An Analysis of Passive and Active Cyberattacks

By: Arya Brijith, International Center for AI and Cyber Security Research and Innovations (CCRI), Asia University, Taiwan,sia University, Taiwan,

Figure 1: Cover Image


This article is based on the various types of active and passive attacks.


attacks, Dos, phishing, active, passive.


Understanding the cybersecurity environment entails addressing both passive and active threats, each with a unique method of operation. Monitoring cyberattacks in real-time without tampering with them—that is, without entering the attackers’ servers or running malicious software—is known as passive observation. However, active observation refers to engaging with malware or an attacker’s infrastructure to launch an assault [1]. This essay explores these two different domains, highlighting both active attacks such as virus invasions and DDoS attacks, as well as passive data interception.

Types of Passive Attacks

  • Eavesdropping /Interception: This refers to the act of someone discretely listening in on a private discussion between two individuals. Hackers can intercept and examine network traffic, such as emails or messages, to steal sensitive data.
  • Traffic Analysis: Imagine someone monitoring the frequency and timing of your conversations with other people, even if they are unable to understand what you are saying. Important details like the quantity of data you share and the timing of your interactions can still be inferred by them.
  • Monitoring: It is the equivalent of having someone sneakily observe your online activities without causing any harm. Without actively altering anything, they may monitor your login times, system use, and other actions.

Types of Active attacks

  • Distributed denial of service (DDoS) and denial of service (DoS) assaults: these types of attacks overload a network or website with traffic, rendering it unusable for regular users. Several compromised machines cooperate to overload the target in a denial-of-service attack.
  • Man-in-the-Middle (MitM): This is the equivalent of someone listening in on your phone conversation or even making changes without your knowledge. It’s a cunning method of obtaining private data.
  • Malware: It is the term for digital troublemakers such as viruses, worms, and ransomware that cause havoc on computers by either stealing crucial data or damaging things.
  • Phishing: It is the act of someone deceiving you by posing as your acquaintance. Usually, it’s an email or message attempting to trick you into clicking on a malicious link that will install malware on your machine.


The dynamic warfare of the cyber domain is defined by the contrast between active and passive attacks.  Understanding these is essential for developing strong defensive plans.  In today’s linked digital world, adaptation, knowledge, and preparedness are essential for protecting digital assets and user privacy.


  1. 小出駿. (2021). A Study on Analyzing Cyber Attacks through Active and Passive Observation.
  2. Ning, J., Xu, J., Liang, K., Zhang, F., & Chang, E. C. (2018). Passive attacks against searchable encryption. IEEE Transactions on Information Forensics and Security14(3), 789-802.
  3. Amiel, F., Villegas, K., Feix, B., & Marcel, L. (2007, September). Passive and active combined attacks: Combining fault attacks and side channel analysis. In Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007) (pp. 92-102). IEEE.
  4. Meyers, V., Gnad, D., & Tahoori, M. (2023). Active and Passive Physical Attacks on Neural Network Accelerators. IEEE Design & Test.
  5. Poonia, V., Goyal, M. K., Gupta, B. B., Gupta, A. K., Jha, S., & Das, J. (2021). Drought occurrence in different river basins of India and blockchain technology based framework for disaster management. Journal of Cleaner Production312, 127737.
  6. Gupta, B. B., & Sheng, Q. Z. (Eds.). (2019). Machine learning for computer and cyber security: principle, algorithms, and practices. CRC Press.
  7. Singh, A., & Gupta, B. B. (2022). Distributed denial-of-service (DDoS) attacks and defense mechanisms in various web-enabled computing platforms: issues, challenges, and future research directions. International Journal on Semantic Web and Information Systems (IJSWIS)18(1), 1-43.
  8. Almomani, A., Alauthman, M., Shatnawi, M. T., Alweshah, M., Alrosan, A., Alomoush, W., & Gupta, B. B. (2022). Phishing website detection with semantic features based on machine learning classifiers: a comparative study. International Journal on Semantic Web and Information Systems (IJSWIS)18(1), 1-24.

Cite As

Brijith A. (2023) An Analysis of Passive and Active Cyberattacks, Insights2Techinfo, pp.1

66140cookie-checkAn Analysis of Passive and Active Cyberattacks
Share this:

Leave a Reply

Your email address will not be published.