1. Field
The present disclosure relates generally to data processing systems and, in particular, to a method, computer program product, and apparatus for data processing system security. Still more particularly, the present disclosure relates to a method, computer program product, and apparatus for semantically modeling cyberspace attacks.
2. Background
Cyberspace security refers to the processes and mechanisms used to deter, detect, counter, and mitigate cyber-attacks on computers and networks. Cyberspace security may also be referred to as cyber security, information systems security, and computer network security.
A cyber-space attack may be any type of actions for the purpose of disrupting, damaging, tampering, or obtaining un-authorized access to a network data processing system. Cyber-attacks may include, without limitation, a virus, worm, Trojan, malware, spyware, bots, spoofing, pharming, ping sweeps, email spamming, page hijacking, pop-ups, or any of numerous other un-authorized activities associated with a computer or network.
Currently, it is more challenging than ever before to create adequate levels of cyberspace security for protecting software and networked systems due to the increasing size and complexity of software and network systems. In addition, today's attackers have the resources of the entire Internet at their disposal. They may easily gain knowledge through tutorials, cheat sheets, and in-depth discussion from hacker forums. They may also download or otherwise obtain various attack tools easily from web sites, peer-to-peer network, or through emails. Thus, the numbers and sophistication of these attackers continues to increase.
Internet anonymity techniques created to address privacy concerns may also be leveraged by attackers to hide their identities and attack paths. Sophisticated attackers are able to discover new vulnerabilities from widely used software and launch zero-day attacks. As used herein, the term “zero-day attack” refers to the first time a particular attack is launched or a first instance of a particular attack being detected. These attackers typically only have to find a single vulnerability within software to launch an attack.
Therefore, it would be advantageous to have a method, computer program product, and apparatus that takes into account one or more of the issues discussed above, as well as other issues.