信息安全研究2024,Vol.10Issue(4):302-310,9.DOI:10.12379/j.issn.2096-1057.2024.04.03
面向取证的网络攻击者溯源分析技术研究综述
A Survey of Forensic Network Attack Source Traceback
摘要
Abstract
The concealment and anonymity of cyber attackers pose significant challenges to the field of network attack traceback.This study provides a comprehensive overview of the current state of research on network attack traceback analysis techniques,focusing on three aspects:traffic,scenarios,and samples.Firstly,with respect to traffic traceback,the paper outlines methods and applications based on log records,packet marking,ICMP tracing,and link testing.Secondly,it categorizes traceback techniques for different scenarios,encompassinganonymous networks,zombie networks,springboards,local area networks,and advanced persistent threat attacks,as well as their applications and limitations in real-world environments.Finally,concerning sample analysis,the paper discusses the progress and application scenarios of static and dynamic traceback analysis in the context of malicious code analysis and attack tracing.关键词
网络安全/追踪溯源/网络欺骗/恶意样本溯源/匿名网络溯源Key words
cybersecurity/attribution/network deception/malicious sample traceability/anonymous network traceability分类
信息技术与安全科学引用本文复制引用
王子晨,汤艳君,潘奕扬..面向取证的网络攻击者溯源分析技术研究综述[J].信息安全研究,2024,10(4):302-310,9.基金项目
辽宁网络安全执法协同创新中心项目(WXZX201912002) (WXZX201912002)
中国刑事警察学院研究生创新能力提升项目重点项目(2023YCZD06) (2023YCZD06)
