摘要
网络侦察是为收集目标网络信息而开展的活动,普遍发生在网络攻击链的各个阶段,是对手能够渗透目标网络并成功利用漏洞和缺陷破坏系统的关键。网络侦察会造成目标网络关键信息泄露,因此可视为一种以信息窃取为目标的网络攻击。通过系统性分析网络侦察的主要形式及防御方法,讨论网络侦察的主要目标信息,总结主要的网络侦察方法,介绍当前主流的网络侦察防御方法,提供了一个全面的对抗性的网络侦察攻防视角,可以帮助研究人员理解和建模网络侦察过程,改进网络侦察防御的方法和策略。
Network reconnaissance in cybersecurity refers to the ongoing process used by adversaries to gather as much useful information as possible about target networks throughout the phases of the cyber kill chain.It is one of the key stages for adversaries being often able to penetrate networks and compromise systems by exploiting vulnerabilities.The key information about target networks will be leaked through network reconnaissance,therefore network reconnaissance can be regarded as one type of network attacks.This paper summarizes and analyzes the methods that adversaries use to conduct reconnaissance activities and defense methods.First,it discusses what types of information adversaries seek.Then,it provides an overview of adversarial reconnaissance techniques,and introduces the current defense methods against network reconnaissance.This paper provides a comprehensive view of adversarial reconnaissance and defense that can help in understanding and modeling the network reconnaissance,and improving the defense methods and strategies against network reconnaissance.
作者
张位
刘赟
冯毓
毛得明
ZHANG Wei;LIU Yun;FENG Yu;MAO Deming(Cybersecurity Innovation Center of Science and Technology Industry for National Defense,Chengdu Sichuan 610041,China;Cyberspace Security Technology Laboratory of CETC,Chengdu Sichuan 610041,China;China Electronic Technology Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China)
出处
《通信技术》
2022年第10期1247-1256,共10页
Communications Technology
基金
四川省科技计划资助(2020YFG0461)
国家重点研发计划(2019YFB2101701)。
关键词
网络侦察
网络扫描
欺骗防御
移动目标防御
network reconnaissance
network scanning
defensive deception
moving target defens
