attack taxonomies and ontologies
play

Attack Taxonomies and Ontologies Seminar Future Internet - PowerPoint PPT Presentation

Jul 26, 2023 •217 likes •484 views

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Attack Taxonomies and Ontologies Seminar Future Internet Supervisor: Nadine Herold Natascha Abrek 02.10.2014 2013 in Numbers 552 78 62

  1. Lehrstuhl Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Attack Taxonomies and Ontologies Seminar Future Internet Supervisor: Nadine Herold Natascha Abrek 02.10.2014

  2. 2013 in Numbers 552 78 62 PERCENT PERCENT MILLION IDENTITIES OF WEBSITES WITH GROWTH OF DATA BREACHES FROM 2012 EXPOSED VULNERABILITIES New Vulnerabilities SSL and TLS protocol 6,787 2013 renogotiation vulnerabilities were most 5,291 +28% 2012 commonly exploited. Symantec Security Threat Report 2014 2 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  3. Status, Trends and Challenges Affecting Security „ Increased … Traditional security is not sophistication of attacks enough to defend  against the latest number of security vulnerabilities generation of  malware[1]. “ number of network and computer attacks  To protect against attacks we need comprehensive knowledge and understanding of attacks  a distinctive and clear classification of attacks  [1]Gavin Reid, director of threat intelligence for Cisco 3 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  4. Taxonomies A taxonomy is a system of classification which allows the unique identification of object Bishop, M., Bailey, D.;1996 A taxonomy … organizes domain specific information • in a hierarchically structure • over relationships . • 4 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  5. Well-known Taxonomies PLANT KINGDOM Spore Bearing Plants Seed Bearing Plants Algae Mosses Gymnosperms Ferns Flowering Plants … … ANIMAL KINGDOM Unicellular Animals Multicellular Animals Invertebrates Vertebrates … 5 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  6. A Commonly Used Taxonomy 6 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  7. Attack Taxonomy Example J. B. Gao, B. W. Zhang, X. H. Chen, Z. Luo, 2013 7 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  8. Attack Taxonomy Example J. B. Gao, B. W. Zhang, X. H. Chen, Z. Luo, 2013 8 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  9. Attack Taxonomy Example Attack Impact  attack impacts on security principles Attack Vector  path by which an attack is lauched Attack Target  attack targets such as hardware, software or users Vulnerability  weaknesses and flaws of the system Defense  defence and prevention methods 9 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  10. Attack Taxonomy Example Attack Impact  attack impacts on security principles Attack Vector  path by which an attack is lauched Attack Target  attack targets such as hardware, software or users Vulnerability  weaknesses and flaws of the system Defense  defence and prevention methods 10 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  11. Attack Taxonomy Example Attack Impact  attack impacts on security principles Attack Vector  path by which an attack is lauched Attack Target  attack targets such as hardware, software or users Vulnerability  weaknesses and flaws of the system Defense  defence and prevention methods 11 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  12. Attack Taxonomy Example Attack Impact  attack impacts on security principles Attack Vector  path by which an attack is lauched Attack Target  attack targets such as hardware, software or users Vulnerability  weaknesses and flaws of the system Defense  defence and prevention methods 12 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  13. Attack Taxonomy Example Attack Impact  attack impacts on security principles Attack Vector  path by which an attack is lauched Attack Target  attack targets such as hardware, software or users Vulnerability  weaknesses and flaws of the system Defense  defence and prevention methods 13 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  14. Attack Example SQL Slammer A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network. Attack Attack Attak Target Vulnerability Defense Impact Vector Availability UDP MS SQL CVE-2002-0649 Patch Integrity Buffer server 2000 (Implementation) System Overflow (Software - Worm Network) (Malicious code) DoS 14 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  15. Limitations of Taxonomies developed only for specific domains  reusability in other fields difficult  difficult extend or update  inconsistant vocabulary/ no formal language  only represent hierarchical relationships  15 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  16. From Taxonomies to Ontologies An ontology is an explicit specification of conceptualization. Gruber, T. R., 1993 An ontology consists of… classes to describe a domain  slots to describe relationships in a taxonomy  facets to describe restrictions for slots  16 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  17. Ontologies vs. Taxonomies Use hierarchical and semantical  relationships between classes Provide machine interpretable  semantic and syntax (RDF, OWL) They enable easy extension and  sharing of knowledge 17 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  18. Example Ontology Thing Human Animal Woman Man Mother Father 18 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  19. Example Ontology hasChild Thing Human Animal Woman Man hasHusband Mother Father 19 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  20. Example Ontology hasChild Thing Human Animal Woman Man hasHusband Mother Father 1. A woman can have 0 or 1 huband. 2. A human can have 0 or n children. 3. Every mother must have at least 1 child. 20 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  21. Attack Ontology Example The SQL Slammer is a computer worm and has the attack vectors buffer overflow and denial of service. The attack is enabled by the vulnerabilities due to implementation flaws. Threatened targets are networks. If a Slammer attack succeeds he can cause further DoS attacks. J. B. Gao, B. W. Zhang, X. H. Chen, Z. Luo, 2013 21 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  22. Utility of Ontologies Locate IT security vulnerabilities and risks  - Detect vulnerabilities (Vulnerabilities) on system (Attack Target) - Query what attacks can occur based on the ‚ vulnerabilities(Attack Vector) - Determine risks (Attack Impact) - Determine neccessary defense methods (Defense) Uses of other ontologies  - Intrusion Detection Systems (IDS) and application fire walls : Monitoring component collects data(traffic, requests, packets) and alerting system provides response on attempted attack and countermeasures 22 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  23. Conclusion Taxonomies are important building blocks in a full function  information architecture. Ontologies extend taxonomy functionalities by overcoming their  limitiations. A large variety of attack taxonomies and ontologies exists  focusing on different fields of research. Existing taxonomies and ontologies need to be comined to  create a flexible, extensible and standard classification scheme. 23 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  24. Literatur M. Bishop, D. Bailey: A critical analysis of vulnerability taxonomies, California University Davis, Department of Computer Science, 1996 J. B. Gao, B. W. Zhang, X. H. Chen, Z. Luo: Ontology-based model of network and computer attacks for security assessment Journal of Shanghai Jiaotong University (Science), 18. Jg., pages 554-562, 2013 T. R. Gruber: A translation approach to portable ontology specications, Knowledge acquisition, 5. Jg., Nr. 2, pages 199-220, 1993 J. Undercoer, A. Joshi, J. Pinkston: Modeling computer attacks: An ontology for intrusion detection, In: Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, pages 113-135, 2003 R. P. van Heerden, B. Irwin, I. D. Burke: Classifying network attack scenarios using an Ontology, In: Proceedings of the 7th International Conference on Information Warfare and Security. Academic Conferences Limited, pages 331-324, 2012 24 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

  25. Contact Fakultät für Informatik Natascha Abrek abrek@in.tum.de Informatik VIII: Lehrstuhl für Netzarchitekturen und Netzdienste 25 ATTACK TAXONOMIES AND ONTOLOGIES HIER THEMA EINTRAGEN

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ontologies for NLP NLP for Ontologies FOIS 2014 - LogOnto Workshop on Logics and Ontologies for

Ontologies for NLP NLP for Ontologies FOIS 2014 - LogOnto Workshop on Logics and Ontologies for

Ontologies for NLP NLP for Ontologies FOIS 2014 - LogOnto Workshop on Logics and Ontologies for Natural Language Overview NLP for Ontologies Ontologies for NLP Portuguese resources Research at PUCRS Introduction We think and we

757 views • 71 slides
A Similarity Measure for Formal Ontologies with an application to ontologies of a geographic kind

A Similarity Measure for Formal Ontologies with an application to ontologies of a geographic kind

A Similarity Measure for Formal Ontologies with an application to ontologies of a geographic kind Mark Hall Midflight presentation for the master thesis 27 .01.2006 Overview I Topic Evaluation of data instance statistics Progress &

566 views • 13 slides
Higher Levels of Learning Diana Skrzydlo, Continuing Lecturer Outline Learning Taxonomies

Higher Levels of Learning Diana Skrzydlo, Continuing Lecturer Outline Learning Taxonomies

Designing Exams to Test Higher Levels of Learning Diana Skrzydlo, Continuing Lecturer Outline Learning Taxonomies Assessment is Curriculum Higher Level Questions Examples How you can use these ideas Learning Taxonomies

283 views • 17 slides
Formal rmal Foundations oundations of of Ontologies Ontologies and and Reasoning Reasoning

Formal rmal Foundations oundations of of Ontologies Ontologies and and Reasoning Reasoning

Formal Ontologies Introduction to DLs Formal rmal Foundations oundations of of Ontologies Ontologies and and Reasoning Reasoning Ivan Ivan Varzinczak rzinczak Universit dArtois & CNRS, France http://www.ijv.ovh Ivan

1.3k views • 101 slides
Formal rmal Foundations oundations of of Ontologies Ontologies and and Reasoning Reasoning

Formal rmal Foundations oundations of of Ontologies Ontologies and and Reasoning Reasoning

Making Statements DL Knowledge Bases Entailment in DLs Formal rmal Foundations oundations of of Ontologies Ontologies and and Reasoning Reasoning Ivan Ivan Varzinczak rzinczak Universit dArtois & CNRS, France

896 views • 74 slides
Ontologies: Weather and Ontologies: Weather and Flight Information Kajal Claypool Kelly Moran

Ontologies: Weather and Ontologies: Weather and Flight Information Kajal Claypool Kelly Moran

Ontologies: Weather and Ontologies: Weather and Flight Information Kajal Claypool Kelly Moran y MIT Lincoln Laboratory 1 This work was sponsored by the Federal Aviation Administration under Air Force Contract No. FA8721-05-C-0002. Opinions,

719 views • 39 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Listening to Programmers Taxonomies and Characteristics of Comments in Operating System Code

Listening to Programmers Taxonomies and Characteristics of Comments in Operating System Code

Listening to Programmers Taxonomies and Characteristics of Comments in Operating System Code written by Yoann Padioleau, Lin Tan and Yuanyuan Zhou talk by Gerd Zellweger Software Engineering Seminar SS10 ETH Z urich March 9, 2010

510 views • 30 slides
Software taxonomies Patterns, styles, tactics,... School of Computer Science Jose E. Labra Gayo

Software taxonomies Patterns, styles, tactics,... School of Computer Science Jose E. Labra Gayo

Software Architecture University of Oviedo Software taxonomies Patterns, styles, tactics,... School of Computer Science Jose E. Labra Gayo Course 2018/2019 Software Architecture Software taxonomies University of Oviedo Construction &

1.29k views • 106 slides
over Taxonomies Yodsawalai Chodpathumwan University of Illinois at Urbana-Champaign Ali Vakilian

over Taxonomies Yodsawalai Chodpathumwan University of Illinois at Urbana-Champaign Ali Vakilian

Cost-Effective Conceptual Design over Taxonomies Yodsawalai Chodpathumwan University of Illinois at Urbana-Champaign Ali Vakilian Massachusetts Institute of Technology Arash Termehchy, Amir Nayyeri Oregon State University Users have to query

759 views • 30 slides
over Taxonomies Yodsawalai Chodpathumwan University of Illinois at Urbana-Champaign Ali Vakilian

over Taxonomies Yodsawalai Chodpathumwan University of Illinois at Urbana-Champaign Ali Vakilian

Cost-Effective Conceptual Design over Taxonomies Yodsawalai Chodpathumwan University of Illinois at Urbana-Champaign Ali Vakilian Massachusetts Institute of Technology Arash Termehchy, Amir Nayyeri Oregon State University Most information

704 views • 24 slides
TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture

TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture

TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture plan Test planning (ISO/IEC/IEEE 29119) Scripted vs Exploratory testing Defect taxonomies (ISO/IEC/IEEE 1044) 4 Scripted testing Testing

492 views • 46 slides
TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture

TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture

TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture plan Test planning (ISO/IEC/IEEE 29119) Scripted vs Exploratory testing Defect taxonomies (ISO/IEC/IEEE 1044) 4 Scripted testing Testing

750 views • 47 slides
On Flat versus Hierarchical Classification in Large-Scale Taxonomies R. Babbar, I. Partalas,

On Flat versus Hierarchical Classification in Large-Scale Taxonomies R. Babbar, I. Partalas,

On Flat versus Hierarchical Classification in Large-Scale Taxonomies R. Babbar, I. Partalas, E. Gaussier, M.-R. Amini Gargantua (CNRS Mastodons) - November the 26 th , 2013 2/21 Challenges Proposed approach Hierarchy Pruning Experiments

588 views • 21 slides
Creating and Using Taxonomies to Support Implementation of High Impact Practices (rise.iupui.edu/

Creating and Using Taxonomies to Support Implementation of High Impact Practices (rise.iupui.edu/

Creating and Using Taxonomies to Support Implementation of High Impact Practices (rise.iupui.edu/ taxonom ies) Jennifer Thorington Springer Julie Hatcher Matthew Rust Enrollm ent Research Com m unity Engagem ent 30K students $428.9

432 views • 28 slides
Ontologies & Its Applications Ontologies & Its Applications San Su Lee, Jong Lim, Rami

Ontologies & Its Applications Ontologies & Its Applications San Su Lee, Jong Lim, Rami

Ontologies & Its Applications Ontologies & Its Applications San Su Lee, Jong Lim, Rami Al-Ghanmi San Su Lee, Jong Lim, Rami Al-Ghanmi Outline Outline Introduction to Ontologies Introduction to Ontologies Definition

477 views • 28 slides
Humans: Accident or Inevitable? David W. Siegrist, Ph.D. Presentation to the American

Humans: Accident or Inevitable? David W. Siegrist, Ph.D. Presentation to the American

Humans: Accident or Inevitable? David W. Siegrist, Ph.D. Presentation to the American Scientific Affiliation July 31 2017 Graphic fm Williams, Systems View of Evolution of Life . Approved for Public Release: Case # 17-2223 . Distribution

553 views • 16 slides
tr srt rtr t

tr srt rtr t

tr srt rtr t rs t rs rst

576 views • 33 slides
Computing the moments of the GOE bijectively Olivier Bernardi (MIT) 4 8 2 1 1 2 3

Computing the moments of the GOE bijectively Olivier Bernardi (MIT) 4 8 2 1 1 2 3

Computing the moments of the GOE bijectively Olivier Bernardi (MIT) 4 8 2 1 1 2 3 4 5 6 7 Probability Seminar at MIT, February 2011 Computing the moments of the GOE bijectively Olivier Bernardi (MIT) n 2+3=5; 4 8

1.01k views • 60 slides
Impacts of climate change on the biogeochemistry of the Mediterranean Sea P. Lazzari, G.

Impacts of climate change on the biogeochemistry of the Mediterranean Sea P. Lazzari, G.

ECSAC Workshop Veli Lo inj, 27-30 August 2012 Impacts of climate change on the biogeochemistry of the Mediterranean Sea P. Lazzari, G. Cossarini OGS, Trieste, Italy Outline Mediterranean Sea biogeochemistry Med sea features Primary

674 views • 41 slides
Edgecolored graphs as higher-dimensional maps Valentin Bonzom LIPN, Paris University 13

Edgecolored graphs as higher-dimensional maps Valentin Bonzom LIPN, Paris University 13

Edgecolored graphs as higher-dimensional maps Valentin Bonzom LIPN, Paris University 13 October 17, 2016 RGP2016 Discretization of manifolds 2D discrete surfaces: triangulations, p angulations and combinatorial maps 3D

1.19k views • 51 slides
14.581 International Trade Lecture 24: Trade Policy Theory (II) 14.581 Week 13 Spring

14.581 International Trade Lecture 24: Trade Policy Theory (II) 14.581 Week 13 Spring

14.581 International Trade Lecture 24: Trade Policy Theory (II) 14.581 Week 13 Spring 2013 14.581 (Week 13) Trade Policy Theory (II) Spring 2013 1 / 27 Todays Plan TOT Externality and Trade Agreements 1 Political-Economy

550 views • 28 slides
CSC2556 Lecture 2 Manipulation in Voting Credit for many visuals: Ariel D. Procaccia CSC2556 -

CSC2556 Lecture 2 Manipulation in Voting Credit for many visuals: Ariel D. Procaccia CSC2556 -

CSC2556 Lecture 2 Manipulation in Voting Credit for many visuals: Ariel D. Procaccia CSC2556 - Nisarg Shah 1 Recap Voting voters, alternatives Each voter expresses a ranked preference Voting rule o

768 views • 54 slides
Merger simulation with Stata AKOS REGER 2016 BELGIAN STATA USERS GROUP MEETING, SEPTEMBER 6,

Merger simulation with Stata AKOS REGER 2016 BELGIAN STATA USERS GROUP MEETING, SEPTEMBER 6,

Merger simulation with Stata AKOS REGER 2016 BELGIAN STATA USERS GROUP MEETING, SEPTEMBER 6, BRUSSELS Introduction The presentation is based on the academic article Bjrnerstedt-Verboven, Merger ger Simulat ation n wi with Ne Neste ted

458 views • 14 slides

More recommend