摘要：

针对窃密型APT攻击缺乏形式化表示的问题,建立一种窃密型APT攻击分层表示模型APT-HRM。参考HARM模型将APT攻击分为攻击链和攻击树上下2层,并对其进行形式化定义。攻击链由侦察、渗透、开采和撤出4个阶段组成,攻击树由攻击链各阶段所对应的攻击手段组成,APT按 照攻击链分阶段依次进行攻击。对DUQU 2.0 APT攻击的分析结果表明,该模型能够有效描述窃密型APT攻击行为。

关键词: APT攻击, 攻击链, 攻击树, 分层表示模型, DUQU 2.0攻击分析

Abstract:

In view of the lack of formal representation of the theft type APT attack,a hierarchical APT representation model is built which named APT-HRM.Referring to the HARM model,the APT attacks are divided into two layers:Attack Chain(AC) and Attack Tree(AT).The AC is composed of 4 stages:reconnaissance,infiltration,exploitation and exfiltration.The AT is composed of attack means in each stage of the AC,and the APT attacks are carried out in stages according to the AC.Analysis results of DUQU 2.0 APT attack show that,the model can effectively describe the APT attack behavior.

Key words: APT attack, Attack Chain(AC), Attack Tree(AT), hierarchical representation model, DUQU 2.0 attack analysis

中图分类号: 

• TP309