期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向APT攻击的分层表示模型 被引量:3

Hierarchical Representation Model for APT Attack
下载PDF
导出
摘要 针对窃密型APT攻击缺乏形式化表示的问题,建立一种窃密型APT攻击分层表示模型APT-HRM。参考HARM模型将APT攻击分为攻击链和攻击树上下2层,并对其进行形式化定义。攻击链由侦察、渗透、开采和撤出4个阶段组成,攻击树由攻击链各阶段所对应的攻击手段组成,APT按照攻击链分阶段依次进行攻击。对DUQU 2.0 APT攻击的分析结果表明,该模型能够有效描述窃密型APT攻击行为。 In viewof the lack of formal representation of the theft type APT attack,a hierarchical APT representation model is built which named APT-HRM. Referring to the HARM model,the APT attacks are divided into two layers:Attack Chain( AC) and Attack Tree( AT). The AC is composed of 4 stages:reconnaissance,infiltration,exploitation and exfiltration. The AT is composed of attack means in each stage of the AC,and the APT attacks are carried out in stages according to the AC. Analysis results of DUQU 2.0 APT attack show that,the model can effectively describe the APT attack behavior.
作者 樊雷 余江明 雷英杰 FAN Lei,YU Jiangming,LEI Yingjie(Air Force Engineering University, Xi'an 710051, Chin)
机构地区 空军工程大学
出处 《计算机工程》 CAS CSCD 北大核心 2018年第8期155-160,共6页 Computer Engineering
基金 国家自然科学基金(61272011 61309022) 陕西省自然科学青年基金(2013JQ8031)
关键词 APT攻击 攻击链 攻击树 分层表示模型 DUQU 2.0攻击分析 APT attack Attack Chain (AC) Attack Tree (AT) hierarchical representation model DUQU 2. 0attack analysis
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献4

二级参考文献31

  • 1Ukkonen E.On-line Construction of Suffix Trees[J].Algorithmica,1995,14(3):249-260.
  • 2Chi L,Hui K.Color Set Size Problem with Applications To String Matching[C]//Proceedings of the 3rd Symposium on Combinatorial Pattern Machine.Berlin,Germany:Springer,1992:230-243.
  • 3Mac Queen J B.Some Methods for Classification and Analysis of Multivariate Observations[C]//Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability.Berlin,Germany:Springer,1967:281-297.
  • 4Fischer J,Heun V.Theoretical and Practical Improvements on the RMQ-problem with Applications to LCA and LCE[C]//Proceedings of the 17th Annual Sympo-sium on Combinatorial Pattern Matching.Berlin,Germany:Springer,2006:36-48.
  • 5Poison Ivy 2.3.2 C&C Server Buffer Overflow[EB/OL].(2012-07-06).http://www.exploit-db.com/exploits/19613/.
  • 6ASK M, BONDARENKO P, REKDAL J E, et al. Advanced persistent threat (APT) beyond the hype[R]. Norway: Gjovik University College, 2012.
  • 7LI F, LAI A, DDL D. Evidence of advanced persistent threat: a case study of malware for political espionage[C]// Proceedings of the 2011 6th International Conference on Malicious and Unwanted Software (MALWARE). Fajardo: IEEE Computer Society, 2011: 102-109.
  • 8CHEN P, DESMET L, HUYGENS C. A study on advanced persistent threats[C]//Communications and Multimedia Security. Berlin, Heidelberg: Springer, 2014: 63-72.
  • 9TANKARD C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011(8): 16-19.
  • 10COLE E. Advanced persistent threat: Understanding the danger and how to protect your organization[M]. Netherlands: Elsevier, 2012.

共引文献42

同被引文献17

引证文献3

二级引证文献6

计算机工程
2018年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部