Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2017, Vol. 57 Issue (11): 1127-1133    DOI: 10.16511/j.cnki.qhdxxb.2017.21.024
  计算机科学与技术 本期目录 | 过刊浏览 | 高级检索 |
APT攻击与防御
张瑜1, 潘小明2, LIU Qingzhong3, 曹均阔1, 罗自强1
1. 海南师范大学 信息学院, 海口 571158, 中国;
2. 浙江省电子信息产品检验所 信息安全重点实验室, 杭州 310007, 中国;
3. 萨姆休斯顿州立大学 计算机系, 休斯顿 美国
APT attacks and defenses
ZHANG Yu1, PAN Xiaoming2, LIU Qingzhong3, CAO Junkuo1, LUO Ziqiang1
1. College of Information Science and Technology, Hainan Normal University, Haikou 571158, China;
2. Key Laboratory of Information Security, Institute of Electronic Information Products Inspection of Zhejiang, Hangzhou 310007, China;
3. Department of Computer Science, Sam Houston State University, Houston, USA
全文: PDF(1004 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 高级持续性威胁(advanced persistent threat,APT)逐渐演化为各种社会工程学攻击与零日漏洞利用的综合体,已成为最严重的网络空间安全威胁之一。APT以攻击基础设施、窃取敏感情报为目的,且具有强烈的国家战略意图,从而使网络安全威胁由散兵游勇式的随机攻击演化为有目的、有组织、有预谋的群体式定向攻击。近年来,APT攻击与防御已受到网络空间安全社区的持续关注,获得了长足发展与广泛应用。该文首先回顾了APT起源与发展演化过程;其次讨论了APT攻击机理与生命周期;然后探讨了APT防御体系与检测方法,归纳总结目前APT检测防御的最新技术;最后讨论了APT攻击发展趋势、APT防御存在的问题和进一步研究方向。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
张瑜
潘小明
LIU Qingzhong
曹均阔
罗自强
关键词 高级持续性威胁威胁情报攻击检测网络空间安全社会工程学    
Abstract:Advanced persistent threats (APT) have gradually evolved into a complex of social engineering attacks and zero-day exploits as some of the most serious cyberspace security threats. APT attacks often attack infrastructure and steal sensitive information with strong national strategic interests, so that cyberspace security threats evolve from random attacks to purposeful, organized, premeditated attacks. In recent years, APT attacks and defenses have rapidly developed in the cyberspace security community. The origin and development of APTs are reviewed here with analyses of the mechanism and life cycle of APTs. Then, APT defenses and detection methods are described with problems and further research directions identified.
Key wordsadvanced persistent threat    threat intelligence    attacks detection    cyberspace security    social engineering
收稿日期: 2016-06-30      出版日期: 2017-11-15
ZTFLH:  TP393.08  
通讯作者: 潘小明,研究员,E-mail:pxm@zdjy.org.cn     E-mail: pxm@zdjy.org.cn
引用本文:   
张瑜, 潘小明, LIU Qingzhong, 曹均阔, 罗自强. APT攻击与防御[J]. 清华大学学报(自然科学版), 2017, 57(11): 1127-1133.
ZHANG Yu, PAN Xiaoming, LIU Qingzhong, CAO Junkuo, LUO Ziqiang. APT attacks and defenses. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1127-1133.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.21.024  或          http://jst.tsinghuajournals.com/CN/Y2017/V57/I11/1127
[1] Potts M. The state of information security[J]. Network Security, 2012(7):9-11.
[2] Thomson G. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[3] Friedberg I, Skopik F, Settanni G, et al. Combating advanced persistent threats:From network event correlation to incident detection. Computers & Security, 2015(48):35-57.
[4] Bodmer S, Kilger M, Carpenter G, et al. Reverse Deception:Organized Cyber Threat Counter-Exploitation[M]. New York:McGraw-Hill Osborne Media, 2012.
[5] Binde B E, McRee R, O'Connor T J. Assessing Outbound Traffic to Uncover Advanced Persistent Threat[R]. Maryland:SANS Technology Institute, 2011.
[6] Stine K, Dempsey K. Information Security Continuous Monitoring for Federal Information Systems and Organizations[R/OL].[2016-04-30]. http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf
[7] FireEye Corporation. FireEye Advanced Threat Report[R/OL].[2016-04-30]. http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-threat-report-2013.pdf
[8] 肖新光. 寻找APT的关键词[J]. 中国信息安全, 2013(10):100-104.XIAO Xinguang. Search for the keywords of APT[J]. China Infornation Security, 2013(10):100-104. (in Chinese)
[9] 杜跃进, 方緖鹏, 翟立东. APT的本质探讨[J]. 电信网技术, 2013(11):1-4.DU Yuejin, FANG Xupeng, ZHAI Lidong. The essence of APT[J]. Telecommunications Network Technology, 2013(11):1-4. (in Chinese)
[10] Brewer R. Advanced persistent threats:Minimising the damage[J]. Network Security, 2014(4):5-9.
[11] Sood A K, Enbody R J. Targeted cyberattacks:A superset of advanced persistent threats[J], IEEE Security & Privacy, 2013, 11(1):54-61.
[12] Auty M. Anatomy of an advanced persistent threat[J]. Network Security, 2015(4):13-16.
[13] Gordon Thomson. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[14] Chen P, Desmet L, Huygens C. A study on advanced persistent threats[J]. Lecture Notes in Computer Science, 2014, 8735:63-72.
[15] TrendMicro Corporation. Evolutional governance strategy of APT[R/OL].[2016-04-30]. http://www.trendmicro.com.cn/cloud-content/cn/pdfs/20150624.pdf
[16] Wilhoit K. In-Depth Look:APT attack tools of the trade[Z/OL].[2016-04-30]. http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade.
[17] 沈立君. APT攻击威胁网络安全的全面解析与防御探讨[J]. 信息安全与技术, 2015(8):10-15.Shen L J. APT attacks in parsing and defense of network security threats[J]. Information Security & Technology, 2015(8):10-15.
[18] 徐金伟. 我国防护特种网络攻击技术现状[J]. 信息安全与技术, 2014(5):3-7.XU Jinwei. China's situation of protection techniques against special network attacks[J]. Information Security and Technology, 2014(5):3-7. (in Chinese)
[19] Moon D, Im H, Lee J D, et al. MLDS:Multi-layer defense system for preventing advanced persistent threats[J]. Symmetry, 2014, 6(4):997-1010.
[20] 吴孔. 基于分布式网络的APT攻击与防御技术研究[D]. 北京:北京邮电大学, 2015.WU Kong. Research on APT Attack and Defense Technology Based on Distributed Network[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[21] 马明阳. 针对社会工程学攻击的防御技术研究[D]. 北京:北京邮电大学, 2015.MA Mingyang. Research on Defense Technology of Social Engineering Attacks[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[22] Tankard C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011, 8:16-19.
[23] Mandiant Corporation. APT1:Exposing One of China's Cyber Espionage Units[R/OL]. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
[1] 张思聪, 谢晓尧, 徐洋. 基于dCNN的入侵检测方法[J]. 清华大学学报(自然科学版), 2019, 59(1): 44-52.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn