Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers

Abstract

High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we know little about this set of attacks besides the fact that it exists. We have taken a sample of 119 attacks from the GAT that were published between May and October 1998. We classify these samples with dependent classifications and store the results in a database. Using the database, we generate statistics on important characteristics of the GAT (e.g. what percentage of attacks are launchable from a Windows host, what percentage are remote penetration attacks, and what percentage use UDP). One can also use the database as a forensic tool and as an attack script search tool. As a forensic tool, a search on the database creates a list of attacks that could have compromised a penetrated system. As an attack script search tool, similar search techniques yield lists of attacks that conform to desired specification.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 05, 1998
Accession Number
ADA389107

Entities

People

  • Peter Mell

Organizations

  • National Institute of Standards and Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Classification
  • Computer Networks
  • Cybersecurity
  • Data Analysis
  • Databases
  • Denial Of Service Attack
  • Detection
  • Internet
  • Intrusion Detection
  • Machine Learning
  • Network Protocols
  • Networks
  • Operating Systems
  • Security
  • Specifications
  • Statistics
  • Websites

Fields of Study

  • Computer science

Readers

  • Computational Linguistics
  • Cybersecurity.
  • Regression Analysis.