Survey on Attribution and Inference Research for APT Attacks
Advanced persistent threat(APT)is a novel form of cyberattack that is well-organized,stealthy,persistent,adversarial,and destructive,resulting in catastrophic consequences for global network security.Traditional APT attack defenses tend to construct models to detect whether the attacks are malicious or identify the malicious family categories,primarily employing a passive defense strategy and lacking comprehensive and in-depth exploration of the field of APT attack attribution and inference.In light of this,this study focuses on the intelligent methods of APT attack attribution and inference to conduct a survey study.Firstly,an overall defense chain framework for APT attacks is proposed,which can effectively distinguish and correlate APT attack detection,attribution,and inference.Secondly,the work related to the four tasks of APT attack detection is reviewed in detail.Thirdly,APT attack attribution research is systematically summarized for regions,organizations,attackers,addresses,and attack models.Then,APT attack inference is divided into four aspects:attack intent inference,attack path perception,attack scenario reconstruction,and attack blocking and countermeasures,and relevant works are summarized and compared in detail.Finally,the hot topics,development trends,and challenges in the field of APT attack defense are discussed.
NETL
NSTL
万方数据
