检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:赵云龙 杨继 于运涛 王绍杰 Zhao Yunlong;Yang Ji;Yu Yuntao;Wang Shaojie(The 6th Research Institute of China Electronics Corporation,Beijing 100083,China)
机构地区:[1]中国电子信息产业集团有限公司第六研究所,北京100083
出 处:《网络安全与数据治理》2024年第8期15-21,27,共8页CYBER SECURITY AND DATA GOVERNANCE
摘 要:网络空间对抗形态正变得更加复杂,其中掺杂了人工智能、躲避逃逸、情报收集、社会工程、地缘政治等多种因素。目前威胁情报IOC特征主要被用来识别受控主机以及C&C终端连接行为;另外通过关联拓展IOC进行黑客组织溯源。以全流量存储、回溯和全球APT威胁情报监测为数据基础,提出基于IOC拓展指标和TTP规则、模型关联的APT攻击识别和背景溯源方案,可以将传统的基于时间点的检测模式延伸到基于历史时间窗的检测模式,能够更加充分地应对APT的持续性和长期性,同时也成为APT组织背景溯源的有效途径之一。The form of confrontation in cyberspace is becoming more complex,with artificial intelligence,evasion,intelligence gathering,social engineering,geopolitics and more.At present,IOC characteristics of threat intelligence are mainly used to identify controlled host and C&C terminal connection behavior.In addition,we can trace the hacker organization through the association extension IOC.Based on the data of full traffic storage,backtracking and global APT threat intelligence monitoring,an APT attack identification and background traceability scheme based on IOC extended index,TTP rules and model association is proposed,which can extend the traditional detection mode based on time point to the detection mode based on historical time window,and can more fully cope with the persistence and long-term nature of APT.At the same time,it also becomes one of the effective ways to trace the background of APT organization.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.135.209.242