Abstract
With the development of incipient technologies, user devices becoming more exposed and ill-used by foes. In upcoming decades, traditional security measures will not be sufficient enough to handle this huge threat towards distributed hardware and software. Lack of standard network attack taxonomy has become an indispensable dispute on developing a clear understanding about the attacks in order to have an operative protection mechanism. Present attack categorization techniques protect a specific group of threat which has either messed the entire taxonomy structure or ambiguous when one network attacks get blended with few others attacks. Hence, this raises concerns about developing a common and general purpose taxonomy. In this study, a sequential question-answer based model of categorization is proposed. In this article, an intrusion detection framework and threat grouping schema are proposed on the basis of four sequential questions (“Who”, “Where”, “How” and “What”). We have used our method for classifying traditional network attacks in order to identify initiator, source, attack style and seriousness of an attack. Another focus of the paper is to provide a preventive list of actions for network administrator as a guideline to reduce overall attack consequence. Recommended taxonomy is designed to detect common attacks rather than any particular type of attack which can have a practical effect in real life attack classification. From the analysis of the classifications obtained from few infamous attacks, it is obvious that the proposed system holds certain benefits related to the prevailing taxonomies. Future research directions have also been well acknowledged.
Highlights
Network attack classification is the process of grouping network attacks to specific subgroups in order to determine similar types of attack in future
This study proposes, a new approach that is constructed on the sequential questions: ‘Who’, ‘Where’, ‘How’ and ‘What’
This taxonomy is completely different approach than existing attack classification practices which is based on consecutive questions
Summary
Network attack classification is the process of grouping network attacks to specific subgroups in order to determine similar types of attack in future. The purpose of this classification is that it can help us to know more detail about the network attack characteristics like origins, scopes, initiator and seriousness of an attack. Before defining a classification for network attacks, it is important to define the requirements which must be compiled with the new classification [10]. It is difficult to prove a classification has accomplished, but it could be accepted based on the successful categorization of the actual attacks. Useful [12,13]: A useful classification could be used in the network field, or security field, or other related fields
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call