| With the development and widely used of network information technology,network attacks that relying on information system have become more diverse and complex,which cause severe challenges all over the world in many countries,multi-field and multi-industries' information security,property security and data security.Advanced Persistent Threat is a new type of network attack mode in recent years.The emergence of new,covert,advanced,persistent characteristics can cause serious damage to the target system.Thus,the existing security protection technology is facing severe challenges.For the detection and prevention of timely,effective and accurate implementation of the APT attack,this paper focuses on the behavior analysis and defense decision of APT attack and chooses the key technologies for further research.The detailed contents are as follows:1.Focusing on the various and covert attack behavior of APT,this paper proposes a classification and performance analysis method of APT attack behaviors.Combined with the characteristics of APT attack phase,the APT attack classification framework based on the characteristics of the attack phase is proposed and performs well in "fine-grained" classification of existing attack behaviors.The key factors which affect the aggressive behavior performance are selected and defined for assessing APT attack behavior in the same standard,which can be used for comprehensively understand the substantive characteristics of APT attack behaviors.2.Focusing on the persistent and hardly evaluate of APT attack,this paper presents a method for evaluate the performance of APT attack chain and attacker's ability.The existing attack assessing method only performs well in single time and single node.The analysis of attacker 's capability is scarce,which cannot comprehensively understand the APT attack and hardly implement defense.First of all,analyze the causal association of attack the data both in space and time aspect to identify the hiding attack information in attack chains.Then,quantify the performance of the attack chains.Finally,evaluate the capability of attacker based on the identification of the attack chains.3.Focusing on the customization and difficult to defense of APT attack,this paper proposes a defense decision method of APT based on signal game model.The existing defense decision-making methods based on the data mining can hardly solve this problem of APT attack.This paper introduces the game model,combined with the characteristics of APT attacks,and proposes a method for defense-decision of APT attack based on signal game model.Firstly,analyze the nature of APT attack and construct the signal game model.Secondly,quantify the attack strategy benefits combined with the capability of attacker and the time factor.Thirdly,solve the perfect Bayesian Nash equilibrium strategy of the model and propose the attack defense-decision algorithm,which means a lot for defensing APT attack effectively. |
PDF Full Text Request