网络安全与数据治理2024,Vol.43Issue(8):15-21,27,8.DOI:10.19358/j.issn.2097-1788.2024.08.003
基于威胁情报关联的APT攻击识别与溯源技术
APT attack identification and tracing technology based on threat intelligence correlation
赵云龙 1杨继 1于运涛 1王绍杰1
作者信息
- 1. 中国电子信息产业集团有限公司第六研究所,北京 100083
- 折叠
摘要
Abstract
The form of confrontation in cyberspace is becoming more complex,with artificial intelligence,evasion,intelligence gathering,social engineering,geopolitics and more.At present,IOC characteristics of threat intelligence are mainly used to iden-tify controlled host and C&C terminal connection behavior.In addition,we can trace the hacker organization through the associa-tion extension IOC.Based on the data of full traffic storage,backtracking and global APT threat intelligence monitoring,an APT attack identification and background traceability scheme based on IOC extended index,TTP rules and model association is pro-posed,which can extend the traditional detection mode based on time point to the detection mode based on historical time window,and can more fully cope with the persistence and long-term nature of APT.At the same time,it also becomes one of the effective ways to trace the background of APT organization.关键词
全流量/威胁情报/IOC特征/TTP/关联分析Key words
full traffic/threat intelligence/IOC characteristics/TTP/association analysis分类
信息技术与安全科学引用本文复制引用
赵云龙,杨继,于运涛,王绍杰..基于威胁情报关联的APT攻击识别与溯源技术[J].网络安全与数据治理,2024,43(8):15-21,27,8.
