引用本文
  • 王泽辉,韩雪莹,耿晓宇,闫楚依,刘松,姜波,刘玉岭,卢志刚.网络安全横向移动攻击检测综述[J].信息安全学报,已采用    [点击复制]
  • wangzehui,hanxueying,gengxiaoyu,yanchuyi,liusong,jiangbo,liuyuling,luzhigang.An overview of network security lateral movement attack detection[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 2511次   下载 0  
网络安全横向移动攻击检测综述
王泽辉, 韩雪莹, 耿晓宇, 闫楚依, 刘松, 姜波, 刘玉岭, 卢志刚
0
(中国科学院信息工程研究所)
摘要:
随着信息化的普及,近年来,政府和大型企业的工作多在庞大的内部网络中进行,内网安全逐渐成为人们关注的问题。横向移动是发生在内网中的一个重要威胁,往往伴随着有组织性、有针对性的APT攻击,并具有隐蔽性、持续性、对抗性等特点。研究人员从不同角度对横向移动进行了研究,本文对这些研究方法进行了综述。首先,本文简要介绍了当前的网络安全形式,尤其是内网安全中横向移动的重要性;其次,本文介绍了横向移动的基本概念和特点,将横向移动阶段划分为侦察、凭证转储和权限升级、获得访问权三个步骤,并对这三个步骤的主要目标及常见技术做了详细的介绍;再次,本文按照基于图表示、基于检测技术、基于检测载体和基于攻防博弈四个分类角度对现有的横向移动研究方法进行了划分,分别从构图的方式、使用的检测策略及算法、检测的目标对象以及横向移动在实际攻防对抗中的改进方式做了介绍,并对不同的策略及方法进行了比较;随后,本文汇总了横向移动常使用到的数据集,并对各个数据集做了介绍,同时给出了常用的评估指标;最后,总结了当前研究中出现的问题并展望了未来发展的方向。本文希望能够为该领域的研究人员提供一些有价值的思考。
关键词:  网络空间安全  高级持续性威胁  内网安全  横向移动
DOI:
投稿时间:2023-10-31修订日期:2023-12-19
基金项目:
An overview of network security lateral movement attack detection
wangzehui, hanxueying, gengxiaoyu, yanchuyi, liusong, jiangbo, liuyuling, luzhigang
(iie)
Abstract:
With the popularization of information technology, in recent years, the government and large enterprises work mostly in huge intranets, and intranet security has gradually become a concern. Lateral movement is an important threat occurring in intranets, often accompanied by organized and targeted APT attacks, and characterized by stealth, persistence, and confrontation. Researchers have studied lateral movement from different perspectives, and this paper provides a review of these research approaches. Firstly, this paper briefly introduces the current form of net-work security, especially the importance of lateral movement in intranet security; secondly, this paper introduces the basic concepts and characteristics of lateral movement, divides the phase of lateral movement into three steps: reconnaissance, credentials dump and privilege escalation, and obtaining access, and gives a detailed introduction of the main objectives and common techniques of these three steps; thirdly, this paper follows the graph-based rep-resentation, Based on detection technology, based on the detection carrier and based on the attack and defense game, this paper divides the existing lateral movement research methods according to four classification perspectives, respectively, from the way of constructing the graph, the detection strategies and algorithms used, the detection of the target object as well as the improvement of the lateral movement in the actual attack and defense confrontation, and compares the different strategies and methods; subsequently, this paper summarizes the data sets that are often used in lateral movement, and makes a detailed introduction to each data set. Then, this paper summarizes the data sets often used in lateral movement, and introduces each data set, and gives the commonly used evaluation indexes; Finally, it summarizes the problems in the current research and looks forward to the direction of future development. Finally, the paper summarizes the problems in the current research and looks forward to the future development direction. This paper hopes to provide some valuable thoughts for the researchers in this field.
Key words:  cyber security  Advanced Persistent Threats  Intranet Security  Lateral Movement