[Howard97] John D. Howard, An Analysis Of Security
Incidents On The Internet - 1989 - 1995 Engineering and Public Policy
dissertation, Carnegie-Mellon University, April 7, 1997. Pittsburgh,
Pennsylvania 15213 USA [This research analyzed trends in Internet
security through an investigation of 4,299 security-related incidents on
the Internet reported to the CERT. Coordination Center (CERT./CC) from
1989 to 1995. Prior to this research, our knowledge of security
problems on the Internet was limited and primarily anecdotal. This
information could not be effectively used to determine what government
policies and programs should be, or to determine the effectiveness of
current policies and programs. This research accomplished the
following: 1) development of a taxonomy for the classification of
Internet attacks and incidents, 2) organization, classification, and
analysis of incident records available at the CERT./CC, and 3)
development of recommendations to improve Internet security, and to
gather and distribute information about Internet security. With the
exception of denial-of-service attacks, security incidents were
generally found to be decreasing relative to the size of the Internet.
The probability of any severe incident not being reported to the
CERT./CC was estimated to be between 0incident would be reported if it was above average in terms of duration
and number of sites, was around 1 out of 2.6. Estimates based on this
research indicated that a typical Internet domain was involved in no
more than around one incident per year, and a typical Internet host in
around one incident every 45 years. The taxonomy of computer and
network attacks developed for this research was used to present a
summary of the relative frequency of various methods of operation and
corrective actions. This was followed by an analysis of three
subgroups: 1) a case study of one site that reported all incidents, 2)
22 incidents that were identified by various measures as being the most
severe in the records, and 3) denial-of-service incidents. Data from
all incidents and these three subgroups were used to estimate the total
Internet incident activity during the period of the research. This was
followed by a critical evaluation of the utility of the taxonomy
developed for this research. The analysis concludes with
recommendations for Internet users, Internet suppliers, response teams,
and the U.S. government.]
Drill Down
fc@red.all.net