APT网络攻防阅读摘要

APT网络攻防阅读摘要

by deperdado

阅读材料:Malware triage for early identification of Advanced Persistent Threat activities

APT定义

Advanced Criminal minds behind attacks utilize the full spectrum of computer intrusion technologies and techniques. While individual attacker may not be classed as particularly “advanced” (e.g. single stage malware component found on the black market), their operators typically access and develop more advanced tools as required.

Persistent Criminal operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. The attack is indeed conducted through continuous monitoring and interaction in order to achieve the defined objectives. A “low-and-slow”approach is usually more successful.

Threat The attack has a malicious nature. Malevolent attacker have a specific objective and are skilled, motivated, organized and of course well funded. Moreover this advanced attacks are strongly targeted in order to overcome all the general defences that one can apply.

APT进行阶段

  1. 开发阶段
  2. 侦查阶段 攻击者进行长时间地精心准备,搜集个人敏感信息和安全漏洞,熟悉目标网络环境,定位关键敏感信息的存储位置和通信方式。
  3. 持久阶段(安装后门)
  4. 提权阶段
  5. 前过滤阶段 (达成目的)
  1. 通过数据库注入、内存溢出等攻击手段突破
    部署在外网的服务器;
  2. 使用被入侵的服务器做跳板,对内部网络中
    其他服务器或终端计算机进行扫描,并为下一步入侵
    做准备;
  3. 通过密码破解或发送欺诈邮件,获取管理员
    帐号,并最终突破 AD(Active Directory,活动目录)服
    务器或核心开发环境;
  4. 被攻击者的电子邮箱自动发送邮件副本给攻
    击者;
  5. 在被入侵的服务器或终端计算机内植入后门
    木马等恶意软件,回传大量的敏感数据资料;
  6. 利用同事或主管邮件,发送携带恶意程序的
    附件,诱骗点击并入侵终端计算机

APT防御

  1. 提高用户和管理员的信息安全意识。
  2. 安装专业杀毒软件。
  3. 部署全网安全预警平台。

    论文主要论题

    如何提高现有的APT检测方法的准确率并减少耗时

方法:将原有的简单的多类别分类法改为一类的单类别分类法

through the changing of the classification approach, moving from a single Multi-Class
Classifier to a set of One Class classifiers.

效果:由已知的APT开发的恶意软件以100%的精密度和高达95%的精确度被检测到。

malware developed by known APTs have been detected with a precision of 100% and an accuracy up to 95%.

本文标题:APT网络攻防阅读摘要

文章作者:desperadoccy

发布时间:2019年04月29日 - 21:04

最后更新:2020年12月21日 - 03:12

原始链接:https://desperadoccy.github.io/2019/04/29/APT-attack/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。