Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2017, Vol. 57 Issue (11) : 1127-1133     DOI: 10.16511/j.cnki.qhdxxb.2017.21.024
COMPUTER SCIENCE AND TECHNOLOGY |
APT attacks and defenses
ZHANG Yu1, PAN Xiaoming2, LIU Qingzhong3, CAO Junkuo1, LUO Ziqiang1
1. College of Information Science and Technology, Hainan Normal University, Haikou 571158, China;
2. Key Laboratory of Information Security, Institute of Electronic Information Products Inspection of Zhejiang, Hangzhou 310007, China;
3. Department of Computer Science, Sam Houston State University, Houston, USA
Download: PDF(1004 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  Advanced persistent threats (APT) have gradually evolved into a complex of social engineering attacks and zero-day exploits as some of the most serious cyberspace security threats. APT attacks often attack infrastructure and steal sensitive information with strong national strategic interests, so that cyberspace security threats evolve from random attacks to purposeful, organized, premeditated attacks. In recent years, APT attacks and defenses have rapidly developed in the cyberspace security community. The origin and development of APTs are reviewed here with analyses of the mechanism and life cycle of APTs. Then, APT defenses and detection methods are described with problems and further research directions identified.
Keywords advanced persistent threat      threat intelligence      attacks detection      cyberspace security      social engineering     
ZTFLH:  TP393.08  
Issue Date: 15 November 2017
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
ZHANG Yu
PAN Xiaoming
LIU Qingzhong
CAO Junkuo
LUO Ziqiang
Cite this article:   
ZHANG Yu,PAN Xiaoming,LIU Qingzhong, et al. APT attacks and defenses[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1127-1133.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2017.21.024     OR     http://jst.tsinghuajournals.com/EN/Y2017/V57/I11/1127
[1] Potts M. The state of information security[J]. Network Security, 2012(7):9-11.
[2] Thomson G. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[3] Friedberg I, Skopik F, Settanni G, et al. Combating advanced persistent threats:From network event correlation to incident detection. Computers & Security, 2015(48):35-57.
[4] Bodmer S, Kilger M, Carpenter G, et al. Reverse Deception:Organized Cyber Threat Counter-Exploitation[M]. New York:McGraw-Hill Osborne Media, 2012.
[5] Binde B E, McRee R, O'Connor T J. Assessing Outbound Traffic to Uncover Advanced Persistent Threat[R]. Maryland:SANS Technology Institute, 2011.
[6] Stine K, Dempsey K. Information Security Continuous Monitoring for Federal Information Systems and Organizations[R/OL].[2016-04-30]. http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf
url: http://csrc.nist.gov/publications/nistpubs/800-137/sp800-137-final.pdf
[7] FireEye Corporation. FireEye Advanced Threat Report[R/OL].[2016-04-30]. http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-threat-report-2013.pdf
url: http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-threat-report-2013.pdf
[8] 肖新光. 寻找APT的关键词[J]. 中国信息安全, 2013(10):100-104.XIAO Xinguang. Search for the keywords of APT[J]. China Infornation Security, 2013(10):100-104. (in Chinese)
[9] 杜跃进, 方緖鹏, 翟立东. APT的本质探讨[J]. 电信网技术, 2013(11):1-4.DU Yuejin, FANG Xupeng, ZHAI Lidong. The essence of APT[J]. Telecommunications Network Technology, 2013(11):1-4. (in Chinese)
[10] Brewer R. Advanced persistent threats:Minimising the damage[J]. Network Security, 2014(4):5-9.
[11] Sood A K, Enbody R J. Targeted cyberattacks:A superset of advanced persistent threats[J], IEEE Security & Privacy, 2013, 11(1):54-61.
url: http://dx.doi.org/Security
[12] Auty M. Anatomy of an advanced persistent threat[J]. Network Security, 2015(4):13-16.
[13] Gordon Thomson. APTs:A poorly understood challenge[J]. Network Security, 2011(11):9-11.
[14] Chen P, Desmet L, Huygens C. A study on advanced persistent threats[J]. Lecture Notes in Computer Science, 2014, 8735:63-72.
url: http://dx.doi.org/10.1007/978-3-662-44885-4_5
[15] TrendMicro Corporation. Evolutional governance strategy of APT[R/OL].[2016-04-30]. http://www.trendmicro.com.cn/cloud-content/cn/pdfs/20150624.pdf
url: http://www.trendmicro.com.cn/cloud-content/cn/pdfs/20150624.pdf
[16] Wilhoit K. In-Depth Look:APT attack tools of the trade[Z/OL].[2016-04-30]. http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade.
url: http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade.
[17] 沈立君. APT攻击威胁网络安全的全面解析与防御探讨[J]. 信息安全与技术, 2015(8):10-15.Shen L J. APT attacks in parsing and defense of network security threats[J]. Information Security & Technology, 2015(8):10-15.
[18] 徐金伟. 我国防护特种网络攻击技术现状[J]. 信息安全与技术, 2014(5):3-7.XU Jinwei. China's situation of protection techniques against special network attacks[J]. Information Security and Technology, 2014(5):3-7. (in Chinese)
[19] Moon D, Im H, Lee J D, et al. MLDS:Multi-layer defense system for preventing advanced persistent threats[J]. Symmetry, 2014, 6(4):997-1010.
[20] 吴孔. 基于分布式网络的APT攻击与防御技术研究[D]. 北京:北京邮电大学, 2015.WU Kong. Research on APT Attack and Defense Technology Based on Distributed Network[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[21] 马明阳. 针对社会工程学攻击的防御技术研究[D]. 北京:北京邮电大学, 2015.MA Mingyang. Research on Defense Technology of Social Engineering Attacks[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. (in Chinese)
[22] Tankard C. Advanced persistent threats and how to monitor and deter them[J]. Network Security, 2011, 8:16-19.
[23] Mandiant Corporation. APT1:Exposing One of China's Cyber Espionage Units[R/OL]. https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
[1] HAN Xinhui, WEI Shuang, YE Jiayi, ZHANG Chao, YE Zhiyuan. Detect use-after-free vulnerabilities in binaries[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1022-1029.
[2] CAO Laicheng, HE Wenwen, LIU Yufei, GUO Xian, FENG Tao. Cooperative dynamic data possession scheme across a cloud storage environment[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1048-1055.
[3] MA Rui, ZHU Tianbao, MA Ke, HU Changzhen, ZHAO Xiaolin. Single-witness-based distributed detection for node replication attack[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(9): 909-913,920.
[4] CHEN Yu, WANG Na, WANG Jindong. An n-fold reduction of linguistic variables based on the triangular fuzzy numbers[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(8): 892-896.
[5] LI Yu, ZHAO Yong, GUO Xiaodong, LIU Guole. An assurance model for accesscontrol on cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(4): 432-436.
[6] WANG Weiping, BAI Junyang, ZHANG Yuchan, WANG Jianxin. Dynamic taint tracking in JavaScript using revised code[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(9): 956-962,968.
[7] HAN Xinhui, DING Yijing, WANG Dongqi, LI Tongxin, YE Zhiyuan. Android malicious AD threat analysis and detection techniques[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 468-477.
[8] WANG Danchen, XU Yang, LI Bin, HE Xingxing. Mixed-index information system security evaluation[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 517-521,529.
[9] WANG Yongjian, JIN Bo, DONG Jian. Security log with integrity verification support[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(3): 237-245.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd