ARTT taxonomy and cyber-attack Framewok

The security of computer systems has become essential especially in front of the critical issues of cyber-attacks that can result in the compromise of these systems because any act on a system intends to harm one of the security properties (Confidentiality, Integrity and availability). Studying computer attacks is also essential to design models of attacks aiming to protect against these attacks by modeling the last ones. The development of taxonomies leads to characterize and classify the attacks which lead to understand them. In computer´s security taxonomy, we can have two broad categories: cyber-attack´s taxonomy and cyber-security taxonomy. In this paper, we propose taxonomy for cyber-attacks according to an attacker vision and the aspect of achieving an attack. This taxonomy is based on 4 dimensions: Attack vector, Result, Type and Target. To generalize our approach, we have used the framework of the Discrete EVent system Specification DEVS. This framework depicts the overall vision of cyber-attacks. To partially validate our work, a simulation is done on a case study of buffer overflow. A DEVS model is described and a simulation is done via this formalism. This case study aims to reinforce our proposal.