[NetBehaviour] Inside the Hacker's Profiling Project.

marc marc.garrett at furtherfield.org
Wed Nov 8 14:39:20 CET 2006

Inside the Hacker's Profiling Project.

By: Federico Biancuzzi.

Imagine being able to preview an attacker's next move based on the 
traces left on compromised machines. That's the aim of the Hacker's 
Profiling Project (HPP), an open methodology that hopes to enable 
analysts to work on the data (logs, rootkits, and any code) left by 
intruders from a different point of view, providing them with a 
profiling methodology that will identify the kind of attacker and 
therefore his modus operandi and potential targets.

We discussed the project with co-founder Stefania Ducci, criminologist 
for United Nations Interregional Crime and Justice Research Institute 
(UNICRI). In mid-2004 Ducci began collaborating with Raoul Chiesa on 
what became the HPP.

NewsForge: What is the Hackers Profiling Project?

Stefania Ducci: The HPP is an international research programme aimed at 
developing an open methodology that -- when applied to log files or 
computer forensics dumps -- will enable analysts to identify the kind of 
attacker that performed the attack(s).

Most studies have been carried out by focusing on either the criminal 
analysis of the computer intrusion on one side and the technical 
analysis on the other side. In no cases we have seen a synergic 
approach. In this context, our research project aims to identify the 
actors' behaviours, helping in better identifying the reasons for IT/ICT 
attacks, thus determining better countermeasures.


More information about the NetBehaviour mailing list