常见的攻击模式枚举和分类

About CAPEC

Capec的新手？

Common Attack Pattern Enumerations and Classifications (CAPEC™) can be overwhelming to someone new to cyber-attack patterns. This document offers some tips on how to familiarize yourself with what CAPEC has to offer, before more fully exploring this extensive knowledge base.

在了解CAPEC的同时，如果您不熟悉语料库，则某些术语可能是新的或误解的。在阅读时，请考虑参考glossaryCAPEC中使用的术语。

What is a CAPEC attack pattern?

First, we should describe what an attack pattern is. A good summary can be foundhere。CAPEC条目与普通弱点（CWE™）andCommon Vulnerabilities and Exposures (CVE®)。The differences betweenAdversarial Tactics, Techniques & Common Knowledge (ATT&CK™)，讨论另一个相关的语料库和CAPEChere。

攻击模式基于软件设计模式（请参阅Design Patterns: Elements of Reusable Object-Oriented Software>由Gamma，Helm，Johnson，Vlissides），这是解决常见软件设计问题的常见范例。在这种情况下，攻击模式是攻击者的设计模式。

如上图所示，CAPEC攻击模式通常是一种利用CWE执行攻击的方法。因此，大多数CAPEC条目都包含“执行流” - 逐步指令，以探索潜在目标，实验其资产和防御机制（如果有），然后进行利用。执行流的一个示例如下。

示例攻击模式

Let’s look at a CAPEC entry for the well-known attack pattern — “Using Unpublished Interfaces” — and see how the various properties are useful for understanding attack patterns in general.

第一眼here要完整查看条目。在左上角，在攻击模式ID下，从“演示过滤器”菜单中选择“完整”选项。现在，让我们详细了解条目。

Each CAPEC is associated with a numerical ID. The actual number does not encode any special information, except to indicate when it was added to the corpus. All entries also have a title and a description. A description is a summary of what the attack pattern is about.

攻击模式正在利用的弱点在“相关弱点”部分中列出。

Notice that the mapping between CAPEC entries and CWE weaknesses is not necessarily a one-to-one relationship. The attack pattern could need to exploit all the listed weaknesses, a subset, or just one. Often there are various weaknesses, each of which alone could be used to enable the exploit.

接下来，“执行流”给出了有关如何执行攻击的完整说明。

执行流通常有三个阶段：

• Explore:该阶段描述了寻找潜在攻击目标的各种方法。这三个阶段有时包括一个以上的步骤。每个步骤都建议执行该步骤的各种技术。
• 实验：一旦找到目标，执行流的实验阶段中的技术提出了各种方法来确定该目标是否包含该CAPEC进入希望利用的弱点。
• Exploit:建议进行实际攻击的技术。

请注意，执行流不仅是如何执行攻击，还是如何确定目标是否脆弱。

“后果”部分列出了使用此模式成功攻击的后果。

要注意的一个重要的事情是，Capec条目不是基于攻击的后果，而是基于如何利用弱点来引起后果。例如，没有CAPEC拒绝服务（DOS）。有许多攻击模式可用于引起DOS，但这是攻击的结果，而不是用于导致后果的模式。

Real world examples (actual or theoretical) are often helpful to understand how an attack pattern can be used. Here is an example of “Example Instances” from this CAPEC.

上学entries are presented using views, which are pre-defined arrangements of all the CAPEC entries.

Two such views are important:

“攻击机制”视图，可用于专注于可用于攻击网络安全领域的CAPEC条目。

The “Domains of Attack” view, which groups together similar attack methods.

Note that both views as pictured are only the highest level of a hierarchy of CAPEC entries. On the website, clicking on the “+” will open up the next level in that subtree.

There are 4 levels of abstraction in the hierarchies.

• 类别级别
• Meta Level
• Standard Level
• 详细的级别

这些级别的定义可以在glossary of terms。

The hierarchy is four levels deep. Standard level entries are children of Meta level entries, etc. The principle behind the hierarchy in CAPEC is less formal and more just a way to organize similar attack patterns. The general idea is for a child to be a refinement of a parent, but this is not always possible. Since all CAPECs must appear within the hierarchy, it is often the case that we have to do a “best fit” when determining where it belongs.

此外，父母Capec的孩子不应被认为是与父母有关的唯一可能的攻击模式。攻击者不断开发针对网络攻击的新技术，因此CAPEC将永远在不断发展。

Navigating the CAPEC Website

现在，您对CAPEC条目中包含的关键字段有所了解，我们将介绍如何仔细阅读网站以查找您感兴趣的探索的CAPEC。有两种主要方法可以找到您感兴趣的东西。

Keyword Search Method

CAPEC在CAPEC网站的首页上有一个搜索功能，如下所示。

You can search for any keywords, or known IDs, or even a general term. The in-site search form will find all matching pages to that term on the CAPEC website.

Let’s say you are interested in learning more about SQL Injection. Here is the process you could follow to get to that information using the search feature.

搜索“ SQL注入”返回以下内容：

Searches are not always this successful. Let's say you were interested in different kind of attack patterns related to REST APIs.

Searching for “REST” returns the following:

请注意，某些结果与REST API无关。将其他关键字添加到查询（例如API）中可以简化结果。

The search query facility will sometimes return more than one page of results. It is often worthwhile to view at least the second page. For instance, the above query also returned the following on the second page, which might also be of interest.

使用视图

上面我们提到的是，使用视图提供了CAPEC条目的不同组织。您感兴趣的领域可以通过遍历这些观点之一来关注。

Let’s say you are interested in Social Engineering attack patterns. Use the “Domains of Attack” view to list the CAPECs related to this domain.

通常，作为社会工程攻击的一部分，攻击中使用的URL看起来类似于单击的实际URL。元级别的CAPEC“资源位置欺骗”包含与此类攻击相关的攻击模式的子层次结构。

使用该视图的另一种方法是查看您一直在探索的攻击模式。这是通过一次导航一级级别来完成的。例如，CAPEC-66（SQL注射）通过其父母与您感兴趣的许多不同类型的注射攻击相关。

Clicking on “Command Injection” will show you the Meta-level attack pattern, which has relationships to other injection attack patterns.

还有问题吗？

请不要犹豫contact us带有任何其他问题或评论。