信息网络安全 ›› 2024, Vol. 24 ›› Issue (7): 1122-1128.doi: 10.3969/j.issn.1671-1122.2024.07.013

• 技术研究 • 上一篇    下一篇

基于威胁发现的APT攻击防御体系研究

赵新强1,2, 范博1(), 张东举1   

  1. 1.中国电子技术标准化研究院,北京 100007
    2.中国科学院信息工程研究所,北京 100085
  • 收稿日期:2024-03-06 出版日期:2024-07-10 发布日期:2024-08-02
  • 通讯作者: 范博 fanbo@cesi.cn
  • 作者简介:赵新强(1989—),男,山东,工程师,硕士研究生,主要研究方向为网络安全标准化、关键信息基础设施安全保护|范博(1978—),女,吉林,高级工程师,硕士,主要研究方向为网络安全标准化、等级保护|张东举(1990—),男,黑龙江,工程师,硕士,主要研究方向为网络安全标准化、关键信息基础设施安全保护。
  • 基金资助:
    国家重点研发计划(2022YFB3103900)

Research on APT Attack Defense System Based on Threat Discovery

ZHAO Xinqiang1,2, FAN Bo1(), ZHANG Dongju1   

  1. 1. China Electronic Standardization Institute, Beijing 100007, China
    2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China
  • Received:2024-03-06 Online:2024-07-10 Published:2024-08-02

摘要:

APT攻击的未知性和不确定性使得传统防护体系难以快速检测防御,其持续进化能力也使得基于特征检测技术的传统防护手段无法满足日益增长的安全需求。文章基于红蓝对抗思想构建了APT攻防模型,并基于杀伤链分类总结出常见网络攻击的步骤和技术。文章结合APT攻防实践经验提出一种以APT威胁发现为核心的防御思想模型和“云、管、端、地”协同的综合安全技术框架。

关键词: 网络空间安全, APT, 未知攻击, 红蓝对抗, 威胁发现

Abstract:

The unknown and uncertainty of APT attacks make it difficult for traditional defense systems to quickly detect and defend, and their continuous evolution ability also makes traditional defense methods based on feature detection technology inadequate. This paper presented an APT attack and defense model based on the concept of red-blue confrontation, and summarized the steps and techniques of common network attacks based on the classification of kill chains. It also proposed a defense concept model with the core of APT threat discovery and a comprehensive security technology framework of “cloud, management, end, and ground” collaboration based on the practical experience of APT attack and defense.

Key words: cyberspace security, APT, unknown attack, red-blue confrontation, threat discovery

中图分类号: