| APT攻击检测与反制技术体系的研究 |
| |
| 引用本文: | 陈瑞东,张小松,牛伟纳,蓝皓月.APT攻击检测与反制技术体系的研究[J].电子科技大学学报(自然科学版),2019,48(6):870-879. |
| |
| 作者姓名: | 陈瑞东 张小松 牛伟纳 蓝皓月 |
| |
| 作者单位: | 电子科技大学网络空间安全研究中心 成都 611731;四川大学网络空间安全学院 成都 610044 |
| |
| 基金项目: | 国家自然科学基金面上项目61572115国家重点研发计划网络空间安全重点专项2016QY04W800 |
| |
| 摘 要: | 高级持续威胁(APT)是近年兴起的新型网络攻击,一直受到网络安全界的重视。该文通过研究近十年150余项典型APT案例,形成针对APT攻击的分析模型,提出了当前APT攻击检测与反制亟需解决的4项问题,即:渗透防护脆弱、检测精度低、攻击范围取证困难、未知新型攻击响应慢。同时,该文对近年来典型性APT攻击事件进行取样分析,以攻击组织使用的工具集为基础,对攻击工具集进行关联挖掘。实验得出,同一组织使用的工具集间存在相似性规律。综上所述,该文研究的APT整体防御方案包括了4类防御方案的最新成果分析及归纳,对于构建统一的攻击检测与溯源反制平台起到支撑作用。
|
| 关 键 词: | APT攻击 攻击检测 攻击技术分类 防御方案 |
| 收稿时间: | 2019-02-26 |
A Research on Architecture of APT Attack Detection and Countering Technology |
| |
| Affiliation: | 1.Center for Cyber Security, University of Electronic Science and Technology of China Chengdu 6117312.College of Cyber Security, Sichuan University Chengdu 610044 |
| |
| Abstract: | Advanced persistent threat (APT) is a new kind of cyber-attack as a growth security events. This paper analysis more than 150 typical APT cases happened during last decade, and constructs the analytical model of APT attack, indicates 4 major problems of APT attack detection and countering:the fragile penetration protection problem, the low detection accuracy, the difficulty of determining the attack forensic, and the slow response to the unknown attack problem. In the meanwhile, this paper analyzes typical APT attacks in recent years, mines the association based on attacking tools. According to the experiments, there are similarity patterns between the tools used by the same organization. In summary, the integral APT defense scheme in this paper includes the latest achievements of four types of defense schemes, plays an academic supporting role in building a unified attack detection and traceability countermeasure platform. |
| |
| Keywords: | |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
