Difference between Active Attack and Passive Attack

Active and Passive Attacks are security attacks that jeopardize the security of a system. Security attacks are basically the unauthorized actions that that are taken to destroy, change, or steal the sensitive information and data from the system. In an Active attack, an attacker tries to modify the content of the messages. On the other hand, in a Passive attack, an attacker observes the messages, copy them and may use them for malicious purposes.

Read this article to find out more about Active and Passive attacks and how they are different from each other. Let's start with some basics of these two types of security attacks.

What is an Active Attack?

An active attack is a type of security attack in which the attacker intercepts the network connection and tries to alter the content of the message. Hence, active attacks are very dangerous for the integrity and availability of the message. Active attacks may change the system resources.

The common actions involved in an active attack are masquerade, denial of service, change of the message’s content, repudiation, replay, etc. Therefore, they are harmful for both system and its resources. Note that, in case of active attacks, the victim is notified about the attack. There are some techniques that we can practice to prevent the active attacks such as use one−time password (OTP), generation of random session key, etc.

What is a Passive Attack?

Passive attack is another type of security attack in which an attacker accesses the message’s content, copy and save it for malicious purposes. In passive attacks, the information of the original message does not get changed by the attacker. Note that passive attacks do not influence the system, but they can be harmful for the confidentiality of the message.

Another important point about a passive attack is that the victim is not notified about the attack. Since there is no change in the message in a passive attack, it quite difficult to detect these attacks. We may prevent the passive attack by using encryption techniques.

Difference between Active Attack and Passive Attack

The following table highlights all the important differences between an Active Attack and a Passive Attack −

Key Active Attack Passive Attack
Modification In Active Attack, information is modified. In Passive Attack, information remain unchanged.
Dangerous For Active Attack is dangerous for Integrity as well as Availability. Passive Attack is dangerous for Confidentiality.
Attention Attention is to be paid on detection. Attention is to be paid on prevention.
Impact on System An Active Attack can damage the system. A Passive Attack does not have any impact on the regular functioning of a system.
Victim The victim gets informed in an active attack. The victim does not get informed in a passive attack.
System Resources System Resources can be changed in active attack. System Resources are not changed in passive attack.


The most significant difference between an active attack and a passive attack is that in an active attack, the message’s information is changed and the victim gets notified about the attack; whereas in a passive attack, the message’s information is not changed, also the victim does not get notified.

Updated on: 20-Dec-2022

14K+ Views

Kickstart Your Career

Get certified by completing the course

Get Started