首页 | 本学科首页   官方微博 | 高级检索  
     

一种应对APT攻击的安全架构:异常发现
引用本文:杜跃进, 翟立东, 李 跃, 贾召鹏. 一种应对APT攻击的安全架构:异常发现[J]. 计算机研究与发展, 2014, 51(7): 1633-1645.
作者姓名:杜跃进  翟立东  李跃  贾召鹏
作者单位:1. 中国科学院信息工程研究所 北京 100093;国家计算机网络应急技术处理协调中心 北京 100029
2. 中国科学院信息工程研究所 北京 100093
3. 中国科学院信息工程研究所 北京 100093;北京邮电大学计算机学院 北京 100876
基金项目:国家“八六三”高技术研究发展计划基金项目
摘    要:威胁是一种对特定系统、组织及其资产造成破坏的潜在因素,反映的是攻击实施者依照其任务需求对被攻击对象长期持续地施以各种形式攻击的过程.面对高级可持续威胁(advanced persistent threat, APT),在其造成严重经济损失之前,现有的安全架构无法协助防御者及时发现威胁的存在.在深入剖析威胁的外延和内涵的基础上,详细探讨了威胁防御模型.提出了一种应对APT攻击的安全防御理论架构:异常发现,以立足解决威胁发现的难题.异常发现作为防御策略和防护部署工作的前提,通过实时多维地发现环境中存在的异常、解读未知威胁、分析攻击实施者的目的,为制定具有针对性的应对策略提供必要的信息.设计并提出了基于异常发现的安全体系技术架构:“慧眼”,通过高、低位协同监测的技术,从APT攻击的源头、途径和终端3个层面监测和发现.

关 键 词:高级可持续威胁  异常发现  高位监测  低位监测  慧眼

Security Architecture to Deal with APT Attacks: Abnormal Discovery
Du Yuejin, Zhai Lidong, Li Yue, Jia Zhaopeng. Security Architecture to Deal with APT Attacks: Abnormal Discovery[J]. Journal of Computer Research and Development, 2014, 51(7): 1633-1645.
Authors:Du Yuejin  Zhai Lidong  Li Yue  Jia Zhaopeng
Abstract:Threat is a potential damage to specific systems, organizations and their assets. It exists in the process of various prolonged attacks to the targets by attackers in light of their task requirement. Facing advanced persistent threat (APT), the existing security architecture cannot help the victims to detect the threat in time before serious economic losses are caused. Based on the in-depth analysis of the denotation and connotation of threat, this paper explores defense models to threat in details and proposes a theoretic security and defense framework to deal with the APT: abnormal discovery, so as to solve the problem of threats detection. As the prerequisite of defensing policy and protective deployment, abnormal discovery can provide the necessary information for making an effective and targeted defensing policy through discovering the abnormal in the environment in real time and in multi dimension, unscrambling unknown thread and analyzing the attackers purpose. “Wizeye”, a security architecture based on abnormal discovery is designed and proposed. With high and low monitoring technology coordination, it can monitor and detect the APT from its source, pathway and terminal.
Keywords:advanced persistent threat (APT)  abnormal discovery  high monitoring  low monitoring  Wizeye
本文献已被 CNKI 等数据库收录!
点击此处可从《计算机研究与发展》浏览原始摘要信息
点击此处可从《计算机研究与发展》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号