漏洞利用类网络武器关键因素研究  

作　　者：陈孟镭 乔榕 葛悦涛 Chen Menglei;Qiao Rong;Ge Yuetao(China Industrial Control Systems Cyber Emergency Response Team,Beijing,100040;China Academy of Information and Communications Technology,Beijing,100191)

机构地区：[1]国家工业信息安全发展研究中心,北京100040 [2]中国信息通信研究院,北京100191

出　　处：《工业信息安全》2024年第5期19-25,共7页Industry Information Security

摘　　要：全球超140个国家已开展网络武器开发,漏洞利用类网络武器频见报道。本文概述了近年漏洞利用类网络武器基本情况,详细分析了漏洞利用类网络武器的资金预算、漏洞裁决、开发进度、成本效益比、漏洞衰减、保管保养等关键因素。基于以上分析,本文认为资金预算因素是科学规划的重要保障,漏洞裁决因素是武器定制依据和基础,开发进度因素和漏洞衰减因素是武器最佳使用时间和效果的保证,成本效益比因素是武器开发(即成本因素)使用(即效益因素)的重点考虑目标,保管保养因素是武器良好技术状态和严格保密状态的根本基石。本次研究继而从漏洞资源储备、各因素综合、复杂适应系统理论应用、与传统动能物理武器区别、漏洞发现修补等方面分析了几点认识,最后给出简短总结。Over 140 countries worldwide have embarked on the development of cyber weapons,with exploit-based cyber weapons frequently making headlines.This article outlines the basic situation of exploit-based cyber weapons in recent years and provides a detailed analysis of key factors such as funding budgets,vulnerability arbitration,development progress,cost-effectiveness ratios,vulnerability decay,and maintenance.Based on this analysis,the article posits that funding budgets are an essential guarantee for scientific planning,vulnerability arbitration is the basis for weapon customization,development progress and vulnerability decay are guarantees for the optimal use time and effectiveness of the weapons,cost-effectiveness ratios are the focal considerations for weapon development(i.e.,cost factors)and usage(i.e.,benefit factors),and maintenance is the fundamental cornerstone for maintaining the weapons in good technical and strict confidentiality conditions.The study then analyzes several insights from the perspectives of vulnerability resource reserves,comprehensive consideration of various factors,application of complex adaptive systems theory,differences from traditional kinetic physical weapons,and vulnerability discovery and patching.Finally,the article offers a brief summary.

关 键 词：漏洞利用 网络武器 关键因素 复杂适应系统 

分 类 号：E86[军事—战术学] E91[自动化与计算机技术—计算机应用技术] TP393.08[自动化与计算机技术—计算机科学与技术]