铁路信号系统高级持续威胁攻击分析及应对措施研究  

Research on Advanced Persistent Threat Attacks Analysis and Countermeasures for Railway Signaling System

在线阅读下载全文

作  者:宋毅 张海峰 苗义烽 SONG Yi;ZHANG Haifeng;MIAO Yifeng

机构地区:[1]北京华铁信息技术有限公司,北京100081 [2]中国铁道科学研究院集团有限公司通信信号研究所,北京100081

出  处:《铁道通信信号》2024年第6期42-49,共8页Railway Signalling & Communication

基  金:中国国家铁路集团有限公司科技研究开发计划(N2021G054)。

摘  要:针对国内外日益猖獗的高级持续威胁攻击,首先从基本概念、攻击机理、生命周期等方面进行全方位剖析,深入研究社会工程学、木马后门、隐遁逃逸等高级持续威胁攻击常用到的关键技术。其次通过分析铁路信号系统的网络架构和业务特点,找出其可能遭受高级持续威胁攻击的途径及防御薄弱点。最后结合网络安全建设成熟度滑动标尺模型的5个阶段,从技术和管理两方面提出一系列应对措施,技术方面包括基于行为的网络流量分析技术、大数据关联分析技术、欺骗防御技术等,管理方面包括漏洞管理、供应链管理、安全意识培训等,旨在为铁路信号系统应对高级持续威胁攻击进行防御规划,并为未来的网络安全建设提供参考。In view of the increasing advanced persistent threat attacks at home and abroad,a comprehensive analysis is firstly conducted from the perspectives of the basic concepts,attack mechanisms and life cycle.And in-depth research has been conducted on key technologies commonly used in advanced persistent threat attacks,such as social engineering,Trojans,and stealth escape techniques.Secondly,the network architecture and business characteristics of railway signaling systems are analyzed,and the possible ways of railway signaling systems being attacked by advanced persistent threats and the weak points of defense are also pointed out.Finally,combining with the five stages of the maturity sliding ruler model of network security construction,a series of countermeasures have been proposed from both technical and managerial aspects.From the technical aspect,countermeasures include behavior-based network traffic analysis technology,big data correlation analysis technology,and deception defense technology.From the managerial aspect,countermeasures include vulnerability management,supply chain management,and security awareness training.The aim is to plan for the defense of railway signaling systems against advanced persistent threat attacks and provide a reference for network security construction in the future.

关 键 词:铁路信号系统 高级持续威胁 鱼叉式网络钓鱼 社会工程学 供应链攻击 未知攻击 

分 类 号:TP393.0[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象