(网络安全数据集二)美国攻击类型数据集通用攻击枚举和分类CAPEC解析

CAPEC 攻击类型枚举和分类数据集解析

CAPEC是常用冲击类型的分类:https://capec.mitre.org/index.html
拿下载到的数据集中某一条攻击类型信息举例: 缓冲区变量溢出攻击

 <Attack_Pattern xmlns:capec="http://capec.mitre.org/capec-3" ID="10" Name="Buffer Overflow via Environment Variables" Abstraction="Detailed" Status="Draft"> 【攻击名称】<Description>This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.</Description>【攻击描述】<Likelihood_Of_Attack>High</Likelihood_Of_Attack>【攻击发生的可能性】<Typical_Severity>High</Typical_Severity>【攻击严重性】<Related_Attack_Patterns><Related_Attack_Pattern Nature="ChildOf" CAPEC_ID="100"/></Related_Attack_Patterns><Execution_Flow>【攻击实施方式】<Attack_Step><Step>1</Step><Phase>Explore</Phase>【探索】<Description>The attacker tries to find an environment variable which can be overwritten for instance by gathering information about the target host (error pages, software's version number, etc.).</Description></Attack_Step><Attack_Step><Step>2</Step><Phase>Experiment</Phase>【实验】<Description>The attacker manipulates the environment variable to contain excessive-length content to cause a buffer overflow.</Description></Attack_Step><Attack_Step><Step>3</Step><Phase>Exploit</Phase>【利用】<Description>The attacker potentially leverages the buffer overflow to inject maliciously crafted code in an attempt to execute privileged command on the target environment.</Description></Attack_Step></Execution_Flow><Prerequisites>【攻击发生条件】<Prerequisite>The application uses environment variables.</Prerequisite><Prerequisite>An environment variable exposed to the user is vulnerable to a buffer overflow.</Prerequisite><Prerequisite>The vulnerable environment variable uses untrusted data.</Prerequisite><Prerequisite>Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer.</Prerequisite></Prerequisites><Skills_Required>【技能要求】<Skill Level="Low">An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.</Skill><Skill Level="High">Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.</Skill></Skills_Required><Indicators><Indicator>If the application does bound checking, it should fail when the data source is larger than the size of the destination buffer. If the application's code is well written, that failure should trigger an alert.</Indicator></Indicators><Consequences>【攻击后果】<Consequence><Scope>Availability</Scope><Impact>Unreliable Execution</Impact></Consequence><Consequence><Scope>Confidentiality</Scope><Scope>Integrity</Scope><Scope>Availability</Scope><Impact>Execute Unauthorized Commands</Impact><Note>Run Arbitrary Code</Note></Consequence><Consequence><Scope>Confidentiality</Scope><Impact>Read Data</Impact></Consequence><Consequence><Scope>Integrity</Scope><Impact>Modify Data</Impact></Consequence><Consequence><Scope>Confidentiality</Scope><Scope>Access Control</Scope><Scope>Authorization</Scope><Impact>Gain Privileges</Impact></Consequence></Consequences><Mitigations>【缓解措施】<Mitigation>Do not expose environment variable to the user.</Mitigation><Mitigation>Do not use untrusted data in your environment variables.</Mitigation><Mitigation>Use a language or compiler that performs automatic bounds checking</Mitigation><Mitigation>There are tools such as Sharefuzz [R.10.3] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow.</Mitigation></Mitigations><Example_Instances>【例子】<Example><xhtml:div style="color:#32498D; font-weight:bold;">Attack Example: Buffer Overflow in $HOME</xhtml:div><xhtml:p>A buffer overflow in sccw allows local users to gain root access via the $HOME environmental variable.</xhtml:p>See also: CVE-1999-0906</Example><Example><xhtml:div style="color:#32498D; font-weight:bold;">Attack Example: Buffer Overflow in TERM</xhtml:div><xhtml:p>A buffer overflow in the rlogin program involves its consumption of the TERM environmental variable.</xhtml:p>See also: CVE-1999-0046</Example></Example_Instances><Related_Weaknesses>【相关弱点】<Related_Weakness CWE_ID="120"/><Related_Weakness CWE_ID="302"/><Related_Weakness CWE_ID="118"/><Related_Weakness CWE_ID="119"/><Related_Weakness CWE_ID="74"/><Related_Weakness CWE_ID="99"/><Related_Weakness CWE_ID="20"/><Related_Weakness CWE_ID="680"/><Related_Weakness CWE_ID="733"/><Related_Weakness CWE_ID="697"/></Related_Weaknesses><References>【参考】<Reference External_Reference_ID="REF-1"/><Reference External_Reference_ID="REF-2"/></References><Content_History>【历史更新】<Submission><Submission_Name>CAPEC Content Team</Submission_Name><Submission_Organization>The MITRE Corporation</Submission_Organization><Submission_Date>2014-06-23</Submission_Date></Submission><Modification><Modification_Name>CAPEC Content Team</Modification_Name><Modification_Organization>The MITRE Corporation</Modification_Organization><Modification_Date>2017-01-09</Modification_Date><Modification_Comment>Updated Related_Attack_Patterns</Modification_Comment></Modification><Modification><Modification_Name>CAPEC Content Team</Modification_Name><Modification_Organization>The MITRE Corporation</Modification_Organization><Modification_Date>2018-07-31</Modification_Date><Modification_Comment>Updated References</Modification_Comment></Modification></Content_History></Attack_Pattern>

(网络安全数据集二)美国攻击类型数据集通用攻击枚举和分类CAPEC解析相关推荐

什么是网络钓鱼，攻击类型和防御？
Phishing is a cybersecurity attack to convince target humans to convince to provide some valuable in ...
攻击类型的攻击次数分布
攻击类型分析 2018 年,主要的攻击类型 1 为 SYN Flood,UDP Flood,ACK Flood,HTTP Flood,HTTPS Flood, 这五大类攻击占了总攻击次数的 96%,反 ...
BigData学习4_内部攻击实验数据集浅析
杨光+吴钰摘要:获取用户行为数据集是内部威胁研究的前提和基础,该文深度调研了当今公开的内部威胁实验数据集,通过分析KDD99.SEA.WUIL以及CERT-IT四种主流的数据集,提出上述数据集的优缺 ...
ML之FE之FS：特征工程/数据预处理—特征选择之利用过滤式filter、包装式wrapper、嵌入式Embedded方法(RF/SF)进行特征选择(mushroom蘑菇数据集二分类预测)最全案例应用
ML之FE之FS:特征工程/数据预处理-特征选择之利用过滤式filter.包装式wrapper.嵌入式Embedded方法(RF/SF)进行特征选择(mushroom蘑菇数据集二分类预测)案例应用利 ...
（！详解 Pytorch实战：①）kaggle猫狗数据集二分类：加载（集成/自定义）数据集
这系列的文章是我对Pytorch入门之后的一个总结,特别是对数据集生成加载这一块加强学习另外,这里有一些比较常用的数据集,大家可以进行下载: 需要注意的是,本篇文章使用的PyTorch的版本是v0. ...
【计算机网络】网络安全 : 计算机网络安全威胁 ( 四种网络攻击类型 | 主动攻击与被动攻击 | 分布式拒绝服务攻击 DDos | 恶意程序 | 计算机网络安全目标)
文章目录一.网络安全内容二.四种网络攻击三.被动攻击与主动攻击四.分布式拒绝服务 DDos 五.恶意程序六.计算机网络安全目标一.网络安全内容网络安全内容 : 网络安全概述对称加密 ...
机器学习——人工神经网络之BP算法编程（python二分类数据集：马疝病数据集）
目录一.理论知识回顾 1.神经网络模型 2.明确任务以及参数 1)待估参数: 2)超参数: 3)任务 3.神经网络数学模型定义 1)激活函数 2)各层权重.阈值定义 3)各层输入输出定义 4.优 ...
网络安全--入侵攻击类型
目录 1.入侵攻击类型介绍 2.侦察/信息收集型 2.1地址扫描 2.2端口扫描 2.3系统探测 2.4漏洞扫描 3.访问类攻击 3.1口令攻击 3.2端口重定向 3.3中间人攻击 3.4Web攻击 ...
鸢尾花数据集、月亮数据集二分类可视化分析
鸢尾花数据集.月亮数据集二分类可视化分析目录鸢尾花数据集.月亮数据集二分类可视化分析一.线性LDA算法 1.LDA算法 2.鸢尾花数据集 2.月亮数据集二.K-Means算法 1.K-Mean ...

(网络安全数据集二)美国攻击类型数据集通用攻击枚举和分类CAPEC解析

CAPEC 攻击类型枚举和分类数据集解析

(网络安全数据集二)美国攻击类型数据集通用攻击枚举和分类CAPEC解析相关推荐

最新文章

热门文章