| attack name |
illustrate |
| DoS attack |
DoS (Denial of Service, Denial of Service) attacks aim to occupy the target system, service or network resources, making it impossible for normal users to access or use them, thus arousing the attention of service providers or system administrators. Common denial of service attack methods include:
-
Classic floodattack: By sending a large amount of useless network traffic or packets to the target host or network, occupying the bandwidth, CPU, memory and other resources of the target host or network, and blocking normal data transmission. (DoS attack that consumes CPU and memory resources)
-
SmurfAttack: The attacker sends a large number of disguised ICMP requests to the target network, causing all hosts in the network to respond to the forged requests, thereby causing a large amount of data traffic pressure on the target network.
-
Ping of deathAttack: The attacker sends a specially formulated ICMP request whose size exceeds the normal size limit, causing the target host or client to crash or restart.
-
SYN floodAttack : The attacker continuously sends the SYN request in the TCP three-way handshake to the target host or service, but does not complete the handshake process, thus occupying the resources of the target host or service and making it unavailable.
-
SlowlorisAttack: The attacker sends a large number of low-speed HTTP requests to the target Web server, occupying the resources of the Web server, so that normal users cannot connect to the server.
-
HTTP floodAttack: The attacker sends a large number of HTTP requests to the target Web server, occupying the resources of the Web server, so that the server load is too high and cannot provide services for normal users.
-
DDoS (Distributed Denial of Service, Distributed Denial of Service) attack is a more advanced type of attack, which combines the computer resources of multiple attackers to send malicious data traffic to the target system on a large scale, thereby making the target system resources Dry up or collapse.
-
Teardrop attack: Causes the target system to crash or become unstable by sending malicious data packets composed of multiple IP fragments. The implementation method of Teardrop attack is to deceive the network infrastructure or protocol stack, and put the data that cannot be analyzed by the IP header information such as the offset of the fragment, the length of the payload data, and the checksum together as a continuous cache. This causes the system to fail to correctly reassemble TCP/IP fragmented data packets, resulting in a system crash.
-
UDP flood attack: One of the variants of DDoS (Distributed Denial of Service) attack, which is specifically targeted at UDP (User Datagram Protocol) services. UDP is a connectionless protocol with a faster communication speed, but compared to TCP, it has no error checking and data retransmission mechanism, so it is easy to become the target of DDoS attackers. The UDP Flood attack method is to send a large number of UDP data packets to the target server or network, occupying its bandwidth and system resources for processing data packets, and eventually causing the system to be paralyzed or unable to provide normal services.
-
Spamming attack: (Spamming) refers to an attack method that sends a large amount of spam to interfere with the target user or system. Spam generally refers to unwanted and meaningless messages, including advertising sales, scam messages, links to malware, objectionable content, and more. Attackers use various methods to collect and forge email addresses, and then send a large amount of spam to target users or systems, affecting user work efficiency, wasting network bandwidth, and damaging corporate image.
|
| virus attack |
A virus is a malicious program that replicates itself and performs malicious actions on an infected system. Viruses can spread without the user's knowledge, such as through emails, downloads, etc., thereby destroying or tampering with data on the target system . The main types of common virus attack methods are as follows:
-
Traditional viruses: Viruses spread by infecting files, embedding host files, etc. Once they infect the host, they will destroy the system, software or data. For example, macro viruses infect the system by maliciously executing a series of automated tasks or commands . Macro viruses primarily infect document files, such as Word documents and Excel spreadsheets, which often contain macro code that manipulates user data.
-
Advanced Persistent Threat (APT): APT virus is a complex malware attack. Attackers will deploy it against specific targets. The attack process lasts for a long time, and it has stronger concealment and difficulty.
-
Worm virus: Worm virus will directly enter the computer system by exploiting system vulnerabilities, and use the shared network between hosts to replicate and propagate itself, posing a security threat to the network.
-
木马程序:木马程序是一种躲藏在具有正常功能的应用程序中的恶意代码,运行时会自动激活并为黑客提供一个远程操作系统的入口。
-
间谍软件:间谍软件会在电脑上运行并自动搜集用户的敏感信息,并将其发送至黑客服务器上,具有隐藏和隐蔽性强的特点。
-
引导扇区病毒:引导扇区病毒利用硬盘扇区中的引导扇区来感染系统,自我复制并传播。
-
网络蠕虫:网络蠕虫是一种利用Web等网络渠道进行传播的恶意软件,大量感染计算机后,可以发起大规模的分布式拒绝服务攻击。
-
恶意广告攻击:广告恶意代码被注入到广告服务器上,向网站访问者推送广告时,通过广告处的漏洞进行攻击。
|
| 恶意软件攻击 |
恶意软件是指被攻击者不知情的情况下,通过安装或植入恶意软件,在目标系统上进行恶意操作,可能会导致目标系统信息泄露、系统崩溃或资源被霸占等问题。病毒攻击属于恶意软件攻击的一种形式,另外,典型的恶意软件攻击还包括:
-
钓鱼攻击:利用目标用户的误认而吸引用户进入虚假网站,来达到恶意目的,往往被用于盗取用户的个人身份信息。
-
加密勒索病毒:利用加密破坏计算机系统中的重要文件,勒索被攻击者,要求购买“解密工具”以及收费“解密件”的款项。
|
| 口令入侵攻击 |
指攻击者使用各种手段或工具暴力破解目标系统、应用程序、数据库、路由器等设备的口令,以获取非法访问权限的行为。 口令入侵攻击通常包含以下具体方法:
-
字典攻击:攻击者使用生成的密码字典或已知的常见密码来重复尝试猜测目标系统或账户的密码,在找到匹配的密码之前一直重复猜测。
-
暴力破解:攻击者通过生成各种可能的密码组合来尝试猜测目标系统、应用程序或账户的密码。攻击者使用程序在少量时间内猜测众多密码,以使得成功率增加。
-
基于规则的攻击:攻击者利用目标账户或用户的信息,如生日、姓名、地址等,生成基于规则的密码组合进行猜测。通过这种方法,攻击者有可能在很短的时间内猜测出正确的密码。
-
社会工程学攻击:攻击者通过采用欺骗性的手段(如言语欺骗、钓鱼攻击等)来获取目标系统的密码或其他敏感信息,从而攻击目标账户或系统。
|
| 缓冲区溢出攻击 |
(Buffer Overflow Attack)是指攻击者利用程序中的缺陷,往程序的缓冲区(buffer)内输入超出缓冲区边界的数据,从而覆盖掉维护程序执行状态的相关寄存器或内存区域,并在此基础上执行任意恶意代码的一种攻击方式。因为程序无法处理过多的数据,导致数据开始被覆盖到其他的内存区域。这种攻击方式可以导致程序或系统崩溃,被远程攻击者滥用,危及计算机的机密和完整性,甚至窃取敏感数据,带有极高的破坏性。 缓冲区溢出攻击有以下几种攻击方法:
-
栈溢出攻击(Stack Overflow Attack):攻击者利用输入的数据覆盖程序的栈帧或环境,以此改变程序的执行流程和执行结果。
-
堆溢出攻击(Heap Overflow Attack):攻击者利用malloc、free等堆管理操作产生漏洞,向堆中插入伪造的数据,改变程序的执行流程和执行结果。
-
格式化字符串攻击(Format String Attack):攻击者利用格式化字符串的函数,例如printf等,指定格式化字符串并插入可控的恶意代码,从而达到控制程序流程或者获取敏感信息的攻击方式。
-
拒绝服务攻击(Denial of Service Attack):攻击者向程序输入大量的数据,使程序的缓冲区被填满,导致程序崩溃并拒绝服务的攻击方式。
|
| 重放攻击 |
重放攻击(Replay Attack)是一种网络攻击方法,攻击者在不受到密码学保护的情况下,复制或重复已经传输的数据,以使目标系统错误地接受非法请求并执行非法操作。 下面列出了几种常见的重放攻击方法:
-
重复攻击:攻击者复制以前的包并将其发送到目标系统,模拟重复的操作,从而欺骗系统认为这是新的数据包。
-
指定攻击:攻击者截获发往目标系统的数据包并对其内容进行修改或篡改,模拟目标系统上的其他操作,以达到控制系统的目的。
-
会话劫持攻击:攻击者截获将认证数据传输回目标系统的数据包,并使用这些数据包来欺骗目标系统,以访问系统中受保护的资源。
-
集成的攻击:攻击者多次进行攻击,使用相同的密钥并尝试连续地执行攻击,或攻击多个目标系统。
-
代码注入攻击:攻击者插入自己的代码,使他们能够模拟指定的数据包并发送伪造数据包,使目标系统错误地执行非法操作。
|
| 中间人攻击 |
(Man-in-the-Middle Attack,MITM Attack)攻击者通过篡改、监听、重发等方式干扰两个通信方之间的通信,从而在不被察觉的情况下窃取通信内容和实施攻击行为的一种网络攻击方式。 下面列举几种常见的中间人攻击方法:
-
ARP欺骗:攻击者使用ARP欺骗技术,刻意发送虚假的ARP广播信息,欺骗路由器或交换机,让攻击者的MAC地址被记为目标IP地址的MAC地址。这样,攻击者的计算机将会接收到目标计算机发送的所有通信,从而进行窃听、篡改等攻击行为。
-
DNS欺骗:攻击者利用DNS欺骗技术,在本地缓存或者路由器DNS缓存中伪造与目标域名相同的IP地址记录,当用户访问目标网站时,就会被重定向到攻击者所掌控的恶意网站上。
-
SSL剥离:攻击者伪装成受信任的通信机构,通过攻击Internet传输控制协议(TCP)握手阶段,从而使受害者与其想要的网站建立了通信,而不是发送到正确的网站。
-
IP欺骗:攻击者会修改IP头中的源地址来指向另一个受信任的地址,并将读取到的数据还原成原始形式,以此来制造、灌输虚假信息。
-
会话劫持:攻击者通过截获受害者与目标服务器间的通信,获得登录信息、会话ID等机密信息,再利用这些信息来模拟目标用户的身份进入系统,进行非法操作。
|
| 数据驱动攻击 |
(Data-Driven Attack)是指攻击者收集大量数据,并利用统计学技术和机器学习算法分析数据,以获取攻击目标的相关信息,并对其进行精准攻击的一种新型攻击方式。 具体的数据驱动攻击方法包括以下几种:
-
基于数据挖掘的攻击:攻击者通过对收集到的数据进行挖掘,分析目标的行为模式、喜好、习惯以及偏好等,来发现其潜在的安全漏洞和被攻击的薄弱环节。
-
基于恶意数据的攻击:攻击者会针对一些存在漏洞的应用程序和系统,制造和注入恶意数据,从而在漏洞被触发时进行攻击。利用监督机器学习的方法,对恶意数据进行分析和识别,从而提高攻击效率。
-
基于识别准确率的攻击:攻击者会通过机器学习模型的相关参数探测,来发现系统的缺陷,并针对深度学习模型建立对抗性样本,加大识别错误率,实现精准攻击。
-
基于深度学习模型的攻击:攻击者会针对深度学习模型的训练数据集进行攻击,将有针对性地注入一些恶意样本或引入重度噪音,从而破坏模型的深度学习过程,然后使模型失效。
|