基于APT活动全生命周期的攻击与检测综述  

Survey of attack and detection based on the full life cycle of APT

在线阅读下载全文

作  者:王郅伟 何睎杰 易鑫 李孜旸 曹旭栋 尹涛 李书豪 付安民[3] 张玉清 WANG Zhiwei;HE Xijie;YI Xin;LI Ziyang;CAO Xudong;YIN Tao;LI Shuhao;FU Anmin;ZHANG Yuqing(National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408,China;Zhongguancun Laboratory,Beijing 100194,China;School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China;School of Cyberspace Security(School of Cryptography),Hainan University,Haikou 570228,China)

机构地区:[1]中国科学院大学国家计算机网络入侵防范中心,北京101408 [2]中关村实验室,北京100194 [3]南京理工大学计算机科学与工程学院,江苏南京210094 [4]海南大学网络空间安全学院,海南海口570228

出  处:《通信学报》2024年第9期206-228,共23页Journal on Communications

基  金:国家重点研发计划基金资助项目(No.2023YFB3106400,No.2023QY1202);国家自然科学基金资助项目(No.U2336203,No.U1836210);海南省重点研发计划基金资助项目(No.GHYF2022010);北京市自然科学基金资助项目(No.4242031)。

摘  要:从攻击方法和检测方法两方面展开,首先综述高级持续威胁(APT)攻击的定义与特点,总结相关攻击模型的研究发展,在此基础上给出更一般性的APT全生命周期模型,并划分4个阶段,信息收集阶段、入侵实施阶段、内网攻击阶段和数据渗出阶段,对每一个阶段,重点调研近5年的研究论文,归纳总结各阶段的攻击与检测技术,并给出分析。最后,结合APT攻防技术相互博弈、快速发展的趋势,指出了当前攻防双方面临的挑战和未来研究的发展方向。The advanced persistent threat(APT)attack was explored from two perspectives:attack methods and detection methods.First,the definitions and characteristics of APT attacks were reviewed and the development of related attack models was summarized.Based on this,a more general APT full lifecycle model was proposed,which was divided into four stages:information gathering,intrusion execution,internal network penetration,and data exfiltration.For each stage,recent research papers from the past five years were thoroughly reviewed,and the attack and detection techniques for each stage were analyzed.Finally,in light of the dynamic landscape of APT attack and defense technologies,the paper underscores the formidable challenges confronting both offense and defense and offers guidance for future research in this domain.

关 键 词:高级持续威胁 网络杀伤链模型 全生命周期 零日攻击 检测 

分 类 号:TP399[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象