摘要
文章针对APT攻击中的恶意USB存储设备设计了一套安全防护方案。该方案构造USB存储设备的白名单,只允许白名单中的USB存储设备与计算机系统进行交互,从而防止APT攻击中定制的恶意USB存储设备对主机的非授权访问;将USB存储设备与单位各级员工绑定,在特定主机对特定的USB存储设备写保护,有效阻止了APT攻击者利用社会工程学的方法诱导内部人员对系统中数据进行越权访问;通过监控向USB存储设备复制数据的进程行为,防止隐藏的恶意程序暗中窃取系统中的数据。文章方案可以很好地防止系统中的数据遭到窃取和泄露,具有良好的实用性。文章方案进行了相关的功能测试,测试结果表明该方案可行。
This paper designs a protection scheme for malicious USB storage devices in APT. The protection scheme constructs a white list of USB storage devices, and only allows the USB storage devices in white list to interact with the computer system, in order to prevent customized malicious USB storage devices in APT to get unauthorized access to the host. The scheme makes USB storage devices bind with staff at all levels and write-protects the specific USB storage device on the specific host so as to effectively prevent APT attackers utilizing social engineering to induce insiders' exceeding accesses to system data, and prevents hidden malware stealing data from the system through monitoring the process behavior that writes data to USB storage devices. As a result, the protection scheme can guard against data theft and leakage and has good practicality. This paper describes some functional tests about the protection scheme. The test results show that the scheme is feasible.
出处
《信息网络安全》
2016年第2期7-14,共8页
Netinfo Security
基金
国家高技术研究发展计划(国家863计划)[2015AA016004]
国家自然科学基金[61303213
61373169]
信息保障技术重点实验室开放基金[KJ-14-110
KJ-14-101]
