"... In PAGE 3: ... A passive attack obtains data exchanged in the network without disrupting the operation of the communications, while an active attack involves information interruption, mod- ification, or fabrication, thereby disrupting the normal functionality of a MANET. Table1 shows the general taxonomy of security attacks against MANET. Exam- ples of passive attacks are eavesdropping, traffic analysis, and traffic monitoring.... ..."

"... In PAGE 4: ...rivileges and poor security practices (e.g. connecting to restricted web sites, downloading restricted material, using telnet instead of ssh) are not included in Table 1 because these behaviors are site-specific and can be detected using traffic monitor- ing. Table2 shows the importance of these three attack types by considering the poten- tial damage, the most common local site-specific response, the response cost, and the effect of the response on other, future attackers, who launch an identical attack against the same victim. This table applies only to known old attacks where software patches are available to prevent exploitation of the known vulnerability.... In PAGE 4: ... Episodic DoS attacks are included in this row because they have similar characteris- tics to remote-to-local attacks. This paper focuses on detection of successful remote-to-local attacks in the first row of Table2 because these are the most damaging and have enabled recent world- wide Internet security incidents including many worms and DDoS attacks [2,3,6,7,8,12,23]. As indicated, detecting these attacks as they occur allows system administrators to react by shutting down and cleaning up the compromised systems and protecting against future attacks by installing software upgrades and patches.... In PAGE 5: ... Detecting the initial remote connection simplifies the response and lessens the damage. The next two rows in Table2 contain failed remote-to-local and failed episodic DoS attacks (often called probes) and scan or reconnaissance attacks. Both types of attacks provide an attacker with information about remote hosts and network services but do no damage to the victim.... In PAGE 5: ... It will also not block an attacker who uses public lists of IP addresses to find target machines or an attacker who falsi- fies the source IP address for probes. A non-local response not shown in Table2 is to contact the system administrator of the external scanning machine. This can be ex- Table 2.... In PAGE 6: ... Detecting probes and scans thus provides some situation awareness and protection from simple attacks from the same source, but it does not usually protect against future attacks of the same type from different sources. Continuous DoS attacks are the third category in Table2 . Distributed DoS (DDoS) attacks where the attacker first compromises many hosts using remote-to-local attacks and installs agents that simultaneously send packets to one victim have become a major concern in the past few years [6].... ..."

"... In PAGE 13: ... There are many interrelated factors that determine how many instances of a given subsystem appear in the solution. Table3 suggests motivations for instan- Table 2 Mapping design objectives to security subsystems Security Design Objectives Audit Integrity Access Control Flow Control Credentials/ Identity Control access to systems/processes S S R S S Control access to information S S S R R Control the flow of information S S S R S Correct and reliable component operation S R S S S Prevent/mitigate attacks R R R R S Accountability through trusted identity R R S S R Prevent/mitigate fraud R R R R R Figure 8 The normal and peril IT business process flow USERS OR PROCESSES ACTING INAUTHORIZED ROLES IDENTITY AND PERMISSIONS IN ORDER TO IDENTITY AND PERMISSIONS IN ORDER TO AUTHORIZATION TO INVOKE OR COMMUNICATE WITH PROCESSES THAT ACCESS OPERATE UPON TRANSFER DISTRIBUTE ACCESS OPERATE UPON TRANSFER DISTRIBUTE INFORMATION ASSETS REQUEST AND RECEIVE ACTING IN ROLES (EITHER) CREDENTIALS THAT CONVEY ACQUIRE, PRESENT, AND USE CREDENTIALS THAT CONVEY ACQUIRE, PRESENT, AND USE REQUEST AND RECEIVE OR CIRCUMVENT AUTHORIZATION TO INVOKE OR COMMUNICATE WITH OR OBSERVE FLOWS RELATED TO PROCESSES THAT INFORMATION ASSETS USERS OR PROCESSES OR OTHERS AUTHORIZED OR UNAUTHORIZED IBM SYSTEMS JOURNAL, VOL 40, NO 3, 2001... ..."

"... In PAGE 7: ... An example of a network attack is an RPC buffer overflow. Table1 : Access Vector Scoring Evaluation 2.1.... In PAGE 12: ... It is a signal to the equation to skip this metric. Table1 0: Collateral Damage Potential Scoring Evaluation Clearly, each organization must determine for themselves the precise meaning of slight, moderate, significant, and catastrophic. 2.... In PAGE 12: ... It is a signal to the equation to skip this metric. Table1 1: Target Distribution Scoring Evaluation 2.3.... In PAGE 13: ... It is a signal to the equation to skip this metric. Table1 2: Security Requirements Scoring Evaluation In many organizations, IT resources are labeled with criticality ratings based on network location, business function, and potential for loss of revenue or life.... In PAGE 14: ... The base, temporal, and environmental vectors are shown below in Table 13. Metric Group Vector Base AV:[L,A,N]/AC:[H,M,L]/Au:[M,S,N]/C:[N,P,C]/I:[N,P,C]/A:[N,P,C] Temporal E:[U,POC,F,H,ND]/RL:[OF,TF,W,U,ND]/RC:[UC,UR,C,ND] Environmental CDP:[N,L,LM,MH,H,ND]/TD:[N,L,M,H,ND]/CR:[L,M,H,ND]/ IR:[L,M,H,ND]/AR:[L,M,H,ND] Table1 3: Base, Temporal and Environmental Vectors For example, a vulnerability with base metric values of Access Vector: Low, Access Complexity: Medium, Authentication: None, Confidentiality Impact: None, Integrity Impact: Partial, Availability Impact: Complete would have the following base vector: AV:L/AC:M/Au:N/C:N/I:P/A:C. 3 Scoring 3.... ..."

"... In PAGE 11: ... Patching software vulnerabilities is done to block those Attacking Paths that are caused by the vulnerabilities. A Suppressing Matrix as illustrated in Table9 demonstrates how some of the popular security practices may affect the Structured Attack Graph. In this sense, the effect of a security practice can be simulated by removing the corresponding attack paths and nodes that this security practice can suppress from the graph.... In PAGE 13: ...VE-2003-0722, and CVE-2004-1351 [24], associated with ThreatKey values of 1.539, 1.157 and 0.984, respectively. Figure 8 Screenshot of Attack Path Calculation Results Step 9 Determine What Type of Attack Path Can Be Suppressed by Each Security Practice We use a Suppressing Matrix as shown in Table9 to summarize the effects of the effectiveness of each alternative security investment plan. Table 9 Suppressing Matrix* (Partial) Security Investment Plans Attack ... ..."

"... In PAGE 6: ... In [22], we compare the costs and benefits of many defenses in- cluding secure nonces, ACK alignment, bandwidth caps, in net- work support, disallowing out of window ACKs, and random pauses. Table1 is a summary of the defenses, and we present the most rel- evant of these solutions in detail below. 4.... ..."