信息网络安全

信息网络安全 ›› 2016, Vol. 16 ›› Issue (9): 118-123.doi: 10.3969/j.issn.1671-1122.2016.09.024

• • 上一篇    下一篇

APT攻击原理及防护技术分析

程三军(), 王宇   

  1. 河南省人民检察院,河南郑州 450004
  • 收稿日期:2016-07-25 出版日期:2016-09-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 程三军(1966—),男,辽宁,高级工程师,硕士,主要研究方向为信息安全,王宇(1975—),男,河南,高级工程师,硕士,主要研究方向为计算机图形图像、网络安全。

Analysis of APT Attack Principle and Protection Technology

Sanjun CHENG(), Yu WANG   

  1. People's Procuratorate of Henan Province, Zhengzhou Henan 450004, China
  • Received:2016-07-25 Online:2016-09-20 Published:2020-05-13

RichHTML

15

PDF (PC)

314

摘要:

全球信息技术的不断演变,使得APT攻击更具有侵略性和目的性。先进的技术应用、长期的潜伏隐匿、获利方的资助,是APT攻击与其他网络攻击的显著区别。文章介绍了近年流行的APT攻击,首先以NIST对于APT攻击的定义说明APT攻击的特点,并指明攻击者通常使用APT攻击的目标,分析近年APT攻击的实例;然后又详细分析了APT攻击的常见步骤,并以韩国SK公司遭受APT攻击的案件为实例说明了各个步骤的攻击内容;进而提出全面应对APT攻击的宏观持续性改进的防护思想及微观的结构化最佳实践应对方法。

关键词: APT攻击, 案例分析, 防御思路

Abstract:

The continuous evolution of the global information technology makes the APT attacks more aggressive and purposeful. Application of advanced technology, long latency hidden and sponsored by profit party long-term funding, is significantly different APT attacks from other network attacks. This paper introduces the popular APT attacks in recent years, such as NIST attacks on the APT, so as to give the character of APT attacks, and indicate usual target of APT attack, by analysising APT attack case in recent years. After a detailed analysis of the common steps of APT attacks-South Korea SK company being APT attack, it illustrates the various steps of the offensive content. Furthermore, it puts forward comprehensive response to the APT attacks from the macroscopic continuous improvement of protection concept and micro structured best practice methods solutions.

Key words: APT, case analysis, defensive thinking

中图分类号: