期刊名称:IOP Conference Series: Earth and Environmental Science
印刷版ISSN:1755-1307
电子版ISSN:1755-1315
出版年度:2019
卷号:252
期号:5
页码:1-7
DOI:10.1088/1755-1315/252/5/052160
出版社:IOP Publishing
摘要:APT attack has become the most serious security threat, attackers may use social engineering methods and a large number of 0-day vulnerability attacks to steal or tamper the core data of the target. If the target does not have the ability of real-time attack detection and defense, once the system is intruded, it will suffer serious economic and business losses. The author sums up the typical characteristics and life cycle of APT attacks, which explains the common attack channels and critical steps of APT attacks, and then describes the technical difficulties and challenges in analyzing APT attacks. To solve the problems, an APT attack analysis system based on NGSIEM is proposed, which can implement normalization and complex algorithm processing on logs and alarms collected from server devices and security devices of multiple layers of the business system, as well as threat intelligence acquired from the intelligence agency.
