期刊文献+

APT攻击场景重构方法综述 被引量:4

Survey on APT Attack Scenario Reconstruction Methods
下载PDF
导出
摘要 APT攻击已经成为网络安全的重要威胁之一,从大量告警日志数据中识别APT攻击并还原攻击场景已成为当前急需研究的问题。首先介绍了攻击场景重构基本概念和技术流程框架。其次,依据采用的关联分析方法,对攻击场景重构方法进行了分类,并分别综述了基于经验知识、基于因果关系、基于语义相似性和基于机器学习4类方法的基本步骤和具体案例。最后,讨论了不同方法的优势和不足,结合最新技术应用指出了未来发展趋势。 Advanced and persistent threats(APTs)have become a major threat to cyber security.Detecting APTs from a large amount of alarms and reconstructing the attack scenario has become an urgent problem to be solved.This paper first introduces the basic concepts and technical process framework of attack scenario reconstruction.Second,the attack scenario reconstruction technology is classified based on the correlation analysis method.Then,the basic steps and specific cases of the four reconstruction methods based on experience knowledge,causality,semantic similarity,or machine learning are reviewed respectively.Finally,the advantages and disadvantages of different methods are discussed,and the development trend is prospected in combination with the latest technology applications.
作者 潘亚峰 朱俊虎 周天阳 PAN Yafeng;ZHU Junhu;ZHOU Tianyang(Information Engineering University, Zhengzhou 450001, China)
机构地区 信息工程大学
出处 《信息工程大学学报》 2021年第1期55-60,80,共7页 Journal of Information Engineering University
关键词 攻击场景重构 APT 经验知识 因果关系 语义相似性 机器学习 attack scenario reconstruction APT experience and knowledge causal relation semantic similarity machine learning
  • 相关文献

参考文献8

二级参考文献180

共引文献122

同被引文献16

引证文献4

二级引证文献7

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部