检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]保密通信重点实验室,四川成都610041 [2]中国电子科技集团公司第三十研究所,四川成都610041
出 处:《信息安全与通信保密》2012年第7期24-27,共4页Information Security and Communications Privacy
摘 要:APT攻击是一类针对企业和政府重要信息资产的,对信息系统可用性、可靠性构成极大挑战的信息安全威胁。APT变化多端、效果显著且难于防范,因此,渐渐成为网络渗透和系统攻击的演进趋势,近来备受网络安全研究者关注。目前,国内外对APT攻击的研究主要由安全厂商进行,其侧重点在于通过安全事件、威胁的分析导出企业的安全理念,忽视了对APT攻击机理、产生背景等进行整体而细致的剖析。这里从APT的规范定义及特征入手,对攻击发起的背景、步骤等进行了较详尽的描述,给出了检测、响应和预防APT的可行方法。APT, as information security threat, aims at important enterprise and government assets and constitutes a serious challenge to information systems' usability and reliability. APT, being versatile, effective, and difficult to defend, gradually becomes the main evolution trend of network infiltration and system attack, thus receiving much attention from IA researchers. Current study on APT is done principally by security vendors, and these vendors focus on output of their security concept by threat assessment, while neglecting the thorough analysis on the constitution and developing background of APT. Starting from normal definition and feature of APT, the developing background and procedure of APT attack is described in detail, and some feasible measures for detecting, reacting on and preventing APT attack are also Riven.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7
