Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers (1999) [2 citations — 0 self]
Abstract:
High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we know little about this set of attacks besides the fact that it exists. We have taken a sample of 119 attacks from the GAT that were published between May and October 1998. We classify these samples with dependent classifications and store the results in a database. Using the database, we generate statistics on important characteristics of the GAT (e.g. what percentage of attacks are launchable from a Windows host, what percentage are remote penetration attacks, and what percentage use UDP). One can also use the database as a forensic tool and as an attack script search tool. As a forensic tool, a search on the database creates a list of attacks that could have compromised a penetrated system. As an attack script search tool, similar search techniques yield lists of attacks that conform to desired specification. For many years security professionals, especially intrusion detection specialists, have
