摘要
为改变传统的事后防御的不利局面,企业信息安全防护体系建设思路已从被动防御逐步发展为主动防御,通过先验知识检测未知威胁,能够对未来的攻击趋势进行预测。针对更加定向、持久化和多样化的攻击模式以及更高的预测难度,文章基于情景感知理念建设了信息安全主动防御体系,结合内部和外部情报,通过攻击特征、异常业务行为匹配来感知和预测未知威胁,能够更精准地发现高级持续威胁,从而保证预警的前瞻性和准确性。
To change the adverse situation of the traditional passive defense, the construction of enterprise information security protect system has been gradually developed from passive defense to active defense, which can use future knowledge to detect unknown threats and predict future attacks. For a more targeted, persistence and a variety of attack patterns and greater difficulty to forecast, this paper introduces an approach using context-aware technology to construct active defense system of information security. Considering the internal and external intelligence, matching the attack characteristics and abnormal business behavior to percept and predict unknown threats, more precisely find advanced persistent threat, this approach can ensure the prospective and accurate ability of early warning.
出处
《电力信息与通信技术》
2016年第1期28-32,共5页
Electric Power Information and Communication Technology
关键词
信息安全
情景感知
威胁情报
主动防御
安全事件管理
information security
context-aware
threat intelligence
active defense
security event management
