摘要
网络攻击对网络和信息系统的危害非常大,有必要对网络攻击的过程进行研究和分析,网络攻击链模型是描述攻击的一个好的模型。网络攻击链模型描述了攻击过程,有助于进行威胁情报分析、攻击的事后分析等,其将复杂的攻击分解为相互非独有的阶段或层。通过调研大量攻击链相关学术论文,总结分析了不同的攻击链模型。同时,对攻击链模型下攻击成功概率进行了简单分析,并重点综述了基于攻击链模型的不同防御方法和手段。
Network attack is very harmful to network and information system.It is necessary to study the process of network attack and analyze it.Network attack chain model is a good model to describe the attack.The attack process was described,which is helpful for threat intelligence analysis,attack post-analysis,etc.It decomposed complex attacks into stages or layers which were not unique to each other.The different attack chain models was summarized and analyzed by investigating a large number of related academic papers.At the same time,the attack success probability under the attack chain model was analyzed,and the different defense methods and means based on the attack chain model were summarized emphatically.
作者
刘文彦
霍树民
陈扬
仝青
LIU Wenyan;HUO Shumin;CHEN Yang;TONG Qing(National Digital Switching Engineering Technological Research Center, Zhengzhou 450002, China)
出处
《通信学报》
EI
CSCD
北大核心
2018年第A02期88-94,共7页
Journal on Communications
基金
国家自然科学基金资助项目(No.61602509)
国家自然科学基金创新群体资助项目(No.61521003)
国家重点研究发展计划资助项目(No.2016YFB0800100
No.2016YFB0800101)~~
关键词
攻击链
多阶段
防御
情报
指示器
attack chain
multi-stage
defense
intelligence
indicator
