检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]空军工程大学信息与导航学院,西安710077
出 处:《计算机应用》2017年第9期2551-2556,共6页journal of Computer Applications
基 金:国家自然科学基金资助项目(61402510);陕西省工业科技攻关项目(2016GY-087)~~
摘 要:针对攻击链模型攻击阶段划分过细且无法表示攻击手段的问题,提出了一种高级可持续性威胁(APT)攻击分层表示模型(APT-HARM)。通过总结分析大量公开的APT事件报告和参考APT攻击链模型与分层攻击表示模型(HARM),将APT攻击分为攻击链和攻击树上下两层,并将其形式化定义。首先,将APT攻击分为由侦察、渗透、行动和撤出四个阶段组成的攻击链,并研究了各阶段特点;然后,研究各阶段中采取的攻击手段,并依据其逻辑关系组成攻击树。APT攻击按照攻击链分阶段依次进行,各阶段按照攻击树流程依次执行。案例分析表明,本模型相较攻击链模型具有粒度划分合理、攻击描述完备准确的优点。APT-HARM形式化地定义了APT攻击,为APT攻击的预测和防范提供了一种思路。Aiming at the problem that the attack chain model for the attack phase is too small to indicate the means of attack, an Advanced Persistent Threat (APT) Hierarchical Attack Representation Model (APT-HARM) was proposed. By summarizing the analysis of a large number of published APT event reports and reference APT attack chain model and HARM, the APT attack was divided into into two layers, the upper layer attack chain and the lower layer attack tree, which were formally defined. Firstly, the APT attack was divided into four stages:reconnaissance, infiltration, operation and exfiltration and the characteristics of each stage were studied. Then, the attack methods in each stage were studied, and the attack tree was composed according to its logical relationship. APT attacks were carried out in stages according to the attack chain, and the attack of each stage was performed in accordance with the attack tree. The case study shows that the model has the advantages of reasonable granularity classification and better attack description compared to the attack chain model. APT-HARM formally defines the APT attack, which provides an idea for the prediction and prevention of APT attacks.
关 键 词:高级可持续性威胁 攻击链 攻击树 分层攻击表示模型
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.147
