摘要
高级持续性威胁(APT)是近年来一种非常严峻的攻击威胁,具有时间持续性、手段综合性、目标特定性等特征,它对传统网络安全技术提出了很大的挑战。由于APT是一种新型的组合式攻击,目前,针对APT攻击的理论建模研究较少,还没有形成一套完整的APT攻击防护体系。而传统的攻击图建模难以适应APT的零日漏洞、社会工程等特点。因此,文章研究了适应APT的攻击图建模和安全防护技术,主要包括APT攻击图构建方法以及基于攻击图的APT安全防护技术体系,涵盖APT的入侵检测、安全评估和安全加固。
Advanced Persistent Threat(APT) has been a severe attack threat in recent years, possessing the characteristics of persistent in time, advanced in attack technique, and target specificity. APT has posed a great challenge for traditional network security technology. Be- cause APT is a kind of novel combined attack, there is less study on the theoretical modeling of APT attacks, and a thorough defense system against APT hasn' t mentioned by now. Moreover, traditional attack graph modeling method has difficulty in adapting to the zero-day vulnerability and social engineering features in APT. Therefore, the adaptive attack graph modeling and se- curity defense technique of APT are discussed majorly in this paper, including: APT attack graph construction method, APT security defense and protection system based on attack graph, including the intrusion detection, security assessment and security reinforcement of APT attack.
出处
《电子对抗》
2014年第2期34-38,47,共6页
Electronic Warfare
关键词
APT攻击
攻击图
入侵检测
安全评估
安全加固
APT attack
attack graph
intrusion detection
security assessment
security reinforcement