摘要
高级持续性威胁(APT,advanced persistent threat)已成为高安全等级网络的最主要威胁之一,其极强的针对性、伪装性和阶段性使传统检测技术无法有效识别,因此新型攻击检测技术成为APT攻击防御领域的研究热点。首先,结合典型APT攻击技术和原理,分析攻击的6个实施阶段,并归纳攻击特点;然后,综述现有APT攻击防御框架研究的现状,并分析网络流量异常检测、恶意代码异常检测、社交网络安全事件挖掘和安全事件关联分析等4项基于网络安全大数据分析的APT攻击检测技术的研究内容与最新进展;最后,提出抗APT攻击的系统综合防御框架和智能反馈式系统安全检测框架,并指出相应技术在应对APT攻击过程中面临的挑战和下一步发展方向。
Advanced persistent threats have become the major threats of highly protected networks. Traditional detecting technologies were not able to find out APT attacks which were targeted, pretended and persistent. As a result, novel detecting technologies dave become the hot topic in the field of APT defence. Firstly, concrete descriptions of the six phases of APT attacks were provided combined with typical technologies and theories of APT, the features of APT attacks were conduded. Secondly, the current research situation of frameworks defending APT was illustrated, and the research points and recent developments of four key technologies including anomalous detection of network flow, anomalous detection of malevolent codes, security events mining in social networks and correlation analysis of security events were analyzed. Finally, both the comprehensive defending framework and the detecting framework based on intelligent feedback were established, and the challenges and developing directions of detecting technologies in the process of dealing with APT attacks were pointed out.
出处
《通信学报》
EI
CSCD
北大核心
2015年第11期1-14,共14页
Journal on Communications
基金
国家自然科学基金资助项目(61100042)
中国博士后基金资助项目(2014M552656)
湖北省自然科学基金资助项目(2015CFC867)~~
关键词
网络安全检测
高级持续性威胁
大数据分析
智能反馈
关联分析
Key words: network security detection
advanced persistent threat
big data analysis
intelligent feedback
correlationanalysis
