The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Malicious users of computer networks commonly use network reconnaissance as the first stage of advanced attacks. Attackers use reconnaissance tools from multiple layers of the Open Systems Interconnect (OSI) network model to gather information on target networks and systems. The gathered information can be analyzed together with known vulnerabilities to gain access to secure networks and computers. The success rate of subsequent attacks largely depends on the accuracy and stability of the reconnaissance results.
Security products such as firewalls and intrusion prevention systems are deployed logically in front of target systems, such as application server computers, to actively prevent malicious attacks. The security policies on these products are designed and updated by IT administrators. While providing designed protection to the target systems, these security policies generate deterministic actions on a given set of incoming network traffic. Attackers may exploit the deterministic nature of the policy actions to figure out what are already prevented and what are still vulnerable. The attackers can then use this information to develop evasion techniques and eventually penetrate the security products.