Cyber Adversary Characterization: Auditing the Hacker Mind

Chapter 4: Rating the Attack: Post-Incident Characterization Metrics

Topics in this Chapter:

  • Are Attack Source Addresses Enough?

  • Attack Tool Differentiators

  • Types of Attack Tools

  • Attack Technique Differentiators

  • Types of Attack Techniques

  • Caveats: Attack Behavior Masquerading

Introduction: Theoretical Crossover and the Attack Point Scoring Systems

Whether we are characterizing an adversary from a theoretical standpoint or with the power of hindsight (after an incident has occurred), the types of adversary with which we are dealing remain the same, and therefore so do many of the adversary characterization metrics we use.

A basis for many of the post-incident characterization metrics is that one is able to score an attack to determine the values of a number of variables pertaining to the adversary s level of skill, preference to risks associated with the attack, and even (in some cases) the adversary s motivation.

We hypothesize that qualitative data associated with variables such as those relating to an adversary s skill can be enumerated by analyzing quantitative, observable attack data such as that pertaining to the complexity of a given attack. Through consideration of the theories we established in earlier chapters (such as those governing the adversary s risk exposure versus resources the adversary used), we are able to glean invaluable insight into adversarial variables such as preference to risk, the adversary s motivators, and in laymen s terms, how badly the adversary wanted to compromise the attacked target host or network.

The Source of the Problem

Anyone who has ever dabbled with intrusion detection technologies and/or run their own host-based (HIDS) or network-based (NIDS) intrusion detection device...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Network Security Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.