| 传统网络安全防御面临的新威胁:APT攻击 |
| |
| 作者姓名: | 林龙成 陈波 郭向民 |
| |
| 作者单位: | 1. 江苏省信息安全保密技术工程研究中心 江苏南京210023
2. 南京师范大学计算机科学与技术学院 江苏南京210023 |
| |
| 基金项目: | 江苏省自然科学基金重大项目,江苏省自然科学基金项目 |
| |
| 摘 要: | 高级持续威胁(APT)攻击不断被发现,传统网络安全防御体系很难防范此类攻击,由此给国家、社会、企业、组织及个人造成了重大损失和影响。对近几年典型APT攻击事件和攻击代码进行了研究,分析了攻击的产生背景、技术特点和一般流程。彻底防御APT攻击被认为是不可能的,重视组织面临的攻击风险评估,建立新的安全防御体系,重点保护关键数据成为共识。为此,提出了建立一种新的安全防御体系,即安全设备的联动、安全信息的共享、安全技术的协作,并给出了基于社会属性、应用属性、网络属性、终端属性及文件属性的多源态势感知模型,以及安全信息共享和安全协作的途径。
|
| 关 键 词: | 高级持续威胁 社交网络 态势感知 信息安全 |
The New Threat to Traditional Network Security Defense: APT Attack |
| |
| Authors: | Lin Long-cheng Chen Bo Guo Xiang-min |
| |
| Affiliation: | Lin Long-cheng Chen Bo Guo Xiang-min (1.Jiangsu Research Center of Information Security & Privacy Technology JiangsuNanjing 210023; 2.School of Computer Science and Technology Nanjing Normal University JiangsuNanjing 210023) |
| |
| Abstract: | Advanced Persistent Threat (APT) attacks are continually to be discovered, unfortunately traditional network security defense system can hardly prevent these attacks. So the APT attacks have caused significant damage and impact to the country, society, enterprises, organizations and individuals. Studying the typical APT attacks in recent years and analyzing the background, technical features and attack process confirmed that it is considered impossible to defense APT thoroughly. It has become a consensus to pay attention to the risk assessment, establish a new security defense system and focus on the protecting the critical information assets. So a situational awareness model based on multi-source data is proposed considering social property, application property, network property, terminal property and file property. Meanwhile, cases of secure information sharing and security collaboration are introduced. |
| |
| Keywords: | advanced persistent threat social network situational awareness information security |
| 本文献已被 维普 万方数据 等数据库收录! |
|
