International Journal of Computer Applications (0975 – 8887) Volume 100– No.5, August 2014 30 ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies Chanchala Joshi Institute of Computer Science Vikram University, Ujjain, M.P. India Umesh Kumar Singh Institute of Computer Science Vikram University, Ujjain, M.P. India ABSTRACT This paper proposed a five dimensional taxonomy ADMIT which captures five major classifiers to characterize the nature of attacks. These are classification by attack vector, classification by defense, classification by method, classification by impact and classification by attack target. The classification structure of proposed taxonomy described the nature of attacks thoroughly. The administrator can use the proposed taxonomy to locate strategies that are appropriate for securing their system against vulnerabilities that can be exploited. Use of ADMIT taxonomy in network defense strategies can improve the overall level of security. Keywords Network security; Vulnerability; Attack taxonomy 1. INTRODUCTION Security threats to computers and networks have been a problem since computers and networks were firstly used. With the rapid growth of the Internet, attacks are no longer limited in computer alone. They have created a global threat, causing great damages in individuals, communities and national security. Network attacks are almost a subset of computer attacks but some network attacks are outside the computer attack domain [1]. For security assessment it is necessary to find and classify these attacks. The first step in understanding attacks is to classify them into a taxonomy based on their characteristics. Taxonomy classifies attack into well-defined and easily understood categories. Such classification can be used for performing a systematic security assessment of a system. Taxonomy provides a way to know about attacks at a level higher than a simple list of vulnerabilities. It provides a classification system that ideally suggests ways to mitigate attacks by prevention, detection and recovery. It can aid risk management by identifying vulnerabilities and making attacker characteristics explicit. Ideally its insights can predict future attacks by exposing unguarded areas. Every attack is performed by someone and every attacker has an identity and the motive of the attack is to do certain thing. An attack targets some service or layer exploiting vulnerability. Each of these attack elements or say dimensions is necessary to understand which includes the whole process of attack. Therefore useful and standard taxonomy should answer the following questions: i. Who is the attacker? ii. How to face the attack? iii. How is it attacked? iv. What are the results? v. What is the target? The proposed taxonomy ADMIT answers the each question in turn. Taken altogether the attack vector, defense, method, impact and the target, describe the nature of attack. ADMIT provides useful information to the network administrator. This paper provides a mean to classify vulnerabilities with their impact and also with defensive strategies. 2. MOTIVATION One of the major problems in computer and network system security assessment is lack of standard vulnerability categorization scheme called taxonomy. A standard vulnerability categorization scheme also aids in finding general trends which are responsible for existence of vulnerabilities. Many of the attempts have been made in this direction in the past but still this issue is unresolved. The overall objective of this research work is to analyze different categories of prominent vulnerability taxonomies to identify the level of abstraction and common factors for standardization of network vulnerability taxonomy. 3. RELATED WORK One of the first taxonomies to be developed was given in RISOS (Research In Secure Operating Systems) project [3]. The RISOS security taxonomy was based on flaws found in three operating systems: IBM’s OS/MVT for the IBM 360, UNIVAC’s 1100 Series operating system and Bolt Beranek and Newman’s TENEX system for the PDP-10. The classification consisted of seven categories. The main contribution of this study was the classification of integrity flaws found in operating systems. It also led to classify the same flaw in multiple categories Protection Analysis (PA) Taxonomy [4] was one of the earliest to address security concerns. The objective of the PA project was to provide a basis for categorizing protection errors according to their security relevant properties using an automated and pattern- matching approach. This taxonomy was based on 100 flaws found in six different operating systems. It had four global categories: improper protection (initialization and enforcement), improper validation, improper synchronization and improper choice of operand or operation. The categories in this taxonomy were broad and the same flaw was classified into multiple categories. The contribution of this study was the introduction of several types of security flaws like allocation or deallocation of residuals and serialization errors that remained relevant. Aslam defined a classification of security faults [5, 6] in the Unix Operating System. He focused on UNIX operating system flaws only and presented three main categories: Operational fault, Environmental fault and Coding fault. Coding faults, comprising faults introduced during software development and Operational faults, resulting from improper installation of software, unexpected integration incompatibilities, or when a programmer fails to completely understand the limitations of the run-time modules. Krsul [7] extends Aslam’s work and developed a detailed taxonomy. Main categories proposed in this taxonomy were: Design, Environmental assumptions, Coding faultsand Configuration errors. In proposed scheme, there is ambiguity in distinguishing between objects and attributes because of