APT攻击检测与反制技术体系的研究

A Research on Architecture of APT Attack Detection and Countering Technology

  • 摘要: 高级持续威胁(APT)是近年兴起的新型网络攻击,一直受到网络安全界的重视。该文通过研究近十年150余项典型APT案例,形成针对APT攻击的分析模型,提出了当前APT攻击检测与反制亟需解决的4项问题,即:渗透防护脆弱、检测精度低、攻击范围取证困难、未知新型攻击响应慢。同时,该文对近年来典型性APT攻击事件进行取样分析,以攻击组织使用的工具集为基础,对攻击工具集进行关联挖掘。实验得出,同一组织使用的工具集间存在相似性规律。综上所述,该文研究的APT整体防御方案包括了4类防御方案的最新成果分析及归纳,对于构建统一的攻击检测与溯源反制平台起到支撑作用。

     

    Abstract: Advanced persistent threat (APT) is a new kind of cyber-attack as a growth security events. This paper analysis more than 150 typical APT cases happened during last decade, and constructs the analytical model of APT attack, indicates 4 major problems of APT attack detection and countering:the fragile penetration protection problem, the low detection accuracy, the difficulty of determining the attack forensic, and the slow response to the unknown attack problem. In the meanwhile, this paper analyzes typical APT attacks in recent years, mines the association based on attacking tools. According to the experiments, there are similarity patterns between the tools used by the same organization. In summary, the integral APT defense scheme in this paper includes the latest achievements of four types of defense schemes, plays an academic supporting role in building a unified attack detection and traceability countermeasure platform.

     

/

返回文章
返回