摘要
APT(高级持续性威胁)是专门针对特定组织所作的复杂且多方位的高级渗透攻击。本文提出了一种基于活动行为特征关联分析的APT攻击行为检测模型,从恶意行为代码感知、软件安全漏洞感知、典型攻击行为感知、综合关联分析四个方面来实现对APT攻击行为的监测预警,并将其有效应用于APT攻击检测系统,为未来APT攻击防御产品的研发提供了一种新的思路。
APT( Advanced Persistent Threat) is complex and multifaceted advanced penetration attack,which is made specifically for a particular organization. This paper proposed a method which is based on the analysis of the activities associated with behavior characteristics. The APT attack monitoring,early warning from malicious behavior code awareness,software vulnerabilities awareness,the awareness of the typical behavior of attack,and comprehensive analysis are realized. This method will give an idea for the product of the APT defense.
作者
刘科科
王丹辉
郑学欣
郭静
LIU Ke-ke;WANG Dan-hui;ZHENG Xue-xin;GUO Jing(China Academy of Electronics and Information Technology,Beijing 100041,China)
出处
《中国电子科学研究院学报》
北大核心
2019年第1期86-92,共7页
Journal of China Academy of Electronics and Information Technology
基金
中国电科科技创新基金项目
关键词
APT
木马检测
行为感知
Advanced Persistent Threat
Trojan detection
behavior awareness