TY - JOUR
T1 - Survey and Taxonomy of Adversarial Reconnaissance Techniques
AU - Roy, Shanto
AU - Sharmin, Nazia
AU - Acosta, Jaime C.
AU - Kiekintveld, Christopher
AU - Laszka, Aron
N1 - Funding Information:
This material is based upon work supported by the National Science Foundation under Grant CNS-1850510 and by the Army Research Office under Award W911NF-17-1-0370. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation or the Army Research Office.
Publisher Copyright:
© 2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2022/12/7
Y1 - 2022/12/7
N2 - Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill chain. We summarize and analyze the methods, tactics, and tools that adversaries use to conduct reconnaissance activities throughout the attack process. First, we discuss what types of information adversaries seek and how and when they can obtain this information. Then, we provide a taxonomy and detailed overview of adversarial reconnaissance techniques. The taxonomy introduces a categorization of reconnaissance techniques based on the source as third-party and human-, and system-based information gathering. This article provides a comprehensive view of adversarial reconnaissance that can help in understanding and modeling this complex but vital aspect of cyber attacks as well as insights that can improve defensive strategies, such as cyber deception.
AB - Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill chain. We summarize and analyze the methods, tactics, and tools that adversaries use to conduct reconnaissance activities throughout the attack process. First, we discuss what types of information adversaries seek and how and when they can obtain this information. Then, we provide a taxonomy and detailed overview of adversarial reconnaissance techniques. The taxonomy introduces a categorization of reconnaissance techniques based on the source as third-party and human-, and system-based information gathering. This article provides a comprehensive view of adversarial reconnaissance that can help in understanding and modeling this complex but vital aspect of cyber attacks as well as insights that can improve defensive strategies, such as cyber deception.
UR - http://www.scopus.com/inward/record.url?scp=85136046278&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85136046278&partnerID=8YFLogxK
U2 - 10.1145/3538704
DO - 10.1145/3538704
M3 - Article
AN - SCOPUS:85136046278
SN - 0360-0300
VL - 55
JO - ACM Computing Surveys
JF - ACM Computing Surveys
IS - 6
M1 - 3538704
ER -