A Taxonomy of Network and Computer Attacks Based on Responses

In order to solve the problem of building corresponding relationship between attacks and responses scientifically in AIR (Automated Intrusion Response) systems, a taxonomy of network and computer attacks based on response is proposed in this paper. Through analyzing existing researches in attack classification and the special need in intrusion response, the new attack taxonomy is constructed by classifying attacks into three main dimensions and subdividing them from the perspectives of response. The first dimension is aimed to classify localities attacks initiate, the second dimension covers all possible methods attackers adopt, and the classification criteria of the third dimension is selected to highlight harms attacks cause. Through using this taxonomy, the relationship between responses and attacks in AIR systems is built successfully. A case study applies it to typical attacks demonstrates its usefulness. Empirical results show this taxonomy is practicable and useful.