| APT攻击场景重构方法综述 |
| |
| 引用本文: | 潘亚峰,朱俊虎,周天阳.APT攻击场景重构方法综述[J].信息工程大学学报,2021,22(1):55-60. |
| |
| 作者姓名: | 潘亚峰 朱俊虎 周天阳 |
| |
| 作者单位: | 信息工程大学 |
| |
| 摘 要: | APT攻击已经成为网络安全的重要威胁之一,从大量告警日志数据中识别APT攻击并还原攻击场景已成为当前急需研究的问题。首先介绍了攻击场景重构基本概念和技术流程框架。其次,依据采用的关联分析方法,对攻击场景重构方法进行了分类,并分别综述了基于经验知识、基于因果关系、基于语义相似性和基于机器学习4类方法的基本步骤和具体案例。最后,讨论了不同方法的优势和不足,结合最新技术应用指出了未来发展趋势。
|
| 关 键 词: | 攻击场景重构 APT 经验知识 因果关系 语义相似性 机器学习 |
| 收稿时间: | 2020/9/4 0:00:00 |
| 修稿时间: | 2020/10/10 0:00:00 |
Survey on APT Attack Scenario Reconstruction Methods |
| |
| PAN Yafeng,ZHU Junhu,ZHOU Tianyang.Survey on APT Attack Scenario Reconstruction Methods[J].Journal of Information Engineering University,2021,22(1):55-60. |
| |
| Authors: | PAN Yafeng ZHU Junhu ZHOU Tianyang |
| |
| Affiliation: | Information Engineering University |
| |
| Abstract: | Advanced and persistent threats( APTs) have become a major threat to cyber security.Detecting APTs from a large amount of alarms and reconstructing the attack scenario has become an urgent problem to be solved. This paper first introduces the basic concepts and technical process framework of attack scenario reconstruction. Second,the attack scenario reconstruction technology is classified based on the correlation analysis method. Then,the basic steps and specific cases of the four reconstruction methods based on experience knowledge,causality,semantic similarity,or machine learning are reviewed respectively. Finally,the advantages and disadvantages of different methods are discussed,and the development trend is prospected in combination with the latest technology applications. |
| |
| Keywords: | attack scenario reconstruction APT experience and knowledge causal relation semantic similarity machine learning |
|
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载全文 |
