Authors: Paulo Roberto da Paz Ferraz Santos, Paulo Angelo Alves Resende, João José Costa Gondim, André Costa Drummond
Published: 2025-02-13
DOI: 10.1145/3717606
Source: Full article
Cyber attacks have become a growing threat in today’s interconnected society, and taxonomies play a crucial role in understanding and preventing these attacks. However, the lack of comprehensive assessment methods for evaluating attack taxonomies represents a significant gap in the literature, hindering their development and applicability. This article aims to address this gap by conducting a survey of 20 attack taxonomies published between 2011 and 2022 and evaluating them with a novel set of qualitative and quantitative assessment criteria, grounded in fundamental taxonomy requirements and key structural attributes. In pursuit of clear and objective assessment criteria, the authors investigated the main taxonomy properties in the literature, identifying dependencies and relationships. This investigation extracted the fundamental requirements for a relevant and widely accepted attack taxonomy in the cybersecurity community. Noteworthy structural aspects, such as organization, scheme, labeling, and approach, are also addressed, considering their impact on taxonomy effectiveness and applicability constraints. Finally, the article poses some open questions and challenges, along with suggestions for future research directions.