- wangxiaoyu,gongxiaorui,zhangxiu,chengzijun.A Survey of Multi-step Attack Detection[J].Journal of Cyber Security,Accept [点击复制]
|关键词: 多步攻击 检测 报警关联 溯源图
|A Survey of Multi-step Attack Detection
wangxiaoyu, gongxiaorui, zhangxiu, chengzijun
|(Institute of Information Engineering, Chinese Academy of Sciences)
|As the network becomes more and more complex and the defense capability of the defender improves, multi-step attacks have become the main attack manner. A multi-step attack is a purposeful attack composed of multiple atomic attacks in a logical sequence. Compared with single-step attacks, multi-step attacks are performed during a longer period and in a more concealed way, so they are more harmful. Therefore, the detection of multi-step attacks is particularly important. In this paper, we systematically analyze the definition of multi-step attacks and the technical challenges faced by mul-ti-step attack detection, and summarize the development stages of multi-step attack detection technology, then classify and compare the methods used in current research works. Additionally, we list available datasets so far and put forward possible research opportunities in the future.
|Key words: Multi-step attack detection alert correlation provenance graph