What are the classification of security attacks in information security?

There are various classification of security attack is as follows −

• Cryptanalytic attacks − These attacks are combination of statistical and algebraic techniques objective at make sure the secret key of a cipher. These technique inspect the numerical properties of the cryptographic algorithms and aims at discovering distinguishers of the output distribution of cryptographic algorithms from the uniform distribution.

• Non-cryptanalytic attacks − Non-cryptanalytic attacks do not exploit the numerical weakness of the cryptographic algorithm. There are three objective of security are confidentiality, integrity and availability can be very much vulnerable by this type of attack.

• Attacks threatening confidentiality − Attacks threatening the confidentiality of information are as follows −

  • Snooping − Snooping define the unauthorized access of data. It can avoid snooping, data is create non-intelligible to the unauthorized entities by using encryption techniques.

  • Traffic analysis − Although through encryption, data is create non-intelligible, an unauthorized user can try to acquire some other type of data by monitoring the online traffic of the network.

• Attacks threatening integrity − Attacks threatening integrity of information are as follows −

  • Modification − It can define after accessing information, the attacker modifies the data to create it beneficial to himself.

  • Masquerading − Masquerading or spoofing appears when one entity pretends to be a different entity.

  • Replaying − In replaying, attacker access a copy of the message sent by a user and next retransmits it to create an unauthorized effect.

  • Repudiation − This attack is implemented by one of the two parties in the communication. The sender of the message can deny that it has sent the message or the receiver of the message can later deny that it has received the message.

• Attacks threatening availability − Attacks threatening availability of information is denial of service.

  Denial of Service − This attack can slow down or absolutely interrupt the service of a system. For instance, a DOS attacker can send too many request to a server and the server crashes due to heavy load.

  This type of attack is inaccessible to counter. The hacker address a request to the server to linked to it. When the server behave with an acknowledgement and tries to make a session, it cannot find the system that make the request.

  By overrun a server with these unanswerable session requests, a hacker create the server to moderate to a crawl or ultimately crash.

  Denial of service attacks are not defined with Kerberos. There are places in these protocols where an intruder can prevent an application from cooperative in the proper authentication process.

  Detection and solution of such attacks (some of which can appear to be notuncommon "normal" failure modes for the system) is frequently best left to the human administration and users.