Classifications can be made according to several criteria. We will review some of them:
Classification as a list of terms
A popular but simplistic classification is a list of defined terms. An example is as follows:
- Cables and signals interception (Wiretapping, Eavesdropping on Emanations);
- Searching deleted files (Dumpster diving);
- Denial of service;
- Software piracy;
- Unauthorized copying of data;
- Degradation of service;
- Traffic analysis;
- HTrap doors;
- Covert channels;
- Viruses and worms;
- Session hijacking;
- Timing attacks;
- Trojan horses;
- IP spoofing;
- Logic bombs;
- Data diddling;
- Password sniffing;
- Excess privileges;
Lists of terms generally do not meet the six characteristics of a satisfactory classification.
First, the terms tend to be mutually exclusive. For example, the terms virus and logic bomb is generally found in these lists, but a virus may contain a logical bomb, so the categories overlap.
Real attackers are also using several methods. As a result, developing a comprehensive list of attack methods do not provide a good classification scheme.
List of categories
A variation in a single list of definitions of terms is a list of categories. There is a division into seven categories:
- Theft of passwords – ways to get passwords from other users;
- Social engineering – convince people to disclose confidential information;
- Programming errors and loopholes allowed special programs – obtaining benefits from systems that do not meet specifications or replacement of compromised software versions;
- Defects of authentication – defeat mechanisms used for authentication;
- Defects protocols – protocols are improperly designed or implemented;
- Leak – use the DNS system to obtain information necessary and proper functioning of the network administrators, but can be used by attackers;
- Denial of service – trying to stop users to use their systems.
Categories of results
Another variation of a list of terms is to group all the attacks in basic categories that describe the results. An example is the alteration, the flow of information and denial of service, where alteration is unauthorized modification of information, leakage is when information reaches the wrong places, and denial of service are unavailability of use networks and computers.
It is also used similar categories, but opposites in terms:
- discretion and confidentiality;
- accuracy, integrity and authenticity;
Except intruders that will only increase access to a computer or network, or intruders using computer or network resources without degrading the service of others (theft of resources), individual attacks can be uniquely associated with one of these categories. But placing all attacks and incidents in a few categories is a classification that provides information and limited understanding.
A variation of categories of theoretical results (a priori) is developing a long list of categories based on a classification of empirical data.
- Stealing external (monitor watching over the shoulder of another person);
- External abuse of resources (destruction of a hard disk);
- Masking (recording and subsequent playback of broadcast on a network);
- Malicious software (installing a program with destructive purposes);
- Avoiding authentication or authorization (password cracking);
- Abuse of authority (falsification of records);
- Report on purpose (intentional mismanagement);
- Abuse indirectly (using another system to create a malicious program).
Classification by action – model focuses only on the information in transit and presents four categories of attacks:
- Adjournment – a good system is destroyed or becomes unusable or unavailable;
- Interception – an unauthorized party gaining access to a good system;
- Change – an unauthorized party not only gains access, but it also changes;
- Forgery – Unauthorized some inserts counterfeit objects into the system.