摘要
近年高级持续威胁(Advanced Persistent Threat, APT)已成为威胁国家安全、组织机构利益和个人隐私的严重网络空间安全危害。APT具有攻击过程复杂、隐蔽性高和破坏性强的特点,极难被检测和防御。而主机系统通常是APT活动的主要攻击目标。因此关注基于主机的APT检测技术的研究进展和未来趋势具有重要意义。本文首先总结了APT的生命周期和各攻击阶段特点及主机安全问题。接着介绍了主机实体类型及其行为数据类型。然后系统化总结了基于主机实体行为的APT检测技术。又归纳了威胁检测评价数据集和评价指标。最后总结了当前技术挑战并展望了未来研究方向。
Recently, Advanced Persistent Threat (Advanced Persistent Threat, APT) has become a serious problem in cyber security that threatens national security, organizational interests and personal privacy. APTs are difficult to be defended against and detected because of their complex attack process, high concealment, and strong destruction. Host systems are often the primary target of APT activities. Therefore, it is of great significance to focus on the research progress and future trend of host-based APT detection. This paper first summarizes the life cycle of APT and characteristics of each attack stage and host security issues. It then introduces the types of host entities and the types of their behavior data. Then host entity behavior based APT detection techniques are systematically summarized. The evaluation methods of threat detection techniques are introduced, including data sets and evaluation metrics. Finally, the technical challenges and future research are concluded.
出处
《计算机科学与应用》
2022年第1期233-251,共19页
Computer Science and Application