引用本文
  • 王笑语,龚晓锐,章秀,程子俊.多步攻击检测技术综述[J].信息安全学报,已采用    [点击复制]
  • wangxiaoyu,gongxiaorui,zhangxiu,chengzijun.A Survey of Multi-step Attack Detection[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 33820次   下载 28537  
多步攻击检测技术综述
王笑语, 龚晓锐, 章秀, 程子俊
0
(中国科学院信息工程研究所)
摘要:
随着网络结构的复杂化和防御能力的增强,多步攻击成为攻击的主要方式。多步攻击是多个原子攻击以特定逻辑序列组成的有目的的攻击。相较于单步攻击,多步攻击的时间跨度更长、隐蔽性更高,故而危害性更大。因此,多步攻击的检测尤为重要。本文首先系统地分析了多步攻击的定义和多步攻击检测面临的挑战,概括多步攻击检测技术的发展阶段,并对多步攻击检测技术的研究现状进行分类和对比;然后列举了该领域研究可用的数据集;最后提出了该研究未来可能的发展方向。
关键词:  多步攻击  检测  报警关联  溯源图
DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.25
投稿时间:2021-04-07修订日期:2021-06-28
基金项目:国家自然科学基金项目(No. 61802394,No.61902396)和青促会人才项目
A Survey of Multi-step Attack Detection
wangxiaoyu, gongxiaorui, zhangxiu, chengzijun
(Institute of Information Engineering, Chinese Academy of Sciences)
Abstract:
As the network becomes more and more complex and the defense capability of the defender improves, multi-step attacks have become the main attack manner. A multi-step attack is a purposeful attack composed of multiple atomic attacks in a logical sequence. Compared with single-step attacks, multi-step attacks are performed during a longer period and in a more concealed way, so they are more harmful. Therefore, the detection of multi-step attacks is particularly important. In this paper, we systematically analyze the definition of multi-step attacks and the technical challenges faced by mul-ti-step attack detection, and summarize the development stages of multi-step attack detection technology, then classify and compare the methods used in current research works. Additionally, we list available datasets so far and put forward possible research opportunities in the future.
Key words:  Multi-step attack  detection  alert correlation  provenance graph