云环境下APT攻击的防御方法综述

云计算以其快速部署、弹性配置等特性吸引了大量的组织和机构使用,然而近期出现的高级可持续性威胁(Advanced Persistent Threat,APT)相比传统的网络攻击具有攻击持续性、高隐蔽性、长期潜伏等特性,为实现云平台的信息资产的安全与隐私保护带来了极大的冲击和挑战。因此,如何有效地防护APT对云平台的攻击成为云安全领域亟待解决的问题。在阐述APT攻击的基本概念、攻击流程与攻击方法的基础之上,分析了APT新特性带来的多重安全挑战,并介绍了国内外在APT防护方面的研究进展。随后针对APT的安全挑战,提出了云平台下APT防护的建议框架,该框架融入了事前和事中防御策略,同时利用大数据挖掘综合分析可能存在的APT攻击以及用于事中的威胁定位与追踪。最后,介绍了安全框架中的关键技术的研究进展,分析了现有技术的优势与不足之处,并探讨了未来的研究方向。

Review of Defense Methods Against Advanced Persistent Threat in Cloud Environment

A large number of organizations and institutions have been attracted to use the cloud platform for its features,such as rapid deployment,flexible configurations.However,compared to traditional network attack persistent,the emerging attack mode advanced persistent threat(APT for short) is more persistent,high hidden and long-term buried,which makes the protection to protect security and privacy challenging.Therefore,how to protect the cloud platform from APT effectively becomes an urgent problem.The basic concepts,attack procedures and attack methods of APT were introduced ,and then we analyzed the multiple security challenges brought by APT new features,and introduced the research progress in APT protection aspects.To address the security challenges,we presented a proposal framework to protect cloud platform from APT,which includes the strategies before attack and during attack,and takes advantage of the data mining of big data to analyze the potential APT attack comprehensively and to position and track the threats.Finally,the research progress of some key technologies in our framework was introduced,the advantages and disadvantages were pointed out respectively,and some future research directions were given at the end.