APT攻击与防御

doi:10.16511/j.cnki.qhdxxb.2017.21.024

摘要
参考文献
相关文章
Metrics

全文: PDF(1004 KB)
输出: BibTeX | EndNote (RIS)

摘要高级持续性威胁（advanced persistent threat，APT）逐渐演化为各种社会工程学攻击与零日漏洞利用的综合体，已成为最严重的网络空间安全威胁之一。APT以攻击基础设施、窃取敏感情报为目的，且具有强烈的国家战略意图，从而使网络安全威胁由散兵游勇式的随机攻击演化为有目的、有组织、有预谋的群体式定向攻击。近年来，APT攻击与防御已受到网络空间安全社区的持续关注，获得了长足发展与广泛应用。该文首先回顾了APT起源与发展演化过程；其次讨论了APT攻击机理与生命周期；然后探讨了APT防御体系与检测方法，归纳总结目前APT检测防御的最新技术；最后讨论了APT攻击发展趋势、APT防御存在的问题和进一步研究方向。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS

	作者相关文章
	张瑜
	潘小明
	LIU Qingzhong
	曹均阔
	罗自强

关键词 ：高级持续性威胁, 威胁情报, 攻击检测, 网络空间安全, 社会工程学

Abstract：Advanced persistent threats (APT) have gradually evolved into a complex of social engineering attacks and zero-day exploits as some of the most serious cyberspace security threats. APT attacks often attack infrastructure and steal sensitive information with strong national strategic interests, so that cyberspace security threats evolve from random attacks to purposeful, organized, premeditated attacks. In recent years, APT attacks and defenses have rapidly developed in the cyberspace security community. The origin and development of APTs are reviewed here with analyses of the mechanism and life cycle of APTs. Then, APT defenses and detection methods are described with problems and further research directions identified.

Key words： advanced persistent threat threat intelligence attacks detection cyberspace security social engineering

收稿日期: 2016-06-30 出版日期: 2017-11-15

ZTFLH:

TP393.08

通讯作者: 潘小明,研究员,E-mail:pxm@zdjy.org.cn E-mail: pxm@zdjy.org.cn

引用本文:

张瑜, 潘小明, LIU Qingzhong, 曹均阔, 罗自强. APT攻击与防御[J]. 清华大学学报（自然科学版）, 2017, 57(11): 1127-1133.
ZHANG Yu, PAN Xiaoming, LIU Qingzhong, CAO Junkuo, LUO Ziqiang. APT attacks and defenses. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1127-1133.

链接本文:

http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.21.024 或 http://jst.tsinghuajournals.com/CN/Y2017/V57/I11/1127

[1]	Potts M. The state of information security[J]. Network Security, 2012(7):9-11.
[2]	Thomson G. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[3]	Friedberg I, Skopik F, Settanni G, et al. Combating advanced persistent threats:From network event correlation to incident detection. Computers & Security, 2015(48):35-57.
[4]	Bodmer S, Kilger M, Carpenter G, et al. Reverse Deception:Organized Cyber Threat Counter-Exploitation[M]. New York:McGraw-Hill Osborne Media, 2012.
[5]	Binde B E, McRee R, O'Connor T J. Assessing Outbound Traffic to Uncover Advanced Persistent Threat[R]. Maryland:SANS Technology Institute, 2011.
[6]	Stine K, Dempsey K. Information Security Continuous Monitoring for Federal Information Systems and Organizations[R/OL].[2016-04-30]. http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf
[7]	FireEye Corporation. FireEye Advanced Threat Report[R/OL].[2016-04-30]. http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-threat-report-2013.pdf
[8]	肖新光. 寻找APT的关键词[J]. 中国信息安全, 2013(10):100-104.XIAO Xinguang. Search for the keywords of APT[J]. China Infornation Security, 2013(10):100-104. (in Chinese)
[9]	杜跃进, 方緖鹏, 翟立东. APT的本质探讨[J]. 电信网技术, 2013(11):1-4.DU Yuejin, FANG Xupeng, ZHAI Lidong. The essence of APT[J]. Telecommunications Network Technology, 2013(11):1-4. (in Chinese)
[10]	Brewer R. Advanced persistent threats:Minimising the damage[J]. Network Security, 2014(4):5-9.
[11]	Sood A K, Enbody R J. Targeted cyberattacks:A superset of advanced persistent threats[J], IEEE Security & Privacy, 2013, 11(1):54-61.
[12]	Auty M. Anatomy of an advanced persistent threat[J]. Network Security, 2015(4):13-16.
[13]	Gordon Thomson. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[14]	Chen P, Desmet L, Huygens C. A study on advanced persistent threats[J]. Lecture Notes in Computer Science, 2014, 8735:63-72.
[15]	TrendMicro Corporation. Evolutional governance strategy of APT[R/OL].[2016-04-30]. http://www.trendmicro.com.cn/cloud-content/cn/pdfs/20150624.pdf
[16]	Wilhoit K. In-Depth Look:APT attack tools of the trade[Z/OL].[2016-04-30]. http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade.
[17]	沈立君. APT攻击威胁网络安全的全面解析与防御探讨[J]. 信息安全与技术, 2015(8):10-15.Shen L J. APT attacks in parsing and defense of network security threats[J]. Information Security & Technology, 2015(8):10-15.
[18]	徐金伟. 我国防护特种网络攻击技术现状[J]. 信息安全与技术, 2014(5):3-7.XU Jinwei. China's situation of protection techniques against special network attacks[J]. Information Security and Technology, 2014(5):3-7. (in Chinese)
[19]	Moon D, Im H, Lee J D, et al. MLDS:Multi-layer defense system for preventing advanced persistent threats[J]. Symmetry, 2014, 6(4):997-1010.
[20]	吴孔. 基于分布式网络的APT攻击与防御技术研究[D]. 北京:北京邮电大学, 2015.WU Kong. Research on APT Attack and Defense Technology Based on Distributed Network[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[21]	马明阳. 针对社会工程学攻击的防御技术研究[D]. 北京:北京邮电大学, 2015.MA Mingyang. Research on Defense Technology of Social Engineering Attacks[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[22]	Tankard C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011, 8:16-19.
[23]	Mandiant Corporation. APT1:Exposing One of China's Cyber Espionage Units[R/OL]. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

[1]	张思聪, 谢晓尧, 徐洋. 基于dCNN的入侵检测方法[J]. 清华大学学报（自然科学版）, 2019, 59(1): 44-52.

Viewed

Full text

Abstract

Cited

Shared

Discussed