面向APT攻击的溯源和推理研究综述
CSTR:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

TP393

基金项目:

国家自然科学基金(62172308, 61972297, 62172144, U1636107, 62062019)


Survey on Attribution and Inference Research for APT Attacks
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    高级可持续性威胁(advanced persistent threat, APT)是一种新型网络攻击, 具有极强的组织性、隐蔽性、持续性、对抗性和破坏性, 给全球网络安全带来严重危害. 传统APT攻击防御倾向于构建模型检测攻击的恶意性或识别家族类别, 以被动防御为主, 缺乏全面及深入地梳理APT攻击溯源和推理领域的工作. 基于此, 围绕APT攻击的溯源和推理的智能化方法开展综述性研究. 首先, 提出APT攻击防御链, 有效地将APT攻击检测、溯源和推理进行区分和关联; 其次, 详细比较APT攻击检测4个任务的相关工作; 然后, 系统总结面向区域、组织、攻击者、地址和攻击模型的APT攻击溯源工作; 再次, 将APT攻击推理划分为攻击意图推理、攻击路径感知、攻击场景还原、攻击阻断和反制这4个方面, 对相关研究进行详细总结和对比; 最后, 讨论APT攻击防御领域的热点主题、发展趋势和挑战.

    Abstract:

    Advanced persistent threat (APT) is a novel form of cyberattack that is well-organized, stealthy, persistent, adversarial, and destructive, resulting in catastrophic consequences for global network security. Traditional APT attack defenses tend to construct models to detect whether the attacks are malicious or identify the malicious family categories, primarily employing a passive defense strategy and lacking comprehensive and in-depth exploration of the field of APT attack attribution and inference. In light of this, this study focuses on the intelligent methods of APT attack attribution and inference to conduct a survey study. Firstly, an overall defense chain framework for APT attacks is proposed, which can effectively distinguish and correlate APT attack detection, attribution, and inference. Secondly, the work related to the four tasks of APT attack detection is reviewed in detail. Thirdly, APT attack attribution research is systematically summarized for regions, organizations, attackers, addresses, and attack models. Then, APT attack inference is divided into four aspects: attack intent inference, attack path perception, attack scenario reconstruction, and attack blocking and countermeasures, and relevant works are summarized and compared in detail. Finally, the hot topics, development trends, and challenges in the field of APT attack defense are discussed.

    参考文献
    相似文献
    引证文献
引用本文

杨秀璋,彭国军,刘思德,田杨,李晨光,傅建明.面向APT攻击的溯源和推理研究综述.软件学报,,():1-50

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2023-02-12
  • 最后修改日期:2023-05-10
  • 录用日期:
  • 在线发布日期: 2024-10-23
  • 出版日期:
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号