1 Introduction
1.5 Classification of attackers

The security threats are potentially realized by attackers, which generally differ in their ability and activity. We will briefly summarize the properties pertaining to attackers’ abilities and activities, and the resulting class scheme.

Ability: The ability of an attacker is typically determined by the following:

Activity. Attacking activities can generally be classified as passive versus active:

image
Fig. 1.1 – Passive attack
image
Fig. 1.2 – Active attack

And also as non-invasive versus semi-invasive versus invasive:

Note that not all semi-invasive or invasive attacks are active attacks. For instance, passive semi-invasive attacks may try to just read sensitive data from memory components, and passive invasive attacks can use a probe station to sense valuable data signals. Examples of passive attacks are traffic analysis and camouflaging. The majority of attacks, however, are active attacks, such as routing attacks, spoofing, denial of service, man-in-the middle, eavesdropping, node replication, physical attacks...

Class. To grasp both ability and activity, IBM has introduced the following taxonomy on the class of attackers: