M.Y. Komarov
Èlektron. model. 2020, 42(3):111-124
https://doi.org/10.15407/emodel.42.03.111
ABSTRACT
The requirements for taxonomy of cyber threats are given. The analysis of existing works on this topic is carried out. The possible approaches to the development of a cyber threat taxonomy are explored and described. Definitions of key concepts are given. Classification of intrusion techniques and types of attacks on information systems is made. Graphic representations of the invasion, incident, and general structure of the attack are given.
KEYWORDS
cybersecurity, taxonomy, vulnerability, cyberthreat, classification, attack
REFERENCES
- Howard, J.D. and Longstaff, T,A. (1998), A common language for computer security incidents. Sandia Report, Sandia National Laboratories.
- Radatz, J. (1996), The IEEE standard dictionary of electrical and electronics terms. Sixth edition, Institute of Electrical and Electronics Engineers. New York, USA.
- Attanasio, C.R., Markstein, P.W. and Phillips, R.J. (1976), “Penetrating an operating system: a study of VM/370 integrity”, IBM System Journal, Vol. 15, no. 1, pp. 102-116.
https://doi.org/10.1147/sj.151.0102 - Vijayaraghavan, G. and Kaner, C. (2003), Taxonomies, STAR EAST 2003, Orlando, Florida, USA.
- Anderson, J.P. (1980), Computer security threat monitoring and surveillance, Technical Report Contract 79F296400, Washington.
- Neumann, P. and Parker, D. (1989), “A summary of computer misuse techniques”, the Proceeding of the12th National Computer Security Conference, 1989.
- Neumann, P.G. (1995), Computer-Related Risks, ACM Press.
https://doi.org/10.1016/0142-0496(95)80220-7 - Parker, D.B. (1989), COMPUTER CRIME Criminal Justice Resource Manual, U.S. Department of Justice National Institute of Justice Office of Justice Programs.
- Parker, D.B. (1992), Computer Security Reference Book. chapter 34, Computer Crime, CRC Press.
- Hansman, S. (2003), A taxonomy of network and computer attacks methodologies, University of Canterbury, New Zealand.
- Undercoffer, J. and Pinkston, J. Modeling computer attacks: a target-centric ontology for intrusion detection, University of Maryland Baltimore Country.