Common Attack Pattern Enumeration and Classification (CAPEC)
From SCADApedia
The Common Attack Pattern Enumeration and Classification (CAPEC) is an attack taxonomy developed by MITRE for the US Department of Homeland Security. It is largely based on the book Exploiting Software: How to Break Code.
Contents |
CAPEC Goal
The goal of the CAPEC list is to create a list of patterns employed by attackers when compromising systems. These lists are derived from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples. From the CAPEC site, "the objective of this effort is to provide a publicly available catalog of attack patterns along with a comprehensive schema and classification taxonomy." By creating this list developers are more easily able to develop secure code, allowing for a basic blueprint in testing using traditional techniques as well as in house "red teaming."
Structure
The list is maintained in a two tier hierarchical structure. The top tier has eleven categories:
- Abuse of Functionality
- Spoofing
- Probabilistic Techniques
- Exploitation of Authentication
- Resource Depletion
- Exploitation of Privilege/Trust
- Injection
- Data Structure Attacks
- Data Leakage Attacks
- Resource Manipulation
- Time and State Attacks
Entries in the list contain structured data about the attack pattern, including a description, methods of attack, typcial severity, example instances, links to CVE entries, and other fields.
Related Efforts
DHS has a number of related efforts that collect lists of weaknesses and vulnerabilities including:
- Common Weakness Enumeration (CWE) - A list of common weaknesses in software applications.
- Common Vulnerability Enumeration (CVE) - A list of publicly disclosed vulnerabilities
The difference is these lists are not organized into a taxonomy like CAPEC.
Relation to Portaledge
Portaledge is a Digital Bond research project that is aggregating and correlating security events in a PI historian to detect cyber attacks. The CAPEC taxonomy is used in Portaledge to generate a structured set of attacks on the lab network and view the resulting security events from these attacks.
