Attack Patterns: A New Forensic and Design Tool
ABSTRACT A pattern is an encapsulated solution to a problem in a given context that can be used to guide system design and evaluation. Analysis, design and architectural patterns are established formalisms for designing high quality software. Security patterns guide the secure design of systems by providing generic solutions that prevent a variety of attacks. This paper presents an attack pattern, a new type of pattern that is specified from the point of view of an attacker. The pattern describes how an attack is performed, enumerates the security patterns that can be applied to defeat the attack, and describes how to trace the attack once it has occurred. An example involving DoS attacks on VoIP networks is used to demonstrate the value of the formalism to security designers and forensic investigators. Full Text at Springer, may require registration or fee
- SourceAvailable from: Yoshiaki Fukazawa[Show abstract] [Hide abstract]
ABSTRACT: The activity of the secure system development can be supported by reusing extensive knowledge accumulated about security in the form of security patterns. There are a number of catalogs of security patterns available on WWW and literatures; however all of relations among security pat-terns are closed in each pattern catalog. Moreover even in each catalog, the author of the catalog might have over-looked useful relations among patterns belonging to the same catalog. This situation makes the selection and appli-cation of the right pattern for each security development ac-tivity a daunting task. To acquire such useful but overlooked relations in each catalog and cross-cutting relations over different catalogs, we have applied our technique for the automatic pattern relation analysis to a set of security pat-terns. Our technique utilizes existing text processing tech-niques to extract patterns from documents and to calculate the strength of pattern relations. As a result of experimen-tal evaluations, it is found that our technique can extract appropriate relations in each security pattern catalog and over different catalogs, without information on relations de-scribed in original pattern documents. These newly found relations will be useful for retrieving, selecting, and com-bining security patterns.
- [Show abstract] [Hide abstract]
ABSTRACT: We discuss a systematic approach to network forensic collection and analysis of data in converged networks. Since attacks cannot be completely avoided, it is necessary to have appropriate forensics systems. Upon integration into a network forensic infrastructure, we expect this forensic model will enable a faster response and more structured investigations of Voice over IP (VoIP)-based network attacks. Keywords—forensic patterns, network architecture, software architecture, Voice over IP.01/2010;