Hacker’s Profiling
Project (HPP)
Project Managers: Raoul Chiesa
raoul@ISECOM.org
The
goal of this presentation document is to resume the first 2 years of the HPP
results, as well as define the core of a methodology that will allow the use of
the attacker’s profiling techniques in computer-based IT and ICT attacks. The
document gives a strong consideration to the first two developed phases of the
Hacker’s Profiling Project, defining at the same time the next steps for the
core-asset of the methodology itself.
The
original idea started back in 2004, after many researches related to Criminal
and Hacker’s Profiling: most of the available data and studies have been carried
out basically focusing on single “points of view”: the criminal analysis of the
computer intrusion on one side, the technical analysis of the computer intrusion
on the other side. In no cases we have seen a synergic approach of the
above-mentioned points of view.
Also,
the hacking panorama has always been described as a world populated by data
thieves, modern Robin Hood and criminals, rather than the “good & bad guys”
general definitions. Our research project aims to identify the real actors’
behaviours of this particular technological environment and social culture,
driving away from the cliché often (ab)used by the media and by the
classic company’s “security culture”, helping in better identifying the reasons
of IT/ICT attacks and the real modus operandi, determining a better
counter-measures approach.
At the
moment (June 2006), the available documents will focus on describing “how it
works” side more than the “how to use” aspect. This methodology will serve those
who need to identify attackers’ typologies and better understanding the
(different) motivations that lead to a computer intrusion scene.
Among
the next steps, as the Honeynet module will be defined (2007), we are expecting
to produce various detailed technical papers, on which basis we will outline the
profiling methodology itself.
The
final goal of HPP consists in developing an open methodology that – when applied
to log files or computer forensics dumps - will enable the analysts to analyze
the data from a different point of view, supplying them with a profiling
methodology that will identify the kind of attacker that has performed the
attack(s) itself, including as well security and privacy weaknesses,
circumventions, corruption, fraud, embezzlement, theft, and other deceptive,
illegal, or unethical practices.
If you
are interested in helping us with this project, please, contact us at
hpp<at>isecom.org.
Download HPP General Overview, Basic Presentation v.1.0_eng:
|
|
Spain |
USA |
|
HPP.general_overview_Basic.v.1.0_eng.pdf |
 |
|
Download HPP General Overview, Compact Presentation v.1.0_eng:
|
|
Spain |
USA |
|
HPP.general_overview_Compact.v.1.0_eng.pdf |
|
|
13679 visits (2 today, 5 this week)
TEAM ACCESS