基于大数据分析的APT攻击检测研究综述  被引量:86

Detecting APT attacks: a survey from the perspective of big data analysis

在线阅读下载全文

作  者:付钰[1] 李洪成[1] 吴晓平[1] 王甲生[1] 

机构地区:[1]海军工程大学信息安全系,湖北武汉430033

出  处:《通信学报》2015年第11期1-14,共14页Journal on Communications

基  金:国家自然科学基金资助项目(61100042);中国博士后基金资助项目(2014M552656);湖北省自然科学基金资助项目(2015CFC867)~~

摘  要:高级持续性威胁(APT,advanced persistent threat)已成为高安全等级网络的最主要威胁之一,其极强的针对性、伪装性和阶段性使传统检测技术无法有效识别,因此新型攻击检测技术成为APT攻击防御领域的研究热点。首先,结合典型APT攻击技术和原理,分析攻击的6个实施阶段,并归纳攻击特点;然后,综述现有APT攻击防御框架研究的现状,并分析网络流量异常检测、恶意代码异常检测、社交网络安全事件挖掘和安全事件关联分析等4项基于网络安全大数据分析的APT攻击检测技术的研究内容与最新进展;最后,提出抗APT攻击的系统综合防御框架和智能反馈式系统安全检测框架,并指出相应技术在应对APT攻击过程中面临的挑战和下一步发展方向。Advanced persistent threats have become the major threats of highly protected networks. Traditional detecting technologies were not able to find out APT attacks which were targeted, pretended and persistent. As a result, novel detecting technologies dave become the hot topic in the field of APT defence. Firstly, concrete descriptions of the six phases of APT attacks were provided combined with typical technologies and theories of APT, the features of APT attacks were conduded. Secondly, the current research situation of frameworks defending APT was illustrated, and the research points and recent developments of four key technologies including anomalous detection of network flow, anomalous detection of malevolent codes, security events mining in social networks and correlation analysis of security events were analyzed. Finally, both the comprehensive defending framework and the detecting framework based on intelligent feedback were established, and the challenges and developing directions of detecting technologies in the process of dealing with APT attacks were pointed out.

关 键 词:网络安全检测 高级持续性威胁 大数据分析 智能反馈 关联分析 

分 类 号:TP309.7[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象