A Novel Approach for Network Attack Classification Based on Sequential Questions

TL;DR

This paper introduces a sequential question-answer based model for classifying network attacks, aiming to create a general taxonomy that improves understanding and response to diverse threats.

Contribution

It proposes a novel attack classification framework using four key questions, enhancing attack detection and providing practical guidelines for network security.

Findings

Effective classification of traditional network attacks.

Improved attack understanding and threat grouping.

Practical guidelines for attack mitigation.

Abstract

With the development of incipient technologies, user devices becoming more exposed and ill-used by foes. In upcoming decades, traditional security measures will not be sufficient enough to handle this huge threat towards distributed hardware and software. Lack of standard network attack taxonomy has become an indispensable dispute on developing a clear understanding about the attacks in order to have an operative protection mechanism. Present attack categorization techniques protect a specific group of threat which has either messed the entire taxonomy structure or ambiguous when one network attacks get blended with few others attacks. Hence, this raises concerns about developing a common and general purpose taxonomy. In this study, a sequential question-answer based model of categorization is proposed. In this article, an intrusion detection framework and threat grouping schema are proposed on the basis of four sequential questions (Who, Where, How and What). We have used our method for classifying traditional network attacks in order to identify initiator, source, attack style and seriousness of an attack. Another focus of the paper is to provide a preventive list of actions for network administrator as a guideline to reduce overall attack consequence. Recommended taxonomy is designed to detect common attacks rather than any particular type of attack which can have a practical effect in real life attack classification. From the analysis of the classifications obtained from few infamous attacks, it is obvious that the proposed system holds certain benefits related to the prevailing taxonomies. Future research directions have also been well acknowledged.