CFP last date
20 December 2024
Reseach Article

Identification of Taxonomic Features through Assessment of Existing Taxonomies for Vulnerabilities Identification

by Bindu Dodiya, Umesh Kumar Singh
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 174 - Number 31
Year of Publication: 2021
Authors: Bindu Dodiya, Umesh Kumar Singh
10.5120/ijca2021921250

Bindu Dodiya, Umesh Kumar Singh . Identification of Taxonomic Features through Assessment of Existing Taxonomies for Vulnerabilities Identification. International Journal of Computer Applications. 174, 31 ( Apr 2021), 14-22. DOI=10.5120/ijca2021921250

@article{ 10.5120/ijca2021921250,
author = { Bindu Dodiya, Umesh Kumar Singh },
title = { Identification of Taxonomic Features through Assessment of Existing Taxonomies for Vulnerabilities Identification },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2021 },
volume = { 174 },
number = { 31 },
month = { Apr },
year = { 2021 },
issn = { 0975-8887 },
pages = { 14-22 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume174/number31/31877-2021921250/ },
doi = { 10.5120/ijca2021921250 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:23:36.154600+05:30
%A Bindu Dodiya
%A Umesh Kumar Singh
%T Identification of Taxonomic Features through Assessment of Existing Taxonomies for Vulnerabilities Identification
%J International Journal of Computer Applications
%@ 0975-8887
%V 174
%N 31
%P 14-22
%D 2021
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this age of universal electronic connectivity when world is becoming a global village ,different threats like viruses and hackers, eavesdropping and fraud, undeniably there is no time at which security does not matter. In view of large growing population of vulnerabilities, major challenge is how to prevent exploitation of these vulnerabilities by attackers. The first step in understanding vulnerabilities is to classify them into a taxonomy based on their characteristics. A good taxonomy also provides a common language for the study of the field. Properties and requirements of good taxonomy are described in this paper to lead security experts for the development of secure infrastructure. An analysis of some prominent taxonomies and their valuable aspects are highlighted that can be used to create a complete useful taxonomy. In this paper an assessment of existing taxonomies is carried out so as to uniquely identify the vulnerabilities exist in the system

References
  1. Bugtraq Mailing List, Retrieved in November 2020 from http://www.securityfocus.com/archive
  2. Matt Bishop and David Bailey, “A Critical Analysis of Vulnerability Taxonomies” Tech. Rep. CSE-96-11, Department of Computer Science, University of California at Davis, 1996.
  3. James A. Whittaker and Herbert H. Thompson, How to Break Software Security: Effective Techniques for Security Testing, Addison-Wesley, 2003.
  4. Common Vulnerabilities and Exposures. [Online] https://www.cvedetails.com/browse-by-date.php.(accessed on 18/12/2020 ).
  5. K. Tsipenyuk, B. Chess, andG. McGraw, "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors," IEEE Sec. & Privacy, vol. 3, no. 6, Nov.-Dec. 2005, pp. 81-84.
  6. Lough, Daniel. “A Taxonomy of Computer Attacks with Applications to Wireless Networks,” PhD thesis, Virginia Polytechnic Institute and State University, 2001.
  7. R. P. Abbott et al., "Security Analysis and Enhancements of Computer Operating Systems," Tech. rep. NBSIR 76-1041,L awrence Livermore Lab., Ins!.. for Compo Sci. and Tech.INa!'1. Bureau of Standards, RISOS Project,W ashington, DC, Apr. 1976.
  8. R. Bisbey II and D. Hollingworth, "Protection Analysis: Final Report," ISIISR-78-13, USClInfo. Sci. Inst., Marina Del Rey, CA, May 1978.
  9. C E. Landwehr et al., "A Taxonomy of Computer Program Security Flaws," ACM Comp. Surveys, vol. 26, no. 3, Sept. 1994, pp. 211-2S4.
  10. T. Aslam, "A Taxonomy of Security Faults in the Unix Operating System," M.S. thesis, Dept. of Compo Sci., Purdue Univ., Coast TR 95-09,1995.
  11. I. Krsul, "Software Vulnerability Analysis," Ph.D. dissertation, Purdue Univ.,Coast TR 98-09,1 998.
  12. Howard, John D. and Longstaff, Thomas A. “A Common Language for Computer Security Incidents,” Technical report, Sandia National Laboratories, 1998.
  13. M. Bishop, "A Taxonomy of UNIX System and Network Vulnerabilities," Tech. rep. CSE-9S10, Dept. of Compo Science, UC Davis, May 1995.
  14. W. Du and A. P. Mathur, "Categorization of Software Errors that Led to Security Breaches," Proc. 21st Nat .[ Irifo. Sys. Sec. Con[, 1998.
  15. S. Kamara et aI., "Analysis of Vulnerabilities in Internet Firewalls," Compo & Sec., vol. 22, no. 3,2003,p p. 214-32.
  16. F. Piessens. A taxonomy of causes of software vulnerabilities in internet software[C ]. Supp lementary P roceedings of the 13th International Sympo sium on Software Reliability Engineering,2002.
  17. A. Gray, "An Historical Perspective of Software Vulnerability Management," Irifo. Sec. Teh. Rep., vol. 8, no. 4, Apr. 2003, pp. 34- 44.
  18. K. Jiwnani and M. Zelkowitz, "Maintaining Software with a Security Perspective," Proc. Int'l Con Software Maintenance, 3-6 Oct. 2002, pp. 194--203.
  19. V Pothamsetty and B. Akyol, "A Vulnerability Taxonomy for Network Protocols Corresponding Engineering Best Practice Countermeasures," Proc. 3rd lASTED Int'! Con! Commun. lnternet, and Irifo. Tech., 2004, pp. 168-75
  20. S. Weber, P. A. Karger and A. Paradkar. A Software Flaw Taxonomy.Aiming Tools At Security Software Engineering for Secure Systems-Building Trustworthy Applications (SESS'05) 2005.
  21. Householder, A. D., Seacord, R. C, "A Structured Approach to ClassifYing Security Vulnerabilities," CMu/SEI-200S- TN-Om, January 2005.
  22. S. Hansman and R. Hunt, "A Taxonomy of Network and Computer Attacks," Compo & Sec., vol. 24, no. 1, Feb. 2005, pp. 31-43.
  23. Kjaerland, M., “A taxonomy and comparison of computer security incidents from the commercial and government sectors”.Computers and Security, 25:522–538, October 2005.
  24. Anil Bazazl and James D. Arthur2, Towards A Taxonomy of Vulnerabilities, Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICSS'07), IEEE Computer Society, Hawaii, 2007.
  25. V. M. Igure and R. D. Williams, “Taxonomies of Attacks and vulnerabilities in Computer Systems”, IEEE Communications Surveys & Tutorials 1st Quarter 2008.
  26. Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., & Wu, Q. “AVOIDIT: A Cyber Attack Taxonomy”, University of Memphis, Technical Report CS-09-003, 2009. [Online]. Available: http://issrl.cs.memphis.edu/files/papers/CyberAttackTaxonomy IEEE Mag.pdf
  27. Scott D., Angelos S,” Towards a Cyber Conflict Taxonomy”, 5th International Conference on Cyber Conflict K. Podins, J. Stinissen, M. Maybaum (Eds.), 2013
  28. A. Wood and J. A. Stankovic, “Denial of Service in Sensor Networks,” IEEE Computer, vol. 35,no. 10, Oct. 2002, pp.54–62
  29. Sara Hajin,Faramarz Hendessi,Mehdi Berenjkoub “A taxonomy for Network Vulnerabilities”,International Journal of Information & communication technology volume 2 May 2010
  30. Kejun chen et.al,”Internet –of-Things security and Vulnerabilities:Taxonomy,Challenges,and Practice.Journal of Hardware and System Security(2018).
  31. A.Kardi,R.Zagrouba,M.Alqahtani,”Ataxonomy of Routing Protocols in Wireless Sensor Networks”,Internation journal of Computer and Information Engineering. Volume 10, 2018.
Index Terms

Computer Science
Information Sciences

Keywords

CVE CVSS Taxonomy Vulnerability