Difference Between Active And Passive Attacks: An Easy Guide In 2022


The active and passive attacks both fall in the family of security attacks, with a few underlying points that differentiate them. Security attacks are typically computer attacks that jeopardize the security of the system. These security attacks are further classified into active attacks and passive attacks, where the hacker gets unlawful access to the system’s recourses. Want to gain more knowledge about these attacks? Continue reading to know the same.

active and passive attacks active and passive attacks

  1. What is Active attack?
  2. What is Passive attack?
  3. Difference between them
  4. Examples
  5. Types

1) What is Active attack?

Active attacks are attacks in which the hacker attempts to change or transform the content of messages or information. These attacks are a threat to the integrity and availability of the system. Due to these attacks, systems get damaged, and information can be altered. The prevention of these attacks is difficult due to their high range of physical and software vulnerabilities. The damage that is done with these attacks can be very harmful to the system and its resources. 

active and passive attacks active and passive attacks

The good thing about this type of attack is that the victim is notified about the attack. So, instead of prevention, the paramount importance is laid on detecting the attack and restoration of the system from the attack. An active attack typically requires more effort and generally have more difficult implication. Some protective measures that can be taken against this kind of attack are:

  • Making use of one time passwords helps in authenticating the transactions between two parties. 
  • A random session key can be generated, which will be valid for only one transaction. This will help in preventing the attacker from retransmitting the original information after the actual session ends. 

2) What is Passive attack?

Passive attacks are the ones in which the attacker observes all the messages and copy the content of messages or information. They focus on monitoring all the transmission and gaining the data. The attacker does not try to change any data or information he gathered. Although there is no potential harm to the system due to these attacks, they can be a significant danger to your data’s confidentiality. 

active and passive attacks active and passive attacks

Unlike the Active attacks, these are difficult to detect as it does not involve alteration in data or information. Thus, the victim doesn’t get any idea about the attack. Although it can be prevented using some encryption techniques. In this way, at any time of transmission, the message is in indecipherable form, so that hacker could not understand it. So this is the reason why more emphasis is given to prevention than detection. There are some protective measures that you can take to prevent these attacks.

  • Avoid posting sensitive and personal information online as attackers can use it to hack your network.
  • Use the encryption method for your messages and make them unreadable for any unintended intruder.

3) Difference between them

Although both active and passive attacks are a part of security attacks, if you compare active and passive attacks, both of them have a lot of differences between them. The main differences between them are made based on how they are done and how much damage they do to the system and its resources. Difference between active and passive attacks in network security are listed down below:

  • In active attacks, modification of messages is done, but on the other hand, in passive attacks, the information remains unchanged.
  • The active attack causes damage to the integrity and availability of the system, but passive attacks cause damage to data confidentiality. 
  • In active attacks, attention is given to detection, while in the other one, attention is given to prevention. 
  • The resources can be changed in active attacks, but passive attacks have no impact on the resources.
  • The active attack influences the system services, but the information or data is acquired in passive attacks.
  • Inactive attacks, information is gathered through passive attacks to attack the system, while passive attacks are achieved by collecting confidential information such as private chats and passwords. 
  • Active attacks are challenging to be prohibited, but passive attacks are easy to prevent.


4) Examples

Here are some active and passive attacks examples:

Passive attacks

  • The attackers try to scan a device to find vulnerabilities such as weak operating systems or open ports.
  • The hackers analyze and monitor a website’s traffic to see who is visiting it. 

Active attacks

active and passive attacks active and passive attacks

  • The attacker is inserting his data into the original data stream.
  • Man-in-the-middle attack where the attacker sits between both parties communicating and replacing their messages with his message. In other words, both parties believe that they are talking to each other, but in reality, they are talking to the attacker. 

5) Types

There are different types of active and passive attacks.

Types of active attacks:

  • Interruption: These attacks are also known as masquerade attacks, where an unlawful attacker tries to show themselves as another identity. 
  • Modification of messages: A message has been tampered with or delayed, or reordered in some way to produce an unwanted effect. The integrity of the original data is violated when it is altered. Denial-of-service attacks, such as altering or flooding the network with deceptive data packets, can be used by unauthorized parties to gain access to and tamper with data. Authentication is under attack when something is manufactured. For example, a message saying “Allow Robert to read confidential file A” is changed to “Allow Thomas to read confidential file A.”
  • Repudiation occurs when the network is not completely secure, or the login credential has been tampered with. Using this attack, a malicious user can change the author’s information to save false data in log files, up to general data manipulation on behalf of others, similar to e-mail spoofing. 
  • Replay entails passively capturing a message and then transmitting it to produce an authorized effect. Using this attack method, the attacker essentially hopes to copy all of the data on a network and then use it for their purposes in the future. User safety and security are compromised if a data breach occurs. 
  • Denial of Service– It impedes the normal operation of communication networks. This attack may target a specific individual, and for example, all messages destined for a specific location are being filtered out or suppressed. Other ways of denying service include overloading a network with messages or disabling the network altogether.
  • Fabrication: These attacks cause Denial of service attacks in which the attackers try to prevent legal users from preventing access to some services. In other words, the attacker gains access to the activities, and the permitted users are prohibited from using the services.

active and passive attacks active and passive attacks

Types of Passive attacks

  • The release of information: It can be somewhat understood by the example, where a sender sends a confidential message to the receiver, seen by an attacker. 
  • Traffic analysis: In this attack, the sender sends a message in encrypted form to the receiver. The hacker analyses the traffic and observes the pattern to decrypt the message. These types of attacks are called traffic analysis. 


Cybersecurity is a big part of our lives today. It is crucial to protect our devices from these malicious activities of attackers. We hope you have gained much better insights about active and passive network security attacks in this article. 

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.


Related Articles

} }
Request Callback