铁路APT攻击检测和溯源技术方案研究
Research on Technical Solution for Railway Advanced Persistent Threat Detection and Traceability
郝锦晖 1江明 1冯凯1
作者信息
- 1. 北京全路通信信号研究设计院集团有限公司,北京 100070;列车自主运行智能控制铁路行业工程研究中心,北京 100070
- 折叠
摘要
针对传统防御技术的局限性,结合铁路系统特点,采用事前、事中、事后于一体安全防御策略,并将事前、事中、事后有机整合,按照铁路网分层架构,进行分布式、层级化纵深防御设计,提出"分布监测-智能识别-跨网溯源"为一体的铁路APT网络威胁感知与溯源技术方案,并在实验室搭建环境进行验证,可有效提升铁路系统针对APT攻击的防范能力.
Abstract
Addressing the limitations of traditional defense technologies,and considering the characteristics of railway systems,this research adopts an integrated security defense strategy and achieves organic integration before,during and after an attack event.On the basis of the layered architecture of the railway network,a distributed and hierarchical defense-in-depth design is proposed,and a technical solution for railway network threat perception and traceability for APT is proposed,which achieves the integration of"distributed monitoring-intelligent identification-cross network traceability".Moreover,the laboratory environment for verification is built,which can effectively improve the prevention capabilities of railway systems against APT attacks.
关键词
网络安全/APT攻击/攻击检测/溯源Key words
network security/APT attacks/attack detection/traceability引用本文复制引用
出版年
2024
国家科技期刊平台
NSTL
万方数据