A review of classification methods for network vulnerability

Classification of network vulnerability is critical to detection and risk analysis of network vulnerability. A broad range of classification methods have been proposed in literature. This paper reviews a total of 25 selected approaches and identifies the differences and relations among them. It also points out some open issues for research in this field.

[1]  Albert Endres,et al.  An analysis of errors and their causes in system programs , 1975, IEEE Transactions on Software Engineering.

[2]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[3]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[4]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[5]  Amit M. Paradkar,et al.  A software flaw taxonomy: aiming tools at security , 2005, SESS@ICSE.

[6]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[7]  Wenliang Du,et al.  Categorization of Software Errors that led to Security Breaches , 1998 .

[8]  Simon Luke Hansman,et al.  A Taxonomy of Network and Computer Attack Methodologies , 2003 .

[9]  Eugene H. Spafford,et al.  Software vulnerability analysis , 1998 .

[10]  Glen Mullineux,et al.  Failure modes analysis of organizational artefacts that protect systems , 2004 .

[11]  Wenliang Du,et al.  Testing for software vulnerability using environment perturbation , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[12]  M. Bishop Vulnerabilities Analysis , 1967 .

[13]  Dennis Hollingworth,et al.  Protection Analysis: Final Report , 1978 .

[14]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[15]  Eugene H. Spafford,et al.  Computer Vulnerability Analysis , 1998 .

[16]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[17]  Ronald D. Williams,et al.  Taxonomies of attacks and vulnerabilities in computer systems , 2008, IEEE Communications Surveys & Tutorials.

[18]  R. P. Abbott,et al.  Security Analysis and Enhancements of Computer Operating Systems , 1976 .

[19]  Frank Piessens,et al.  A taxonomy of causes of software vulnerabilities in Internet software , 2002 .

[20]  G. F. G. O'Shea,et al.  Operating system integrity , 1991, Comput. Secur..

[21]  William S. McPhee Operating System Integrity in OS/VS2 , 1974, IBM Syst. J..

[22]  P. K. Aditya,et al.  A Grammar Based Fault Classification Scheme and its Application to the Classification of the Errors , 1995 .