Table 15 Classes of computer attacks
From: Survey of intrusion detection systems: techniques, datasets and challenges
Types of Attack | Explanation | Example |
|---|---|---|
Buffer Overflow | Attacks the buffer’s boundaries and overwrites memory area. | Long URL strings are a common input. Cowan, et al. (1998) |
Worm | Reproduces itself on the local host or through the network. | SQL Slammer, Mydoom, CodeRed Nimda. |
Trojan | Programs appear attractive and genuine, but have malicious code embedded inside them. | Zeus, SpyEye Alazab, et al. (2013) |
Denial of service (DoS) | A security event to disrupt the network services. It is started by forcing reset on the target computers. The users can no longer connect to the system because of unavailability of service. | Buffer overflow, Ping of death (PoD), TCP SYN, smurf, teardrop Zargar, et al. (2013) |
Common Gateway Interface (CGI) Scripts | The attacker takes advantage of CGI scripts to create an attack by sending illegitimate inputs to the web server. | Phishing email; Aljawarneh (2016) |
Traffic Flooding | Attacks the limited size of NIDS to handle huge traffic loads and to investigate for possible intrusions. If a cybercriminal can cause congestion in the networks, then NIDS will be busy in analyzing the traffic. | Denial of Service (Dos) or Distributed Denial of Service (DDoS) Zargar, et al. (2013) |
Physical Attack | Aims to attack the physical mechanisms of the computer system. | Cold boot, evil maid (Pasqualetti et al., 2013). |
Password Attack | Aims to break the password within a small time, and is noticed by a sequence of failures login. | A dictionary attack, Rainbow attack (Das et al., 2014). |
Information Gathering | Gathers information or finds weaknesses in computers or networks by sniffing or searching. | System scan, port scan, (Bou-Harb et al., 2014). |
User to Root (U2R) attack | The cybercriminal accesses as a normal user in the beginning and then upgrades to a super-user which may lead to exploitation of several vulnerabilities of the system. | Intercept packets, rainbow attack, social engineering Rootkit, load module, (Perl Raiyn, 2014). |
Remote to Local (R2L) attack | The cybercriminal sends packets to a remote system by connecting to the network without having an account on the system. | Warezclient, ftp write, multihop,phf, spy, warezmaster, imap (Raiyn, 2014). |
Probe | Identifying the valid IP addresses by scanning the network to gather host data packets. | Sweep, portsweep (So-In et al., 2014) |