An Exploratory Qualitative Study of Computer Network Attacker Cognition
Many computer network defenders do not know how malicious hackers think and act during a network (McCloskey & Chrenka, 2001). To study attacker cognition, experienced hackers were recruited to attack a Windows 2000 network and pursue three goals: Deface the website, steal (faux) credit card numb...
Gespeichert in:
| Veröffentlicht in: | Proceedings of the Human Factors and Ergonomics Society Annual Meeting 2004, Vol.48 (3), p.401-405 |
|---|---|
| Hauptverfasser: | , , , , , |
| Format: | Review |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 405 |
|---|---|
| container_issue | 3 |
| container_start_page | 401 |
| container_title | Proceedings of the Human Factors and Ergonomics Society Annual Meeting |
| container_volume | 48 |
| creator | Stanard, Terry Lewis, W. Robert Cox, Donald A. Malek, David A. Klein, John Matz, Randy |
| description | Many computer network defenders do not know how malicious hackers think and act during a network (McCloskey & Chrenka, 2001). To study attacker cognition, experienced hackers were recruited to attack a Windows 2000 network and pursue three goals: Deface the website, steal (faux) credit card numbers, and read email. Participants wrote a report of what they did, and a post-attack cognitive task analysis interview was conducted. Logs were also captured on the network including firewall, snort IDS, and Microsoft applications (IIS, SQL, Exchange). An Attacker Cognition Model based on data collected from five participants was created. The model has two basic properties: It describes the cognitive steps followed by an attacker, and describes several passes through these steps that the attacker follows as s/he penetrates several layers deep into a network. Future research using smaller sample sizes and multiple studies using the same participants is encouraged. |
| doi_str_mv | 10.1177/154193120404800327 |
| format | Review |
| fullrecord | <record><control><sourceid>sage_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1177_154193120404800327</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sage_id>10.1177_154193120404800327</sage_id><sourcerecordid>10.1177_154193120404800327</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1327-e4db03128f0df823ad71ec6c61a41373efceb9b26e4f9713a8623cd4b1253bd03</originalsourceid><addsrcrecordid>eNp9kF1LwzAUhoMoWKd_wKv8gbqcJG3ay1LmFIYi6nVJ8zG6dU1JU7X_fh3zTvDqwOF9Xh5ehO6BPAAIsYSEQ86AEk54Rgij4gJFFNI8TkgqLlF0CsSnxDW6GYYdIZQJxiO0Ljq8-ulb52VwfsJvo2ybIEPzZfB7GPWEncWlO_RjMB6_mPDt_B4XIUi1nx-l23ZNaFx3i66sbAdz93sX6PNx9VE-xZvX9XNZbGIFs1RsuK7JbJFZom1GmdQCjEpVCpLDbGSsMnVe09RwmwtgMkspU5rXQBNWa8IWiJ57lXfD4I2tet8cpJ8qINVpiurvFDO0PEOD3Jpq50bfzY7_EUfXzl6m</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>review</recordtype></control><display><type>review</type><title>An Exploratory Qualitative Study of Computer Network Attacker Cognition</title><source>SAGE Complete</source><creator>Stanard, Terry ; Lewis, W. Robert ; Cox, Donald A. ; Malek, David A. ; Klein, John ; Matz, Randy</creator><creatorcontrib>Stanard, Terry ; Lewis, W. Robert ; Cox, Donald A. ; Malek, David A. ; Klein, John ; Matz, Randy</creatorcontrib><description>Many computer network defenders do not know how malicious hackers think and act during a network (McCloskey & Chrenka, 2001). To study attacker cognition, experienced hackers were recruited to attack a Windows 2000 network and pursue three goals: Deface the website, steal (faux) credit card numbers, and read email. Participants wrote a report of what they did, and a post-attack cognitive task analysis interview was conducted. Logs were also captured on the network including firewall, snort IDS, and Microsoft applications (IIS, SQL, Exchange). An Attacker Cognition Model based on data collected from five participants was created. The model has two basic properties: It describes the cognitive steps followed by an attacker, and describes several passes through these steps that the attacker follows as s/he penetrates several layers deep into a network. Future research using smaller sample sizes and multiple studies using the same participants is encouraged.</description><identifier>ISSN: 1541-9312</identifier><identifier>ISSN: 1071-1813</identifier><identifier>EISSN: 2169-5067</identifier><identifier>DOI: 10.1177/154193120404800327</identifier><language>eng</language><publisher>Los Angeles, CA: SAGE Publications</publisher><ispartof>Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 2004, Vol.48 (3), p.401-405</ispartof><rights>2004 Human Factors and Ergonomics Society</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c1327-e4db03128f0df823ad71ec6c61a41373efceb9b26e4f9713a8623cd4b1253bd03</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://journals.sagepub.com/doi/pdf/10.1177/154193120404800327$$EPDF$$P50$$Gsage$$H</linktopdf><linktohtml>$$Uhttps://journals.sagepub.com/doi/10.1177/154193120404800327$$EHTML$$P50$$Gsage$$H</linktohtml><link.rule.ids>313,314,776,780,788,21798,27899,27901,27902,43597,43598</link.rule.ids></links><search><creatorcontrib>Stanard, Terry</creatorcontrib><creatorcontrib>Lewis, W. Robert</creatorcontrib><creatorcontrib>Cox, Donald A.</creatorcontrib><creatorcontrib>Malek, David A.</creatorcontrib><creatorcontrib>Klein, John</creatorcontrib><creatorcontrib>Matz, Randy</creatorcontrib><title>An Exploratory Qualitative Study of Computer Network Attacker Cognition</title><title>Proceedings of the Human Factors and Ergonomics Society Annual Meeting</title><description>Many computer network defenders do not know how malicious hackers think and act during a network (McCloskey & Chrenka, 2001). To study attacker cognition, experienced hackers were recruited to attack a Windows 2000 network and pursue three goals: Deface the website, steal (faux) credit card numbers, and read email. Participants wrote a report of what they did, and a post-attack cognitive task analysis interview was conducted. Logs were also captured on the network including firewall, snort IDS, and Microsoft applications (IIS, SQL, Exchange). An Attacker Cognition Model based on data collected from five participants was created. The model has two basic properties: It describes the cognitive steps followed by an attacker, and describes several passes through these steps that the attacker follows as s/he penetrates several layers deep into a network. Future research using smaller sample sizes and multiple studies using the same participants is encouraged.</description><issn>1541-9312</issn><issn>1071-1813</issn><issn>2169-5067</issn><fulltext>true</fulltext><rsrctype>review</rsrctype><creationdate>2004</creationdate><recordtype>review</recordtype><recordid>eNp9kF1LwzAUhoMoWKd_wKv8gbqcJG3ay1LmFIYi6nVJ8zG6dU1JU7X_fh3zTvDqwOF9Xh5ehO6BPAAIsYSEQ86AEk54Rgij4gJFFNI8TkgqLlF0CsSnxDW6GYYdIZQJxiO0Ljq8-ulb52VwfsJvo2ybIEPzZfB7GPWEncWlO_RjMB6_mPDt_B4XIUi1nx-l23ZNaFx3i66sbAdz93sX6PNx9VE-xZvX9XNZbGIFs1RsuK7JbJFZom1GmdQCjEpVCpLDbGSsMnVe09RwmwtgMkspU5rXQBNWa8IWiJ57lXfD4I2tet8cpJ8qINVpiurvFDO0PEOD3Jpq50bfzY7_EUfXzl6m</recordid><startdate>200409</startdate><enddate>200409</enddate><creator>Stanard, Terry</creator><creator>Lewis, W. Robert</creator><creator>Cox, Donald A.</creator><creator>Malek, David A.</creator><creator>Klein, John</creator><creator>Matz, Randy</creator><general>SAGE Publications</general><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>200409</creationdate><title>An Exploratory Qualitative Study of Computer Network Attacker Cognition</title><author>Stanard, Terry ; Lewis, W. Robert ; Cox, Donald A. ; Malek, David A. ; Klein, John ; Matz, Randy</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1327-e4db03128f0df823ad71ec6c61a41373efceb9b26e4f9713a8623cd4b1253bd03</frbrgroupid><rsrctype>reviews</rsrctype><prefilter>reviews</prefilter><language>eng</language><creationdate>2004</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Stanard, Terry</creatorcontrib><creatorcontrib>Lewis, W. Robert</creatorcontrib><creatorcontrib>Cox, Donald A.</creatorcontrib><creatorcontrib>Malek, David A.</creatorcontrib><creatorcontrib>Klein, John</creatorcontrib><creatorcontrib>Matz, Randy</creatorcontrib><collection>CrossRef</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Stanard, Terry</au><au>Lewis, W. Robert</au><au>Cox, Donald A.</au><au>Malek, David A.</au><au>Klein, John</au><au>Matz, Randy</au><format>journal</format><genre>article</genre><ristype>GEN</ristype><atitle>An Exploratory Qualitative Study of Computer Network Attacker Cognition</atitle><jtitle>Proceedings of the Human Factors and Ergonomics Society Annual Meeting</jtitle><date>2004-09</date><risdate>2004</risdate><volume>48</volume><issue>3</issue><spage>401</spage><epage>405</epage><pages>401-405</pages><issn>1541-9312</issn><issn>1071-1813</issn><eissn>2169-5067</eissn><abstract>Many computer network defenders do not know how malicious hackers think and act during a network (McCloskey & Chrenka, 2001). To study attacker cognition, experienced hackers were recruited to attack a Windows 2000 network and pursue three goals: Deface the website, steal (faux) credit card numbers, and read email. Participants wrote a report of what they did, and a post-attack cognitive task analysis interview was conducted. Logs were also captured on the network including firewall, snort IDS, and Microsoft applications (IIS, SQL, Exchange). An Attacker Cognition Model based on data collected from five participants was created. The model has two basic properties: It describes the cognitive steps followed by an attacker, and describes several passes through these steps that the attacker follows as s/he penetrates several layers deep into a network. Future research using smaller sample sizes and multiple studies using the same participants is encouraged.</abstract><cop>Los Angeles, CA</cop><pub>SAGE Publications</pub><doi>10.1177/154193120404800327</doi><tpages>5</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1541-9312 |
| ispartof | Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 2004, Vol.48 (3), p.401-405 |
| issn | 1541-9312 1071-1813 2169-5067 |
| language | eng |
| recordid | cdi_crossref_primary_10_1177_154193120404800327 |
| source | SAGE Complete |
| title | An Exploratory Qualitative Study of Computer Network Attacker Cognition |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T15%3A47%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-sage_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Exploratory%20Qualitative%20Study%20of%20Computer%20Network%20Attacker%20Cognition&rft.jtitle=Proceedings%20of%20the%20Human%20Factors%20and%20Ergonomics%20Society%20Annual%20Meeting&rft.au=Stanard,%20Terry&rft.date=2004-09&rft.volume=48&rft.issue=3&rft.spage=401&rft.epage=405&rft.pages=401-405&rft.issn=1541-9312&rft.eissn=2169-5067&rft_id=info:doi/10.1177/154193120404800327&rft_dat=%3Csage_cross%3E10.1177_154193120404800327%3C/sage_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_sage_id=10.1177_154193120404800327&rfr_iscdi=true |