一种应对APT攻击的安全架构:异常发现
发布时间:2018-08-06 21:16
【摘要】:威胁是一种对特定系统、组织及其资产造成破坏的潜在因素,反映的是攻击实施者依照其任务需求对被攻击对象长期持续地施以各种形式攻击的过程.面对高级可持续威胁(advanced persistent threat,APT),在其造成严重经济损失之前,现有的安全架构无法协助防御者及时发现威胁的存在.在深入剖析威胁的外延和内涵的基础上,详细探讨了威胁防御模型.提出了一种应对APT攻击的安全防御理论架构:异常发现,以立足解决威胁发现的难题.异常发现作为防御策略和防护部署工作的前提,通过实时多维地发现环境中存在的异常、解读未知威胁、分析攻击实施者的目的,为制定具有针对性的应对策略提供必要的信息.设计并提出了基于异常发现的安全体系技术架构:"慧眼",通过高、低位协同监测的技术,从APT攻击的源头、途径和终端3个层面监测和发现.
[Abstract]:A threat is a potential factor that causes damage to a particular system, organization and its assets, reflecting the process of long-term persistent attacks by the attack perpetrators on the target in accordance with their task requirements. Facing the advanced sustainable threat (advanced persistent threat, APT), before it causes serious economic losses, it is available. Security architecture can not assist defenders to discover the existence of threats in time. On the basis of in-depth analysis of the extension and connotation of threats, the threat defense model is discussed in detail. A security defense theory framework for APT attacks is proposed: abnormal discovery, based on solving the problem of threat discovery. Abnormal discovery is used as a defense strategy and protection department. The premise of the work is to discover the exceptions in the environment in real-time and multidimensional, interpret the unknown threat, analyze the purpose of the attack implementer, and provide the necessary information for the formulation of a targeted response strategy. A technical architecture of the security system based on abnormal discovery is designed and proposed: "eye", through the technology of high and low coordination monitoring, from APT The source, approach and terminal of the attack are monitored and discovered at 3 levels.
【作者单位】: 中国科学院信息工程研究所;国家计算机网络应急技术处理协调中心;北京邮电大学计算机学院;
【基金】:国家“八六三”高技术研究发展计划基金项目(2011AA01A103)
【分类号】:TP393.08
[Abstract]:A threat is a potential factor that causes damage to a particular system, organization and its assets, reflecting the process of long-term persistent attacks by the attack perpetrators on the target in accordance with their task requirements. Facing the advanced sustainable threat (advanced persistent threat, APT), before it causes serious economic losses, it is available. Security architecture can not assist defenders to discover the existence of threats in time. On the basis of in-depth analysis of the extension and connotation of threats, the threat defense model is discussed in detail. A security defense theory framework for APT attacks is proposed: abnormal discovery, based on solving the problem of threat discovery. Abnormal discovery is used as a defense strategy and protection department. The premise of the work is to discover the exceptions in the environment in real-time and multidimensional, interpret the unknown threat, analyze the purpose of the attack implementer, and provide the necessary information for the formulation of a targeted response strategy. A technical architecture of the security system based on abnormal discovery is designed and proposed: "eye", through the technology of high and low coordination monitoring, from APT The source, approach and terminal of the attack are monitored and discovered at 3 levels.
【作者单位】: 中国科学院信息工程研究所;国家计算机网络应急技术处理协调中心;北京邮电大学计算机学院;
【基金】:国家“八六三”高技术研究发展计划基金项目(2011AA01A103)
【分类号】:TP393.08
【参考文献】
相关期刊论文 前4条
1 张帅;;对APT攻击的检测与防御[J];信息安全与技术;2011年09期
2 杜跃进;;APT应对面临的挑战——关于APT的一些问题[J];信息安全与通信保密;2012年07期
3 杜跃进;穆瑛;;往哪走 做什么 怎么办 如何应对APT及新阶段网络安全威胁?[J];信息安全与通信保密;2012年07期
4 翟立东;李跃;贾召鹏;郭莉;;融合网络空间的APT威胁检测与防护[J];信息网络安全;2013年03期
【共引文献】
相关期刊论文 前10条
1 林龙成;陈波;郭向民;;传统网络安全防御面临的新威胁:APT攻击[J];信息安全与技术;2013年03期
2 黄嵩;;新一代网络攻击与防护的博弈[J];电脑知识与技术;2013年05期
3 杜跃进;方}峙,
本文编号:2169013
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2169013.html
