Cyber Adversary Characterization: Auditing the Hacker Mind

Are Attack Source Addresses Enough?
Attack Tool Differentiators
Types of Attack Tools
Attack Technique Differentiators
Types of Attack Techniques
Caveats: Attack Behavior Masquerading
Whether we are characterizing an adversary from a theoretical standpoint or with the power of hindsight (after an incident has occurred), the types of adversary with which we are dealing remain the same, and therefore so do many of the adversary characterization metrics we use.
A basis for many of the post-incident characterization metrics is that one is able to score an attack to determine the values of a number of variables pertaining to the adversary s level of skill, preference to risks associated with the attack, and even (in some cases) the adversary s motivation.
We hypothesize that qualitative data associated with variables such as those relating to an adversary s skill can be enumerated by analyzing quantitative, observable attack data such as that pertaining to the complexity of a given attack. Through consideration of the theories we established in earlier chapters (such as those governing the adversary s risk exposure versus resources the adversary used), we are able to glean invaluable insight into adversarial variables such as preference to risk, the adversary s motivators, and in laymen s terms, how badly the adversary wanted to compromise the attacked target host or network.
Anyone who has ever dabbled with intrusion detection technologies and/or run their own host-based (HIDS) or network-based (NIDS) intrusion detection device...