网络攻击技术分层方法研究  被引量：2

作　　者：易涛 葛维静[1,2] 邓曦 YI Tao;GE Weijing;DENG Xi(China Electronics Technology Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China;No.30 Institute ofCETC,Chengdu Sichuan 610041,China)

机构地区：[1]中国电子科技网络信息安全有限公司,四川成都610041 [2]中国电子科技集团公司第三十研究所,四川成都610041

出　　处：《信息安全与通信保密》2021年第9期74-82,共9页Information Security and Communications Privacy

摘　　要：如何有效地防护来自网络中的攻击行为已成为当前亟需解决的问题。为了有效防护网络攻击,需要对网络攻击的演进过程有一个全面的了解和认知。从近年来网络攻击形成的安全事件入手,站在管理者、学术界、产业界的视角,分析了网络攻击技术的分类与发展路径,总结了现状与特点。结合机器学习、深度学习以及攻击样本特征工程的需要,提出了基于TCP/IP模型的网络攻击分层方法,为不同层次的攻击技术研究与防御提供了分析参考。同时,基于典型的网络攻击工具,分析了不同目标对象受网络攻击的特点。结合网络攻击分层方法和目标对象分类研究,简析了高级可持续攻击(APT)的攻击模式和检测方式。最后,提出加强基于机器学习、深度学习的网络入侵检测技术框架及算法研究等下一步工作展望。How to effectively protect attacks from the network has become an urgent problem to be solved currently. In order to protect against network attacks effectively, it is necessary to make a comprehensive understanding and cognition of the evolution process of network attacks. Starting with the security incidents formed by network attacks for the last few years, this paper analyzes the classification and development path of network attacks technology from the perspective of managers, academia and industry, and summarizes the current situation and characteristics of attacks. Combined with the needs of machine learning, deep learning and attack sample feature engineering, a layered method of network attacks based on TCP/IP is proposed, which provides an analytical reference for the research and defense for different levels of attack technology. Meanwhile, based on typical network attack tools, the characteristics of different target objects under network attacks are analyzed. Combined with the research of network attacks layering method and target object classification, this paper briefly analyzes the attack mode and detection method of Advanced Persistent Threat(APT). Finally, it proposes to strengthen the network intrusion detection technology framework and algorithm research based on machine learning and deep learning and other future work prospects.

关 键 词：网络攻击技术 混合式攻击 特征工程 传输控制/网络协议 

分 类 号：TN915.08[电子电信—通信与信息系统]