| 引用本文: |
-
马多贺,唐志敏,张雅勤,Xiaoyan Sun,王新哲.基于主动防御的反勒索软件技术研究[J].信息安全学报,已采用 [点击复制]
- Ma Duohe,Tang Zhimin,Zhang Yaqin,Xiaoyan Sun,Wang Xinzhe.Research on Active Defense-based Anti-Ransomware Technology[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 勒索软件易攻难守,一旦利用漏洞进入系统对数据采用高强度密码算法进行加密后,反向自行破解的概率极低,已成为网络安全和数据安全的严重威胁之一。勒索软件变种层出不穷,传统勒索防御方法已无法抵御愈发智能化、复杂化的新型勒索软件攻击,因此研究基于主动防御的反勒索软件技术具有极其重要的意义。首先分析了主动反勒索技术的背景、现状和研究意义,阐述了技术脉络和研究分类;然后介绍了典型勒索软件类型、特征,及其演变趋势;基于勒索软件生命周期从入侵手段、规避机制以及数据安全威胁三个方面阐述了勒索软件攻击机制,归纳分析了不同勒索软件变种的攻击原理和实例;根据勒索软件所处攻击阶段和攻击特性,将主动反勒索技术分为勒索预防技术、勒索阻断技术、数据防篡改技术以及数据防泄漏技术四个大类,对比分析了现有主动反勒索技术的优缺点;进一步以数据保护为目标提出了主动反勒索安全框架;讨论和展望了反勒索技术未来的关键研究方向。 |
| 关键词: 勒索攻击 反勒索 主动防御 数据安全 网络安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.08.01 |
| 投稿时间:2023-02-07修订日期:2023-06-13 |
| 基金项目: |
|
| Research on Active Defense-based Anti-Ransomware Technology |
|
Ma Duohe1, Tang Zhimin1, Zhang Yaqin2, Xiaoyan Sun3, Wang Xinzhe1
|
| (1.Institute of Information Engineering,Chinese Academy of Sciences;2.North China Computer System Engineering Research Institute;3.California State University, Sacramento USA) |
| Abstract: |
| Ransomware is easy to attack but difficult to defend. Once it uses vulnerabilites to enter the system to encrypt data using a high-intensity cryptographic algorithm, the probability of reverse self cracking is extremely low, and it has become one of the serious threats to network security and data security. Ransomware varieties emerge in endlessly, and the traditional defense methods can no longer resist the increasingly intelligent and complex new ransomware attacks. Therefore, it is of great significance to study the anti-ransomware technology based on active defense. Firstly, this paper analyzes the background, current situation and research significance of active anti-ransomware technology, and describes the technology context and research classification. Then we introduce the related knowledge of ransomware, and analyzes the active defense countermeasures against the life cycle of ransomware. We classify the attack techniques of ransomware from three aspects: intrusion means, circumvention mechanism and data security threats, and analyze the attack principles of typical ransomware. According to the defense principle, we divide the active anti-ransomware technology into four categories: ransomware prevention technology, ransomware blocking technology, data tamper prevention technology and data leakage prevention technology. Then, we classify and analyze each category, and compare the advantages and disadvantages of the existing active anti ransomware technologies. Furthermore, we propose the security framework of active anti-ransomware defense with the goal of data protection, and point out the research direction for the game confrontation of subsequent anti-ransomware technology. |
| Key words: ransomware attack anti-ransomware active defense data security network security |
