云环境下APT攻击的防御方法综述  被引量：6

作　　者：张浩[1] 王丽娜[2] 谈诚[2] 刘维杰[2] 

机构地区：[1]国家数字化学习工程技术研究中心(华中师范大学),武汉430072 [2]武汉大学计算机学院,武汉430072

出　　处：《计算机科学》2016年第3期1-7,43,共8页Computer Science

基　　金：国家自然科学基金项目(61373169;61103219;61303213);国家发改委重大专项(发办高技[2013]1309);教育部博士点基金优先发展领域基金项目(20110141130006);华中师范大学中央高校基本科研业务费项目(CNU15GF001;CCNU15A05010)资助

摘　　要：云计算以其快速部署、弹性配置等特性吸引了大量的组织和机构使用,然而近期出现的高级可持续性威胁(Advanced Persistent Threat,APT)相比传统的网络攻击具有攻击持续性、高隐蔽性、长期潜伏等特性,为实现云平台的信息资产的安全与隐私保护带来了极大的冲击和挑战。因此,如何有效地防护APT对云平台的攻击成为云安全领域亟待解决的问题。在阐述APT攻击的基本概念、攻击流程与攻击方法的基础之上,分析了APT新特性带来的多重安全挑战,并介绍了国内外在APT防护方面的研究进展。随后针对APT的安全挑战,提出了云平台下APT防护的建议框架,该框架融入了事前和事中防御策略,同时利用大数据挖掘综合分析可能存在的APT攻击以及用于事中的威胁定位与追踪。最后,介绍了安全框架中的关键技术的研究进展,分析了现有技术的优势与不足之处,并探讨了未来的研究方向。A large number of organizations and institutions have been attracted to use the cloud platform for its features,such as rapid deployment,flexible configurations.However,compared to traditional network attack persistent,the emerging attack mode advanced persistent threat（APT for short） is more persistent,high hidden and long-term buried,which makes the protection to protect security and privacy challenging.Therefore,how to protect the cloud platform from APT effectively becomes an urgent problem.The basic concepts,attack procedures and attack methods of APT were introduced,and then we analyzed the multiple security challenges brought by APT new features,and introduced the research progress in APT protection aspects.To address the security challenges,we presented a proposal framework to protect cloud platform from APT,which includes the strategies before attack and during attack,and takes advantage of the data mining of big data to analyze the potential APT attack comprehensively and to position and track the threats.Finally,the research progress of some key technologies in our framework was introduced,the advantages and disadvantages were pointed out respectively,and some future research directions were given at the end.

关 键 词：云计算 高级可持续性威胁 大数据挖掘 威胁定位 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]