A genealogical approach to building a denial of service attack taxonomy

Abstract

<p>Availability requires that computer systems remain functioning as expected without degradation in processing, access, or availability of resources to legitimate users. Although many organizations may have implemented good security practices in building their networks, these networks still remain open to common assault tools that threaten the availability of network services to legitimate users. Over time, many of these availability assaults, also known as denial of service (DoS) attacks, have grown more complex, effective, and even easier to launch. Unfortunately, the number of published attacks continues to grow while few security researchers firmly understand their details. If properly compiled into an effective database, the collection of these different attack scripts could possibly provide valuable information to computer security engineers such as characterizing threats in terms of source, attack method, and effects on computer resources. Using the attack database, it is also possible to begin to build taxonomy of common denial of service attacks and develop a general methodology for describing and characterizing such threats. Although various research studies have been previously conducted in hopes of building a general software vulnerability database for use by security analysts, no studies have specifically focused on studying attack histories. By examining DoS attack history, genealogy, and taxonomy together, researchers gain the ability to not only identify existing attacks and possible countermeasures but possibly even predict future attacks in some cases as well. Although attacks have grown increasingly complex over time, many of the same basic ideas and methods for performing the denial of service remain unchanged or only slightly modified. While previous research models had focused on attacks as singular data points, modeling assaults as growing genealogical trees formed from several different software attacks yields valuable information on recurring themes in DoS attacks. Furthermore, attack tree hierarchies allow researchers the ability to study how software vulnerability exploits have changed over time. Building a vulnerability database of denial of service attacks comprised of both singular entries and corresponding attack trees allows for the development of classifications in the taxonomies of vulnerabilities and reveals characteristics of attacks that have remained prevalent in software over time.</p>