By Dustin Vandenberg
This post is an extension of my last blog post from a few weeks ago. This last summer while I was interning for CSPRI, I categorized and rated various cyber-attack attribution methods. I previously explained how I categorized these methods, and now I want to focus on determining their effectiveness against a variety of attacks.
In order to compare these methods’ effectiveness, I had to first determine what attacks they should be attributing. This isn’t an easy task, as cyber-attacks are as varied as the people who make them, but I was able to identify 4 primary categories which attacks fell into:
1. Denial of Service Attacks
2. Security Bypasses
3. Data Theft
4. Data Destruction/Corruption
Denial of service attacks occur when the attacker uses a large stream of packets to overload servers and prevent them from responding to legitimate packets. Security bypasses are attacks which circumvent various protective measures which are set up on a network. This research is really focused on network-based attacks, so I don’t consider code breaking and phishing a part of security bypasses, as they focus on attacks on either mathematical formulas or humans, not network security measures. Data theft is a type of attack in which the attacker seeks to exfiltrate data from the target back to his or her own computer. Finally, data destruction/corruption occurs when an attacker seeks to render data unusable on the target’s machine, but doesn’t necessarily communicate that data back to the attacker’s machine.
Based on these attacks and the various methods I researched, I was able to rate the effectiveness of each method against all 4 different styles of attack. My full paper has much more detailed explanations of how I determined these ratings, but the following chart summarizes my findings in a much more readable format.
The final report is still a work in progress, so please feel free to leave any comments or questions below relating to this project!