【摘要】：威脅是一種對特定系統(tǒng)、組織及其資產(chǎn)造成破壞的潛在因素,反映的是攻擊實(shí)施者依照其任務(wù)需求對被攻擊對象長期持續(xù)地施以各種形式攻擊的過程.面對高級可持續(xù)威脅(advanced persistent threat,APT),在其造成嚴(yán)重經(jīng)濟(jì)損失之前,現(xiàn)有的安全架構(gòu)無法協(xié)助防御者及時(shí)發(fā)現(xiàn)威脅的存在.在深入剖析威脅的外延和內(nèi)涵的基礎(chǔ)上,詳細(xì)探討了威脅防御模型.提出了一種應(yīng)對APT攻擊的安全防御理論架構(gòu):異常發(fā)現(xiàn),以立足解決威脅發(fā)現(xiàn)的難題.異常發(fā)現(xiàn)作為防御策略和防護(hù)部署工作的前提,通過實(shí)時(shí)多維地發(fā)現(xiàn)環(huán)境中存在的異常、解讀未知威脅、分析攻擊實(shí)施者的目的,為制定具有針對性的應(yīng)對策略提供必要的信息.設(shè)計(jì)并提出了基于異常發(fā)現(xiàn)的安全體系技術(shù)架構(gòu):"慧眼",通過高、低位協(xié)同監(jiān)測的技術(shù),從APT攻擊的源頭、途徑和終端3個層面監(jiān)測和發(fā)現(xiàn).
[Abstract]:A threat is a potential factor that causes damage to a particular system, organization and its assets, reflecting the process of long-term persistent attacks by the attack perpetrators on the target in accordance with their task requirements. Facing the advanced sustainable threat (advanced persistent threat, APT), before it causes serious economic losses, it is available. Security architecture can not assist defenders to discover the existence of threats in time. On the basis of in-depth analysis of the extension and connotation of threats, the threat defense model is discussed in detail. A security defense theory framework for APT attacks is proposed: abnormal discovery, based on solving the problem of threat discovery. Abnormal discovery is used as a defense strategy and protection department. The premise of the work is to discover the exceptions in the environment in real-time and multidimensional, interpret the unknown threat, analyze the purpose of the attack implementer, and provide the necessary information for the formulation of a targeted response strategy. A technical architecture of the security system based on abnormal discovery is designed and proposed: "eye", through the technology of high and low coordination monitoring, from APT The source, approach and terminal of the attack are monitored and discovered at 3 levels.
【作者單位】： 中國科學(xué)院信息工程研究所;國家計(jì)算機(jī)網(wǎng)絡(luò)應(yīng)急技術(shù)處理協(xié)調(diào)中心;北京郵電大學(xué)計(jì)算機(jī)學(xué)院;
【基金】：國家“八六三”高技術(shù)研究發(fā)展計(jì)劃基金項(xiàng)目(2011AA01A103)
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 張帥;;對APT攻擊的檢測與防御[J];信息安全與技術(shù);2011年09期

2 杜躍進(jìn);;APT應(yīng)對面臨的挑戰(zhàn)——關(guān)于APT的一些問題[J];信息安全與通信保密;2012年07期

3 杜躍進(jìn);穆瑛;;往哪走 做什么 怎么辦 如何應(yīng)對APT及新階段網(wǎng)絡(luò)安全威脅?[J];信息安全與通信保密;2012年07期

4 翟立東;李躍;賈召鵬;郭莉;;融合網(wǎng)絡(luò)空間的APT威脅檢測與防護(hù)[J];信息網(wǎng)絡(luò)安全;2013年03期

【共引文獻(xiàn)】

相關(guān)期刊論文 前10條

1 林龍成;陳波;郭向民;;傳統(tǒng)網(wǎng)絡(luò)安全防御面臨的新威脅:APT攻擊[J];信息安全與技術(shù);2013年03期

2 黃嵩;;新一代網(wǎng)絡(luò)攻擊與防護(hù)的博弈[J];電腦知識與技術(shù);2013年05期

3 杜躍進(jìn);方}峙，

本文編號：2169013