基于威胁发现的APT攻击防御体系研究
Research on APT Attack Defense System Based on Threat Discovery
赵新强 1范博 2张东举2
作者信息
- 1. 中国电子技术标准化研究院,北京 100007;中国科学院信息工程研究所,北京 100085
- 2. 中国电子技术标准化研究院,北京 100007
- 折叠
摘要
APT攻击的未知性和不确定性使得传统防护体系难以快速检测防御,其持续进化能力也使得基于特征检测技术的传统防护手段无法满足日益增长的安全需求.文章基于红蓝对抗思想构建了APT攻防模型,并基于杀伤链分类总结出常见网络攻击的步骤和技术.文章结合APT攻防实践经验提出一种以APT威胁发现为核心的防御思想模型和"云、管、端、地"协同的综合安全技术框架.
Abstract
The unknown and uncertainty of APT attacks make it difficult for traditional defense systems to quickly detect and defend,and their continuous evolution ability also makes traditional defense methods based on feature detection technology inadequate.This paper presented an APT attack and defense model based on the concept of red-blue confrontation,and summarized the steps and techniques of common network attacks based on the classification of kill chains.It also proposed a defense concept model with the core of APT threat discovery and a comprehensive security technology framework of"cloud,management,end,and ground"collaboration based on the practical experience of APT attack and defense.
关键词
网络空间安全/APT/未知攻击/红蓝对抗/威胁发现Key words
cyberspace security/APT/unknown attack/red-blue confrontation/threat discovery引用本文复制引用
基金项目
国家重点研发计划(2022YFB3103900)
出版年
2024
NETL
NSTL
万方数据