信息安全研究2024,Vol.10Issue(5):396-402,7.DOI:10.12379/j.issn.2096-1057.2024.05.02
多步攻击检测关键技术研究展望
Key Technologies and Research Prospects in Multi-step Attack Detection
摘要
Abstract
Multi-step attack detection technology leveragesalert log data analysis to uncover attack scenarios,aiding in the early detection of high-threat attack paths.This ultimately reduces security risks and enhances the safety of networks and information systems.This paper introduces three key technologies of multi-step attack detection:alert similarity-based,alert causality-based,and model-based approaches.Through comparative analysis,the differences between these techniques are examined.Furthermore,this paper explores the future directions for multi-step attack detection technology,including integration with privacy computation,provenance graph,and causality inference techniques.These integrations promise to offer novel approaches and methodologies for network security in the face of increasingly complex threats.关键词
多步攻击检测/告警相似度/因果知识/隐私计算/溯源图/因果推断Key words
multi-step attack detection/alert similarity/causality knowledge/privacy computation/provenance graph/causality inference分类
信息技术与安全科学引用本文复制引用
谢国杰,张旭,于洋,赵程遥,胡佳,王浩铭,蒋沐辰,胡程楠..多步攻击检测关键技术研究展望[J].信息安全研究,2024,10(5):396-402,7.基金项目
国家重点研发计划项目(2022YFF0902704) (2022YFF0902704)
浙江省重点研发计划项目(2023C03194,2023C01025) (2023C03194,2023C01025)
