According to the behavior of the attacker, cyber attacks can be divided into active attacks and passive attacks. Passive attack usually refers to an attack method in which an attacker monitors and steals information traffic . Active attack usually means that the attacker directly attacks the target system or breaks the network protocol specification by sending targeted malicious data packets or codes to the target system.
Some specific attack methods of passive attack :
attack name | illustrate |
tapping | It means that the attacker intercepts the data traffic in the network and forwards it to the target host, thereby stealing the communication data. This attack method is usually used to obtain sensitive information (such as passwords, credit card numbers, etc.). |
to sniff | It means that the attacker intercepts network traffic and analyzes the contents of the data packets, so as to understand the communication behavior and application information of the target host. This attack method is usually used by attackers to obtain system information or vulnerabilities. |
Traffic Analysis | It refers to capturing and analyzing network data packets to understand the information flow of the target network, including network topology, data transmission method, data encryption method, etc., so as to obtain the means and methods of attacking the target. It usually does not damage systems or data, but poses a threat to information security. Attackers can capture network data packets by various means, such as using "sniffer" tools or redirecting network traffic to servers under the attacker's control, and then analyze the data to obtain the content, protocol and transmission of network traffic. sender/receiver etc. Attackers can use this information to implement various attacks, such as launching denial-of-service attacks or man-in-the-middle attacks. |
port scan | Hackers use network scanning tools to scan open ports on the target computer to obtain system information for subsequent attacks. Attackers detect the open ports of the target computer to understand the network characteristics and vulnerabilities of the target computer, and then use the vulnerabilities to attack . Port scanning can be divided into two types: TCP scanning and UDP scanning. |
Here are some common active attack methods:
attack name | illustrate |
DoS attack | DoS (Denial of Service, Denial of Service) attacks aim to occupy the target system, service or network resources, making it impossible for normal users to access or use them, thus arousing the attention of service providers or system administrators. Common denial of service attack methods include:
|
virus attack | A virus is a malicious program that replicates itself and performs malicious actions on an infected system. Viruses can spread without the user's knowledge, such as through emails, downloads, etc., thereby destroying or tampering with data on the target system . The main types of common virus attack methods are as follows:
|
恶意软件攻击 | 恶意软件是指被攻击者不知情的情况下,通过安装或植入恶意软件,在目标系统上进行恶意操作,可能会导致目标系统信息泄露、系统崩溃或资源被霸占等问题。病毒攻击属于恶意软件攻击的一种形式,另外,典型的恶意软件攻击还包括:
|
口令入侵攻击 | 指攻击者使用各种手段或工具暴力破解目标系统、应用程序、数据库、路由器等设备的口令,以获取非法访问权限的行为。 口令入侵攻击通常包含以下具体方法:
|
缓冲区溢出攻击 | (Buffer Overflow Attack)是指攻击者利用程序中的缺陷,往程序的缓冲区(buffer)内输入超出缓冲区边界的数据,从而覆盖掉维护程序执行状态的相关寄存器或内存区域,并在此基础上执行任意恶意代码的一种攻击方式。因为程序无法处理过多的数据,导致数据开始被覆盖到其他的内存区域。这种攻击方式可以导致程序或系统崩溃,被远程攻击者滥用,危及计算机的机密和完整性,甚至窃取敏感数据,带有极高的破坏性。 缓冲区溢出攻击有以下几种攻击方法:
|
重放攻击 | 重放攻击(Replay Attack)是一种网络攻击方法,攻击者在不受到密码学保护的情况下,复制或重复已经传输的数据,以使目标系统错误地接受非法请求并执行非法操作。 下面列出了几种常见的重放攻击方法:
|
中间人攻击 | (Man-in-the-Middle Attack,MITM Attack)攻击者通过篡改、监听、重发等方式干扰两个通信方之间的通信,从而在不被察觉的情况下窃取通信内容和实施攻击行为的一种网络攻击方式。 下面列举几种常见的中间人攻击方法:
|
数据驱动攻击 | (Data-Driven Attack)是指攻击者收集大量数据,并利用统计学技术和机器学习算法分析数据,以获取攻击目标的相关信息,并对其进行精准攻击的一种新型攻击方式。 具体的数据驱动攻击方法包括以下几种:
|