Taxonomy of Attacks

A taxonomy defines what data is to be recorded and how like and unlike samplings are to be distinguished. Taxonomy of attacks is a classification system that categorizes various types of cyber attacks. It provides a framework to understand and analyze different types of cyber attacks.

Classification by Attack Vector

Attack Vector refers to the method or path through which a cyber attack is launched. The classification by Attack Vector categorizes attacks based on how they are delivered or deployed. This categorization helps in understanding the way attacks are carried out and enables organizations to develop effective defense mechanisms.

• Email: Cyber attackers use malicious emails to launch phishing attacks or to deliver malware to the target system.
• Malware: Attackers use malware, such as viruses, Trojans, and ransomware, to infect systems and steal data or to disrupt operations.
• Social Engineering: Attackers use social engineering techniques such as deception, trickery, or manipulation to gain unauthorized access to systems or data.

Classification by Operational Impact

This categorizes attacks based on the impact they have on the operations and functions of the targeted system or organization. The types of operational impacts include:

• Denial of Service (DoS): An attack that overwhelms a server or network resource to make it unavailable to its intended users.
• Distributed Denial of Service (DDoS): An attack that uses multiple systems to flood a server or network with traffic, rendering it unavailable.
• Data Theft: Attackers steal sensitive data such as personal information, financial data, or intellectual property.

Classification by Defense

This categorizes attacks based on the effectiveness of the defense mechanism or security measures in place to prevent or mitigate the attack. Examples of defense mechanisms include firewalls, intrusion detection systems, and access control policies. We provide the possibility of using both mitigation and remediation when classifying attack defenses, as an attack could be first mitigated before a remediation can occur.

Classification by Informational Impact

This classification categorizes attacks based on the type of information targeted by attackers. The types of informational impacts include:

• Confidentiality: Attackers gain unauthorized access to sensitive information.
• Integrity: Attackers alter or destroy information, making it unreliable or unusable.
• Availability: Attackers disrupt or prevent access to information, making it unavailable to authorized users.

Classification by Attack Target

Classification by Attack Target classifies attacks based on the type of entity or organization that is targeted. The types of targets include:

• Network: Target a particular network or gain access through a vulnerability within a network or one of the network protocols.
• Local: An attack targeting a user’s local computer.
• User: An attack against a user is an attack to retrieve a user’s personal information.
• Application: An attack towards specific software. An application can be either client or server.