ZHANG Yu1, PAN Xiaoming2, LIU Qingzhong3, CAO Junkuo1, LUO Ziqiang1
1. College of Information Science and Technology, Hainan Normal University, Haikou 571158, China;
2. Key Laboratory of Information Security, Institute of Electronic Information Products Inspection of Zhejiang, Hangzhou 310007, China;
3. Department of Computer Science, Sam Houston State University, Houston, USA
Abstract:Advanced persistent threats (APT) have gradually evolved into a complex of social engineering attacks and zero-day exploits as some of the most serious cyberspace security threats. APT attacks often attack infrastructure and steal sensitive information with strong national strategic interests, so that cyberspace security threats evolve from random attacks to purposeful, organized, premeditated attacks. In recent years, APT attacks and defenses have rapidly developed in the cyberspace security community. The origin and development of APTs are reviewed here with analyses of the mechanism and life cycle of APTs. Then, APT defenses and detection methods are described with problems and further research directions identified.
张瑜, 潘小明, LIU Qingzhong, 曹均阔, 罗自强. APT攻击与防御[J]. 清华大学学报(自然科学版), 2017, 57(11): 1127-1133.
ZHANG Yu, PAN Xiaoming, LIU Qingzhong, CAO Junkuo, LUO Ziqiang. APT attacks and defenses. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1127-1133.
Potts M. The state of information security[J]. Network Security, 2012(7):9-11.
[2]
Thomson G. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[3]
Friedberg I, Skopik F, Settanni G, et al. Combating advanced persistent threats:From network event correlation to incident detection. Computers & Security, 2015(48):35-57.
[4]
Bodmer S, Kilger M, Carpenter G, et al. Reverse Deception:Organized Cyber Threat Counter-Exploitation[M]. New York:McGraw-Hill Osborne Media, 2012.
[5]
Binde B E, McRee R, O'Connor T J. Assessing Outbound Traffic to Uncover Advanced Persistent Threat[R]. Maryland:SANS Technology Institute, 2011.
[6]
Stine K, Dempsey K. Information Security Continuous Monitoring for Federal Information Systems and Organizations[R/OL].[2016-04-30]. http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf
肖新光. 寻找APT的关键词[J]. 中国信息安全, 2013(10):100-104.XIAO Xinguang. Search for the keywords of APT[J]. China Infornation Security, 2013(10):100-104. (in Chinese)
[9]
杜跃进, 方緖鹏, 翟立东. APT的本质探讨[J]. 电信网技术, 2013(11):1-4.DU Yuejin, FANG Xupeng, ZHAI Lidong. The essence of APT[J]. Telecommunications Network Technology, 2013(11):1-4. (in Chinese)
[10]
Brewer R. Advanced persistent threats:Minimising the damage[J]. Network Security, 2014(4):5-9.
[11]
Sood A K, Enbody R J. Targeted cyberattacks:A superset of advanced persistent threats[J], IEEE Security & Privacy, 2013, 11(1):54-61.
[12]
Auty M. Anatomy of an advanced persistent threat[J]. Network Security, 2015(4):13-16.
[13]
Gordon Thomson. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[14]
Chen P, Desmet L, Huygens C. A study on advanced persistent threats[J]. Lecture Notes in Computer Science, 2014, 8735:63-72.
[15]
TrendMicro Corporation. Evolutional governance strategy of APT[R/OL].[2016-04-30]. http://www.trendmicro.com.cn/cloud-content/cn/pdfs/20150624.pdf
[16]
Wilhoit K. In-Depth Look:APT attack tools of the trade[Z/OL].[2016-04-30]. http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade.
[17]
沈立君. APT攻击威胁网络安全的全面解析与防御探讨[J]. 信息安全与技术, 2015(8):10-15.Shen L J. APT attacks in parsing and defense of network security threats[J]. Information Security & Technology, 2015(8):10-15.
[18]
徐金伟. 我国防护特种网络攻击技术现状[J]. 信息安全与技术, 2014(5):3-7.XU Jinwei. China's situation of protection techniques against special network attacks[J]. Information Security and Technology, 2014(5):3-7. (in Chinese)
[19]
Moon D, Im H, Lee J D, et al. MLDS:Multi-layer defense system for preventing advanced persistent threats[J]. Symmetry, 2014, 6(4):997-1010.
[20]
吴孔. 基于分布式网络的APT攻击与防御技术研究[D]. 北京:北京邮电大学, 2015.WU Kong. Research on APT Attack and Defense Technology Based on Distributed Network[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[21]
马明阳. 针对社会工程学攻击的防御技术研究[D]. 北京:北京邮电大学, 2015.MA Mingyang. Research on Defense Technology of Social Engineering Attacks[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[22]
Tankard C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011, 8:16-19.
[23]
Mandiant Corporation. APT1:Exposing One of China's Cyber Espionage Units[R/OL]. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf