Research Of Cyber Attack Classification Base On Asset Identification And Attack Effect

Currently, the quantitative assessment of cyber attacks and cyber attacks Damage Assessment is the hot topic of academic research. In 2008, the U.S. Defense Advanced Research Projects Agency (DARPA) issued a "National Cyber Range Plan", one of the main objectives of the plan is that could qualitative and quantitative assess cyber attack. The next year, the report "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities" released by the U.S. National Academy of Sciences indicate that cyber attacks Damage Assessment is the focus and difficult point in current research of cyber attacks. The same year, the Information Assurance Technology Analysis Center (IATAC) belongs US Department of Defense released a report "Measuring Cyber Security and Information Assurance", which is also clear that need to establish a measurement system for real-time, accurate measurement and assessment of cyber attacks effects.It is very easy to assess the damage effects of attack in Real-world, while cyberspace is a virtual space, because of the hidden aggressive behavior, anonymity, repudiation and other characteristics in cyber attacks, making the attack and its damage effect in cyberspace is difficult to quantitatively assess. This paper research such a classification methods of cyber attack, according to the importance of cyber attacks target the seriousness of direct effect of the cyber attack, to quantify the damage effects of cyber attacks in some extent, that means the attack levels, and finally use it to depict different types of cyber attacks.The main work of this paper includes: First, attack target identification. Draw on relevant national information security standards and specifications, with the help of the thinking of Information Security Evaluation and information security level of protection, base on the asset identification method to identify targets, confirm the importance levels of target.; Second, the objectivity evaluation of cyber attack effects. Dividing direct effect of the cyber attack into five categories include service using, denial of service, system error, fraud information and tamper information, and then of each target, with the process of Delphi method, introduction of nine-point scale method to build comparison matrix during the process, in order to objective assess the severity level of attack effects. Third, divide the type of cyber attack. Making binary function relationship between attack target importance assignment and attack effect seriousness assignment, calculating the final extent value of attack, and learn the way of information security level of protection to classified cyber attacks. Finally, develop case system. These research results of this paper applied to a real project "Cyberwar training and assessment system" (referred to as the CATS system, the software copyright ID: 0219604, the software product registration certificate ID:YuDGY-2010-0104).This paper presents the analysis, design and implementation of CATS, focusing the design, implementation and verification of cyber attack classification method in the system. It verifies the correctness and practicality of classification method, and highlights the meaning and value of the research.