一种应对APT攻击的安全架构:异常发现  被引量:20

Security Architecture to Deal with APT Attacks:Abnormal Discovery

在线阅读下载全文

作  者:杜跃进[1,2] 翟立东[1] 李跃[1] 贾召鹏[1,3] 

机构地区:[1]中国科学院信息工程研究所,北京100093 [2]国家计算机网络应急技术处理协调中心,北京100029 [3]北京邮电大学计算机学院,北京100876

出  处:《计算机研究与发展》2014年第7期1633-1645,共13页Journal of Computer Research and Development

基  金:国家"八六三"高技术研究发展计划基金项目(2011AA01A103)

摘  要:威胁是一种对特定系统、组织及其资产造成破坏的潜在因素,反映的是攻击实施者依照其任务需求对被攻击对象长期持续地施以各种形式攻击的过程.面对高级可持续威胁(advanced persistent threat,APT),在其造成严重经济损失之前,现有的安全架构无法协助防御者及时发现威胁的存在.在深入剖析威胁的外延和内涵的基础上,详细探讨了威胁防御模型.提出了一种应对APT攻击的安全防御理论架构:异常发现,以立足解决威胁发现的难题.异常发现作为防御策略和防护部署工作的前提,通过实时多维地发现环境中存在的异常、解读未知威胁、分析攻击实施者的目的,为制定具有针对性的应对策略提供必要的信息.设计并提出了基于异常发现的安全体系技术架构:"慧眼",通过高、低位协同监测的技术,从APT攻击的源头、途径和终端3个层面监测和发现.Threat is a potential damage to specific systems, organizations and their assets. It exists in the process of various prolonged attacks to the targets by attackers in light of their task requirement. Facing advanced persistent threat (APT), the existing security architecture cannot help the victims to detect the threat in time before serious economic losses are caused. Based on the in-depth analysis of the denotation and connotation of threat, this paper explores defense models to threat in details and proposes a theoretic security and defense framework to deal with the APT: abnormal discovery, so as to solve the problem of threats detection. As the prerequisite of defensing policy and protective deployment, abnormal discovery can provide the necessary information for making an effective and targeted defensing policy through discovering the abnormal in the environment in real time and in multi dimension, unscrambling unknown thread and analyzing the attackers' purpose. "Wizeye", a security architecture based on abnormal discovery is designed and proposed. With high and low monitoring technology coordination, it can monitor and detect the APT from its source, pathway and terminal.

关 键 词:高级可持续威胁 异常发现 高位监测 低位监测 慧眼 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术] TN915.08[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象