The ICAT Database

Previous page
Table of content
Next page

NIST also has made a contribution to research in the field of intrusion detection. The ICAT (Internet Categorization of Attacks Toolkit) database is one of the most important NIST achievements in this field. This database, available at http://icat.nist.gov/, merges and indexes attack and vulnerability databases developed by various organizations and centers, including CERIAS, FedCIRC, ISS X-Force, NIAP, SANS, SecurityFocus (formerly Bugtraq and NT Bugtraq), VulDa, etc. Besides the above-mentioned centers, ICAT complements its database with attacks obtained from hacker sites, such as http://www.rootshell.com, http://infilsec.com, and so on.

As a result, NIST has created one of the largest stores of attack and vulnerability descriptions, closely related to the CVE database. By September 9, 2002, this database contained more than 4800 records. Data registered in ICAT, after appropriate investigation, can also be included into the CVE database. In contrast to other databases—particularly the ones described in Chapter 2—ICAT categorizes each vulnerability by 40 different characteristics, including:

  • Manufacturers of vulnerable software or hardware (at the moment of this writing, the number of such manufacturers exceeded 500)

  • Name and version of the software or hardware

  • Risk level (high, medium, or low)

  • The source from which the vulnerability description was obtained (CERT, X-Force, Microsoft, SecurityFocus, etc.)

  • The source for exploiting this vulnerability (local or remote)

  • The type of attack that can be implemented by exploiting this vulnerability (for example, Denial of Service)

  • The result of exploiting this vulnerability (for example, interrupted availability)

  • Vulnerability type (buffer overflow, condition out of range, etc.)

  • Vulnerable operating system(s)

  • Application type (application server, protocol, protocol stack, OS)

  • Record type ("present in CVE," "candidate to CVE")

  • Date when the record was included into the ICAT database

And this is not all. I should mention that, besides the development of the ICAT database, NIST released a document in 2001 outlining requirements to intrusion detection systems [Mell-01].


Previous page
Table of content
Next page
Protect Your Information with Intrusion Detection
Protect Your Information with Intrusion Detection (Power)
ISBN: 1931769117
EAN: 2147483647
Year: 2001
Pages: 152
Authors: A. Lukatsky, Alex Lukatsky
BUY ON AMAZON
MySQL Stored Procedure Programming
High-Speed Signal Propagation[c] Advanced Black Magic
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Managing Enterprise Systems with the Windows Script Host
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy