Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers
Peter M. Mell
High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we known little about this set of attacks besides the fact that it exists. We have taken a sample of 119 attacks from the GAT that were published between May and October 1998. We classify these samples with dependent classifications and store the results in a database. Using the database, we generate statistics on important characteristics of the GAT; like what percentage of attacks are launchable from a Windows host, what percentage are remote penetration attacks, and what percentage use UDP. We can also use the database as a forensic tool and as an attack script search tool. As a forensic tool, a search on the database creates a list of attacks that could have compromised a penetrated system. As an attack script search tool, similar search techniques yield lists of attacks that conform to desired specification.
2nd Workshop on Research with Security Vulnerability Databases
Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers, 2nd Workshop on Research with Security Vulnerability Databases, West Lafayette, IN, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=151651
(Accessed December 4, 2023)