Detecting Data Attacks & File Integrity | AP Cybersecurity

AP Cybersecurity Topics › Detecting Data Attacks
Unit 5 • Topic 5.6 • Detecting Attacks on Data

Detecting Attacks on Data: File Integrity & Hash Verification

Topic 5.6 covers detecting attacks on data and applications. A key technique is verifying a file's hash to tell whether the file has been altered, since any change to the file changes its hash.

Contents

  1. File integrity with hashes
  2. Detection controls and trade-offs
  3. Real-world example
  4. Key terms
  5. Match it up
  6. Check for Understanding
  7. FAQ
Hashfingerprint of a file
Changed filechanged hash
Evaluatespeed, cost, accuracy
Known-good hashHash the fileCompareMatch or altered
A hash mismatch reveals that a file has been changed.

File integrity with hashes

A hash is a fixed-length fingerprint of a file. If even one byte of the file changes, the hash changes completely. To check integrity, you compare a file's current hash against a known-good hash: a match means unaltered, a mismatch means the file was changed.

This is the same hashing idea from Unit 4 (storing passwords), applied here to detect tampering. It protects integrity, one of the CIA goals.

Scenario

A downloaded file's hash does not match the hash published by the source. What does this tell you?

Reveal answer

The file has been altered. Because any change to a file changes its hash, a mismatch means the file is not identical to the original, possibly tampered with or corrupted.

Exam tip

Hash match = unaltered; hash mismatch = changed. Verifying a file's hash is the framework's named method for detecting alteration (EK 5.6.D).

Detection controls and trade-offs

Beyond file integrity, organizations use logs, monitoring, and alerts to detect attacks on data and applications. As with other detection, methods are evaluated on speed, cost, and accuracy (false positives and false negatives).

The goal is to notice unauthorized access, alteration, or exfiltration of data quickly enough to respond before serious damage.

Scenario

Why publish a known-good hash alongside a software download?

Reveal answer

So users can verify integrity. They hash the downloaded file and compare; a match confirms it was not altered in transit or replaced with a malicious version.

Real-world example

Verifying downloads with hashes

Reputable software publishers post a known-good hash next to a download. Users hash the file they received and compare; a match confirms the file was not altered or swapped for a malicious version.

Any change to a file changes its hash.

Key Terms

Hash A fixed-length fingerprint of a file.
File integrity Confirming a file has not been altered.
Known-good hash A trusted reference hash to compare against.
Integrity The CIA goal that file checking protects.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.
Term
Definition
All matched. Nice work.

Common Mistakes

!

Thinking a hash hides the file

A hash verifies integrity; it does not encrypt or conceal the file's contents.

!

Assuming a small change keeps a similar hash

Any change, even one byte, produces a completely different hash.

!

Treating detection as prevention

Detecting alteration reveals tampering; it does not stop it from happening.

!

Ignoring trade-offs

Detection methods vary in speed, cost, and accuracy.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.
Question 1
How can you tell if a file has been altered?
B. Comparing the file's hash to a known-good hash reveals alteration: a mismatch means the file changed.
Question 2 Predict first
If one byte of a file changes, its hash:
B. Any change to a file produces a completely different hash, which is what makes hashes useful for integrity.
Question 3
Verifying a file's hash protects which CIA goal?
A. Detecting whether a file was altered protects integrity, the accuracy and trustworthiness of data.
Question 4 Predict first
A downloaded file's hash does not match the source's published hash. This means:
D. A hash mismatch indicates the file is not identical to the original, so it was altered or corrupted.
Question 5
Detection methods for data attacks are evaluated by:
C. As with other detection, methods are weighed by speed, cost, and accuracy.
Question 6
Why publish a known-good hash with a download?
A. Users compare the published hash to their downloaded file's hash to confirm integrity.

Frequently Asked Questions

By verifying the file's hash against a known-good value. Because any change to a file changes its hash, a mismatch indicates the file was altered.
That the file is not identical to the original. It was altered or corrupted, which is why downloads often publish a known-good hash to check against.
Integrity. Verifying a file's hash confirms the data is accurate and has not been changed without authorization.
← PreviousInput Sanitization
Keep studying
All TopicsUnit 5 Study GuidePractice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]