基于主机的高级持续威胁检测技术综述  被引量:1

A Survey of Host-Based Advanced Persistent Threat Detection Technology

在线阅读下载全文

作  者:徐志强 文雨[2] 

机构地区:[1]中国科学院大学网络空间安全学院,北京 [2]中国科学院信息工程研究所,北京

出  处:《计算机科学与应用》2022年第1期233-251,共19页Computer Science and Application

摘  要:近年高级持续威胁(Advanced Persistent Threat, APT)已成为威胁国家安全、组织机构利益和个人隐私的严重网络空间安全危害。APT具有攻击过程复杂、隐蔽性高和破坏性强的特点,极难被检测和防御。而主机系统通常是APT活动的主要攻击目标。因此关注基于主机的APT检测技术的研究进展和未来趋势具有重要意义。本文首先总结了APT的生命周期和各攻击阶段特点及主机安全问题。接着介绍了主机实体类型及其行为数据类型。然后系统化总结了基于主机实体行为的APT检测技术。又归纳了威胁检测评价数据集和评价指标。最后总结了当前技术挑战并展望了未来研究方向。Recently, Advanced Persistent Threat (Advanced Persistent Threat, APT) has become a serious problem in cyber security that threatens national security, organizational interests and personal privacy. APTs are difficult to be defended against and detected because of their complex attack process, high concealment, and strong destruction. Host systems are often the primary target of APT activities. Therefore, it is of great significance to focus on the research progress and future trend of host-based APT detection. This paper first summarizes the life cycle of APT and characteristics of each attack stage and host security issues. It then introduces the types of host entities and the types of their behavior data. Then host entity behavior based APT detection techniques are systematically summarized. The evaluation methods of threat detection techniques are introduced, including data sets and evaluation metrics. Finally, the technical challenges and future research are concluded.

关 键 词:高级持续威胁 主机实体 威胁检测 信息安全 

分 类 号:TP391.41[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象