Active and Passive attacks in Information Security (original) (raw)
Last Updated : 9 Jan, 2026
Active and Passive attacks are two major categories of cybersecurity threats in information security, where active attacks disrupt or modify systems, while passive attacks secretly monitor and collect information.
- Cyber attacks are broadly classified into Active and Passive attacks
- Active attacks directly alter data, systems, or network operations
- Passive attacks focus on eavesdropping and information gathering without modification
- Active attacks affect integrity and availability, while passive attacks target confidentiality
- Understanding both helps in designing effective security measures
What is a Cyber Attack?
A cyber attack is a deliberate attempt to gain unauthorized access to computer systems or networks in order to steal data, disrupt operations, or cause damage to digital resources.
- Targets individuals, organizations, or government systems
- Aims to steal information, disrupt services, or cause financial and reputational damage
- Common types include malware, phishing, denial-of-service (DoS), and man-in-the-middle (MitM) attacks
- Can lead to data breaches, system downtime, and financial loss
- Awareness and security measures help protect digital assets and personal information
Classification of Cyber Attacks
Cyber attacks are mainly divided into two categories:
- Active Attacks
- Passive Attacks
Sometimes, attackers combine both techniques to increase the impact of the attack.
Active Attacks
An active attack is one in which the attacker directly interacts with the target system to modify, disrupt, or destroy data or services. These attacks are easier to detect because they affect system operations.
Characteristics of Active Attacks
- Directly alter data or system resources
- Can disrupt normal operations
- Usually leave evidence of intrusion
- Aim to cause damage or gain unauthorized control
Types of active attacks are as follows:
- Masquerade Attack
- Modification of Messages
- Repudiation
- Replay Attack
- Denial of Service (DoS) Attack
1. Masquerade Attack
A masquerade attack is a cyber attack in which an attacker impersonates a legitimate user or system to gain unauthorized access to data, systems, or restricted resources by deceiving others into sharing sensitive information.
There are several types of masquerading attacks, including:
- **Username and Password Masquerade: In this masquerade attack, a person uses either stolen or even forged credentials to authenticate themselves as a valid user while gaining access to the system or application.
- **IP address masquerade: This is an attack where the IP address of a malicious user is spoofed or forged such that the source from which the system or the application is accessed appears to be trusted.
- **Website masquerade: A hacker creates a fake website that resembles as a legitimate one in order to gain user information or even download malware.
- **Email masquerade: This is an e-mail masquerade attack through which an attacker sends an apparently trusted source email so that the recipient can mistakely share sensitive information or download malware.
Masquerade Attack
2. Modification of Messages
In this attack, the attacker alters the content of transmitted messages or changes their order.
**Example:
“Allow JOHN to read confidential file X” →
“Allow SMITH to read confidential file X”
**Impact: Loss of data integrity and trust
Modification of messages
3. Repudiation
Repudiation attacks are a type of cyber attack wherein some person does something damaging online, such as a financial transaction or sends a message one does not want to send, then denies having done it.
**There are several types of repudiation attacks, including:
- **Message repudiation attacks: In this attack, a message has been sent by an attacker, but the attacker later denies the sending of the message. This can be achieved either through spoofed or modified headers or even by exploiting vulnerabilities in the messaging system.
- **Transaction repudiation attacks: Here, in this type of attack, a transaction-for example, monetary transaction-is made, and at after some time when the evidence regarding the same is being asked to be give then the attacker denies ever performing that particular transaction.
- **Data repudiation attacks: In a data repudiation attack, data is changed or deleted. Then an attacker will later pretend he has never done this. This can be done by exploiting vulnerabilities in the data storage system or by using stolen or falsified credentials.
4. Replay
It is a passive capturing of a message with an objective to transmit it for the production of an authorized effect.
- In this type of attack, the main objective of an attacker is saving a copy of the data that was originally present on that particular network and later on uses it for personal uses.
- Once the data gets corrupted or leaked it becomes an insecure and unsafe tool for its users.
- **Impact: Unauthorized access, session hijacking, data misuse
Replay
**5. Denial of Service (DoS) Attack
A DoS attack aims to make a system or network unavailable by overwhelming it with excessive traffic or requests.
Types of DoS attacks:
- **Flood Attacks: Overloading systems with excessive packets
- **Amplification Attacks: Using third-party systems to amplify traffic
**Prevention Measures:
- Firewalls and intrusion detection systems
- Load balancers and distributed architectures
- Network segmentation and access control
- Rate limiting and traffic filtering
Denial of Service
**Passive Attacks
A passive attack involves monitoring or eavesdropping on communications without modifying data. These attacks are difficult to detect because they do not affect system operations.
Characteristics of Passive Attacks
- No modification of data
- Focus on information gathering
- Hard to detect
- Target confidentiality rather than availability or integrity
Types of Passive Attacks
Below are the two types of Passive Attacks:
**1. The Release of Message Content
Telephonic conversation, an electronic mail message, or a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions.
Passive attack
**2. Traffic Analysis
- Suppose that we had a way of masking (encryption) information, so that the attacker even if captured the message could not extract any information from the message.
- The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged.
- This information might be useful in guessing the nature of the communication that was taking place.
- The most useful protection against traffic analysis is encryption of SIP traffic.
- To do this, an attacker would have to access the SIP proxy (or its call log) to determine who made the call.
Traffic analysis