taxonomy of computer security incidents l.
Skip this Video
Loading SlideShow in 5 Seconds..
Taxonomy of Computer Security Incidents PowerPoint Presentation
Download Presentation
Taxonomy of Computer Security Incidents

Loading in 2 Seconds...

play fullscreen
1 / 14

Taxonomy of Computer Security Incidents - PowerPoint PPT Presentation

  • Uploaded on

Taxonomy of Computer Security Incidents. Yashodhan Fadnavis. How does it help?. Taxonomy gives common names to event Security against a ‘class’ of attacks. Satisfying Taxonomy. Mutually Exclusive Exhaustive Unambiguous Repeatable Accepted Useful. Listing Terms.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Taxonomy of Computer Security Incidents' - odette

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
how does it help
How does it help?
  • Taxonomy gives common names to event
  • Security against a ‘class’ of attacks
satisfying taxonomy
Satisfying Taxonomy
  • Mutually Exclusive
  • Exhaustive
  • Unambiguous
  • Repeatable
  • Accepted
  • Useful
listing terms
Listing Terms
  • E.g. Password sniffing, Brute force attacks, Eavesdropping, Harassment, Covert Channels, Viruses, Logic Bombs, Software loopholes, WEP loopholes, Source address spoofing, Software piracy, Degradation of services, Session hijacking
  • Failed six satisfying properties = Bad Taxonomy.
  • Lists can be never ending.
listing categories
Listing categories

Stealing Social

passwords Engineering

Cheswick and Bellovin List

Bugs and






Info Leakage


  • Password sniffing
  • Brute force
  • Eavesdropping
  • Harassment
  • Covert
  • channels
  • Viruses
  • Logic Bombs
  • Software
  • loopholes
  • WEP
  • Loopholes
  • Source
  • Address
  • spoofing
  • Software
  • Piracy
  • Degradation
  • Of Service
  • Session
  • Hijacking
other taxonomies
Other taxonomies
  • Result categories
  • Empirical categories
  • Matrices
incident taxonomy
Incident Taxonomy
  • Events: An action directed at a target which is intended to result in change of the state of the target.
  • Action: Step taken by a user or a process to achieve a result.
  • Target: A computer or a network logical entity.



  • Incident: A group of attacks that can be distinguished from other attacks because of the uniqueness of the attackers, objectives, sites and timing.




federal incident reporting guidelines
Federal Incident Reporting Guidelines
  • Agency name
  • Point of contact information including name, telephone, and email address
  • Incident Category Type (e.g., CAT 1, CAT 2, etc.)
  • Incident Timestamp
  • Source IP, Destination IP, port, and protocol
  • Operating System, including version, patches, etc.
  • System Function (e.g., DNS/web server, workstation, etc.)
  • Antivirus software installed, including version, and latest updates
  • Location of the system(s) involved in the incident (e.g. Clemson)
  • Method used to identify the incident (e.g., IDS, audit log analysis, system administrator)
  • Impact to agency
  • Resolution