摘要
从攻击方法和检测方法两方面展开,首先综述高级持续威胁(APT)攻击的定义与特点,总结相关攻击模型的研究发展,在此基础上给出更一般性的APT全生命周期模型,并划分4个阶段,信息收集阶段、入侵实施阶段、内网攻击阶段和数据渗出阶段,对每一个阶段,重点调研近5年的研究论文,归纳总结各阶段的攻击与检测技术,并给出分析。最后,结合APT攻防技术相互博弈、快速发展的趋势,指出了当前攻防双方面临的挑战和未来研究的发展方向。
The advanced persistent threat(APT)attack was explored from two perspectives:attack methods and detection methods.First,the definitions and characteristics of APT attacks were reviewed and the development of related attack models was summarized.Based on this,a more general APT full lifecycle model was proposed,which was divided into four stages:information gathering,intrusion execution,internal network penetration,and data exfiltration.For each stage,recent research papers from the past five years were thoroughly reviewed,and the attack and detection techniques for each stage were analyzed.Finally,in light of the dynamic landscape of APT attack and defense technologies,the paper underscores the formidable challenges confronting both offense and defense and offers guidance for future research in this domain.
作者
王郅伟
何睎杰
易鑫
李孜旸
曹旭栋
尹涛
李书豪
付安民
张玉清
WANG Zhiwei;HE Xijie;YI Xin;LI Ziyang;CAO Xudong;YIN Tao;LI Shuhao;FU Anmin;ZHANG Yuqing(National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408,China;Zhongguancun Laboratory,Beijing 100194,China;School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China;School of Cyberspace Security(School of Cryptography),Hainan University,Haikou 570228,China)
出处
《通信学报》
EI
CSCD
北大核心
2024年第9期206-228,共23页
Journal on Communications
基金
国家重点研发计划基金资助项目(No.2023YFB3106400,No.2023QY1202)
国家自然科学基金资助项目(No.U2336203,No.U1836210)
海南省重点研发计划基金资助项目(No.GHYF2022010)
北京市自然科学基金资助项目(No.4242031)。