Cyber attacks have recently become both increasingly numerous and very sophisticated. In the context of this project, several threads are dedicated to designing the underlying technologies for advanced anomaly detection mechanisms. These threads have one main concept in common: Cyber attacks.
Cyber attacks, however, can vary significantly depending on whether they target the user space, kernel space, the network, etc. It would therefore be beneficial to better understand and classify the types of cyber attacks and their impact on the various components of a system. There exist a number of studies in the literature that classify cyber attacks but these studies seem to focus on network attacks only.
The objective of this sub-project is on the provisioning of a method for the analysis and categorization of host-based system level cyber attacks with a focus on the Linux kernel space attacks. The ultimate goal is to provide assistance in detecting and mitigating such attacks, improving host system security as well as providing consistency in describing types of attacks and the way they can infiltrate the system.
Such a classification is designed to be useful to many studies, such as the one currently undertaken at Concordia and Laval Universities in the context of this project, which revolve around designing security defense mechanisms. Different research teams could use the taxonomy to communicate more effectively as the taxonomy would provide a common classification scheme.
Tasks:
- Review and analysis of existing taxonomies of attacks along with their pros and cons.
- The design of an attack classification scheme with a focus on the Linux kernel and its interfaces.
- An evaluation of the classification scheme by applying it to a number of known attacks.
- Redaction of a report describing lessons learned and obtained results (including recommendations)