, low or not quantifiable. For example, it may not be possible to determine the instigator of an attack (Aggressor), but only that the attack has been launched by a Hacker (Actor). Some classes can only be quantified with a low confidence or not at all in a sort (near real-time) time. The IP address of an attack can easily be faked thus reducing the confidence in the information obtained from it, and thus determining the origin of an attack with a low confidence. This determination itself is subjective. All the evaluations of the classes in this paper is subjective, but due to the very basic grouping (High, Low or Not Quantifiable) a subjective value can be used. The complexity of the taxonomy can be significantly reduced if classes with only a high perceptive accuracy is used.
Chapter PDF
Similar content being viewed by others
References
van Heerden, R., Pieterse, H., Irwin, B.: Mapping the most significant computer hacking events to a temporal computer attack model. In: Hercheui, M.D., Whitehouse, D., McIver Jr., W., Phahlamohlaka, J. (eds.) ICT Critical Infrastructures and Society. IFIP AICT, vol. 386, pp. 226–236. Springer, Heidelberg (2012)
van Heerden, R.P., Burke, I., Irwin, B.: Classifying network attack scenarios using an ontology. In: Proceedings of the 7th International Conference on Information-Warfare & Security (ICIW 2012), pp. 311–324. ACI (2012)
Joyal, P.: Industrial espionage today and information wars of tomorrow. In: 19th National Information Systems Security Conference, pp. 139–151 (1996)
Burstein, A.: Trade secrecy as an instrument of national security–rethinking the foundations of economic espionage. Arizona State Law Journal 41, 933–1167 (2009)
Grant, T., Venter, H., Eloff, J.: Simulating adversarial interactions between intruders and system administrators using ooda-rr. In: Proceedings of the 2007 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries, pp. 46–55. ACM (2007)
van Heerden, R., Leenen, L., Irwin, B., Burke, I.: A computer network attack taxonomy and ontology. International Journal of Cyber Warfare and Terrorism 3, 12–25 (2012)
Fenz, S., Neubauer, T.: How to determine threat probabilities using ontologies and bayesian networks. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, p. 69. ACM (2009)
Shavitt, Y., Zilberman, N.: A geolocation databases study. IEEE Journal on Selected Areas in Communications 29(10), 2044–2056 (2011)
Stoll, C.: Tracking a spy through a maze of computer espionage, vol. 1. Doubleday (1989)
Ezzeldin, H.: Nmap detection and countermeasures. Online (March 2008) (accesed September 5, 2012)
Kibret, W.E.: Analyzing network security from a defense in depth perspective. Master’s thesis, Department of Informatics University of Oslo (2011)
Yung, K.H.: Detecting long connection chains of interactive terminal sessions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 1–16. Springer, Heidelberg (2002)
Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 170–179. IEEE (2003)
Myers, J., Grimaila, M., Mills, R.: Towards insider threat detection using web server logs. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 54–58. ACM (2009)
Poese, I., Uhlig, S., Kaafar, M.A., Donnet, B., Gueye, B.: IP geolocation databases: unreliable? ACM SIGCOMM Computer Communication Review 41(2), 53–56 (2011)
Katz-Bassett, E., John, J.P., Krishnamurthy, A., Wetherall, D., Anderson, T., Chawathe, Y.: Towards ip geolocation using delay and topology measurements. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 71–84. ACM (2006)
Sanger, D.: Obama order sped up wave of cyberattacks against iran. Online (June 2012) (accessed August 24, 2012)
Shiffman, G., Gupta, R.: Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons. International Journal of the Commons 7(1), 93–112 (2013)
Stout, G.: Testing a website: Best practices. Technical report, Reveregroup (2001) (accessed January 2, 2013)
Lunt, T.F.: A survey of intrusion detection techniques. Computers & Security 12(4), 405–418 (1993)
Tjhai, G., Papadaki, M., Furnell, S., Clarke, N.: Investigating the problem of ids false alarms: An experimental study using snort. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) Proceedings of the IFIP TC 11 23rd International Information Security Conference. IFIP, vol. 278, pp. 253–267. Springer, Boston (2008)
Hariri, S., Qu, G., Dharmagadda, T., Ramkishore, M., Raghavendra, C.S.: Impact analysis of faults and attacks in large-scale networks. IEEE Security & Privacy 1(5), 49–54 (2003)
Kuwatly, I., Sraj, M., Al Masri, Z., Artail, H.: A dynamic honeypot design for intrusion detection. In: IEEE International Conference on Pervasive Services (ICPS), pp. 95–104 (2004)
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: Surveying port scans and their detection methodologies. The Computer Journal 54(10), 1565–1581 (2011)
Merritt, D.: Spear phishing attack detection. Master’s thesis, Air Force Institute of Technology (March 2011) (accessed January 1, 2013)
Mouton, F., Malan, M.M., Venter, H.S.: Social engineering from a normative ethics perspective. In: Information Security for South Africa, pp. 1–8 (2013)
Bezuidenhout, M., Mouton, F., Venter, H.: Social engineering attack detection model: Seadm. In: Information Security for South Africa, pp. 1–8 (2010)
Mouton, F., Malan, M., Venter, H.: Development of cognitive functioning psychological measures for the seadm. In: Human Aspects of Information Security & Assurance (2012)
Mouton, F., Leenen, L., Malan, M.M., Venter, H.S.: Towards an ontological model defining the social engineering domain. In: 11th Human Choice and Computers International Conference, Turku, Finland (July 2014)
Heberlein, L.T., Dias, G.V., Levitt, K.N., Mukherjee, B., Wood, J., Wolber, D.: A network security monitor. In: Proceedings of Computer Society Symposium on Research in Security and Privacy, pp. 296–304. IEEE (1990)
Christodorescu, M., Jha, S.: Testing malware detectors. ACM SIGSOFT Software Engineering Notes 29(4), 34–44 (2004)
Owen, D.: What is a false positive and why are false positives a problem? Online (May 2010) (accessed November 21, 2012)
Manmadhan, S., Manesh, T.: A method of detecting sql injection attack to secure web applications. International Journal of Distributed and Parallel Systems 3, 1–8 (2012)
Ciampa, A., Visaggio, C.A., Di Penta, M.: A heuristic-based approach for detecting sql-injection vulnerabilities in web applications. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, pp. 43–49. ACM (2010)
Win, W., Htun, H.H.: A simple and efficient framework for detection of sql injection attack. International Journal of Computer & Communication Engineering Research 1(2), 26–30 (2013)
Jim, T., Swamy, N., Hicks, M.: Defeating script injection attacks with browser-enforced embedded policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 601–610. ACM (2007)
Scholte, T., Robertson, W., Balzarotti, D., Kirda, E.: An empirical analysis of input validation mechanisms in web applications and languages. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1419–1426. ACM (2012)
Rao, T.: Defending against web vulnerabilities and cross-site scripting. Journal of Global Research in Computer Science 3(5), 61–64 (2012)
Karig, D., Lee, R.: Remote denial of service attacks and countermeasures. Technical Report CE-L2001-002, Princeton University Department of Electrical Engineering (October 2001) (accessed January 1, 2013)
Mirkovic, J., Reiher, P.: A taxonomy of ddos attack and ddos defense mechanisms. ACM SIGCOMM Computer Communication Review 34(2), 39–53 (2004)
Bhide, A., Elnozahy, E.N., Morgan, S.P.: A highly available network file server. In: Proceedings of the 1991 USENIX Winter Conference, pp. 199–205. Citeseer (1991)
Yang, D., Usynin, A., Hines, J.W.: Anomaly-based intrusion detection for scada systems. In: 5th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC & HMIT 2005), pp. 12–16 (2006)
Gula, R.: Correlating ids alerts with vulnerability information. Technical Report Revision 4, Tenable Network Security (May 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
van Heerden, R., Malan, M.M., Mouton, F., Irwin, B. (2014). Human Perception of the Measurement of a Network Attack Taxonomy in Near Real-Time. In: Kimppa, K., Whitehouse, D., Kuusela, T., Phahlamohlaka, J. (eds) ICT and Society. HCC 2014. IFIP Advances in Information and Communication Technology, vol 431. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44208-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-662-44208-1_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44207-4
Online ISBN: 978-3-662-44208-1
eBook Packages: Computer ScienceComputer Science (R0)