2. Attack
A set of malicious activities to disrupt, deny, degrade or destroy
information and service resident in computer
7/28/2021 (c) Dr. Jyoti Lakhani
3. A network attack is executed through the data stream on
networks and aims to compromise the Integrity , Confidentiality or
Availability of computer network systems.
Examples of Computer Attacks
• Viruses attached to Emails
• Probing* of system to collect information
• Internet Worms
• Unauthorized usage of a system
• Denial-of-Service by abusing a feature of a system
• Exploiting a bug in software to modify system data
• Masquerading*
Network Attack
*Probing : inquiring closely into something; searching
* Masquerading : pretend to be someone; Simulate
7/28/2021 (c) Dr. Jyoti Lakhani
4. Classification / Taxonomy of attacks
Hansman’s
Taxonomy
Verdict
Taxonomy
7/28/2021 (c) Dr. Jyoti Lakhani
5. Classification / Taxonomy of attacks
VERDICT Taxonomy
(Validation Exposure Randomness Deallocation
Improper Conditions Taxonomy)
VERRDICT shows that all computer attacks can be classified
using four improper conditions
Validation Exposure
Randomness Deallocation
7/28/2021 (c) Dr. Jyoti Lakhani
6. During an improper validation, an insufficient or incorrect
validation will lead an unauthorized access to critical information
or a protected system.
How to avoid the improper validation
The parameters that are passed between two system components
or between a system component and an external entity must be
validated according to a set of conditions:
1. Presence or absence
2. Data types and formats
3. Number and order
4. Value ranges
5. Access rights to associated storage locations
6. Consistency among parameters
Improper Validation
7/28/2021 (c) Dr. Jyoti Lakhani
7. The improper exposure always happens if the specific exposure
conditions are satisfied.
For instance, an inferior process might obtain the access to
privileged information located in the storage
Or
privileged information is transferred to an inferior process
indirectly through the acknowledgment or timing.
In this situation, the critical information system will be
improperly exposed to the attack
Improper Exposure
7/28/2021 (c) Dr. Jyoti Lakhani
8. The improper randomness can result in an exposure to attack.
A crucial aspect in cryptography is to generate random numbers.
However, due to the lack of true random sources, pseudo-random
numbers are used in current computer systems instead, which
makes the development of unbreakable ciphering units extremely
difficult.
Improper Randomness
7/28/2021 (c) Dr. Jyoti Lakhani
9. The improper deallocation means the information stored in the
system is not properly deleted after use, and thus it will lead a
system vulnerability to the attack.
A typical example of improper deallocation is the deletion of a file
from a disk. In practice, most of the operating systems do not
actually erase the file data from the disk, instead they just simply
deallocate the occupied sectors from the allocation tables. A
deletion is not completed until the location of that file on the disk
is overwritten entirely with certain patterns.
Improper Deallocation
7/28/2021 (c) Dr. Jyoti Lakhani
10. According to CERT (Computer Emergency Response Team)-
1. The VERDICT cannot be used to identify and classify the day-to-
day new attacks.
2. It is general and abstract and does not give a description of
attacks in terms of viruses, worms, Trojans and malwares,
which is how the attacks are usually described in reality.
Limitation of VERDICT Taxonomy
7/28/2021 (c) Dr. Jyoti Lakhani
11. Hansman’s taxonomy is more complete and practical, which
includes four dimensions:
Hansman’s taxonomy
1st
dimension
• Main behavior of the attack
2nd
dimension
• Classification of the attack targets
3rd
dimension
• Classifying vulnerabilities and exploits the
attackers use
4th
dimension
• Payloads for an attack to have an effect
beyond itself
7/28/2021 (c) Dr. Jyoti Lakhani
14. The CVE project is designed to
produce common definitions of
vulnerabilities which is originally
proposed by Mann and Christey.
identifies
Vulnerabilities & Exploits
Third Dimension
7/28/2021 (c) Dr. Jyoti Lakhani
Since vulnerabilities are wide and
varied, they usually apply to specific
versions of a piece of software or
operating systems. Once
vulnerabilities that an attack exploits
are known, the relevant CVE entries
can be found.
Classified as
CVE
Common
Vulnerabilities
and Exposures
Hansman’s Taxonomy
Click above image to follow link
15. Different payloads may have different effects beyond that attack
itself
For example, a worm attack may have a Trojan payload. As a
result, the taxonomy allows for attacks classified in first
dimension to launch other attacks defined in the fourth
dimension.
7/28/2021 (c) Dr. Jyoti Lakhani
Hansman’s Taxonomy deals with
Attack Payload
Fourth Dimension
16. 7/28/2021 (c) Dr. Jyoti Lakhani
Hansman’s Taxonomy deals with
Attack Payload
Fourth Dimension
The payloads are classified into five categories in the fourth
dimension, namely first dimension attack payload.
1. Corruption of information
2. Disclosure of information
3. Theft of service
4. Subversion
17. The first dimension attack payload is defined according to the
attack class in the first dimension.
The corruption of information payload alters or destroys some
information.
The disclosure of information payload discloses information
without the authorization of the victim.
The theft of service payload access services of systems without
any authorization and without any impact on the services of
legitimate users as well.
The subversion occurs when the payload can gain control over
part of the target and then use it for its own purpose.
7/28/2021 (c) Dr. Jyoti Lakhani
First dimension attack payload
18. Self-replicating program that attach itself to an existing program
and infects a system without permission or knowledge of the
user.
7/28/2021 (c) Dr. Jyoti Lakhani
Virus
Worm
Self-replicating program that propagates through network
services on computers without any intervention of users.
19. Trojan
A piece of program made to perform a certain benign action, but
in fact perform different code for malicious purpose.
7/28/2021 (c) Dr. Jyoti Lakhani
Buffer overflow
A process that gains control or crashes another process by
overwriting the boundary of a fixed length buffer.
20. Denial of Service (DoS)
An attack which prevents intended legitimate users from
accessing or using a computer or network resource.
7/28/2021 (c) Dr. Jyoti Lakhani
Network Attack
An attack that crash the users on the network or the network
itself through manipulating network protocols, ranging from
the data-link layer to the application layer.
21. Physical Attack
An attack that attempts to damage physical components of a
network or computer.
7/28/2021 (c) Dr. Jyoti Lakhani
Password Attack
An attack that aims to gain a password and is usually
indicated by a series of failed logins within a short period of
time.
22. Information Gathering Attack
An attack that gathers information or finds known
vulnerabilities by scanning or probing existing computer
networks.
7/28/2021 (c) Dr. Jyoti Lakhani