[NetBehaviour] Inside the Hacker's Profiling Project.
marc.garrett at furtherfield.org
Wed Nov 8 14:39:20 CET 2006
Inside the Hacker's Profiling Project.
By: Federico Biancuzzi.
Imagine being able to preview an attacker's next move based on the
traces left on compromised machines. That's the aim of the Hacker's
Profiling Project (HPP), an open methodology that hopes to enable
analysts to work on the data (logs, rootkits, and any code) left by
intruders from a different point of view, providing them with a
profiling methodology that will identify the kind of attacker and
therefore his modus operandi and potential targets.
We discussed the project with co-founder Stefania Ducci, criminologist
for United Nations Interregional Crime and Justice Research Institute
(UNICRI). In mid-2004 Ducci began collaborating with Raoul Chiesa on
what became the HPP.
NewsForge: What is the Hackers Profiling Project?
Stefania Ducci: The HPP is an international research programme aimed at
developing an open methodology that -- when applied to log files or
computer forensics dumps -- will enable analysts to identify the kind of
attacker that performed the attack(s).
Most studies have been carried out by focusing on either the criminal
analysis of the computer intrusion on one side and the technical
analysis on the other side. In no cases we have seen a synergic
approach. In this context, our research project aims to identify the
actors' behaviours, helping in better identifying the reasons for IT/ICT
attacks, thus determining better countermeasures.
More information about the NetBehaviour