Paraphrasing Sun Tzu: In order to win the battle you must know the enemy. Good advice, but in cyber-world, how does one learn about an enemy so nebulous? Forensics only gets you so far. And, testing on live networks is just asking for trouble. Enemy one, good guys nothing.
Good news. I found a group of researchers Sun Tzu would be proud of. Their project DETER (cyber-DEfense Technology Experimental Research) helps decipher cyber-criminal activity on the Internet: