题名

應用回溯式偵測快速應變APT之探討

作者

劉順德;陳奕明;邱裕婷

关键词

進階持續威脅 ; 回溯式偵測 ; 惡意程式偵測 ; 資安事件調查 ; 彊屍網路偵測

期刊名称

資訊安全通訊

卷期/出版年月

19卷4期(2013 / 10 / 01)

页次

3 - 15

内容语文

繁體中文
中文摘要

近年來新興的網路攻擊進階持續威脅(Advanced Persistent Threats;APTS)對企業甚至是國家造成極大的影響,也連帶牽動著資訊安全防護技術發展的方向。本文針對目前APT的相關研究與技術進行回顧,並提出回溯式偵測來發掘APT受駭主機的概念,期望能提供相關研究的參考。在第壹章中介紹本文的背景與動機,並介紹新型的網路攻擊APT對現行的網路安全防禦機制的影響。接著針對APT攻擊以及如何發現潛在的APT受駭電腦等偵測技術,進行系統化的回顧,接續的章節中首先將回顧進階持續威脅的定義與相關研究,接著探討回溯式偵測方法(retrospective detection)的相關研究。最後,再進一步依據偵測基礎的差異,分別回顧以主機為基礎的回溯式偵測方法與相關研究、以及以網路為基礎的回溯式偵測方法與相關研究。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. TrendMicro, Threat Encyclopedia, Dec 27 2010, retrieved from http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=TROJ_MDROPPER.ZY.
  2. websense, “Advanced Persistent Threats and Other Advanced Attacks,”http://www.websense.com/content/advanced-attacks-in-the-news.aspx (2013/9/9).
  3. G. Hoglund, “Advanced Persistent Threat,”http://www.issa-sac.org/info_resources/ISSA_20100219_HBGary_Advanced_Persistent_Threat.pdf (2013/9/9).
  4. M.K. Daly, “The Advanced Persistent Threat,”http://static.usenix.org/event/lisa09/tech/slides/daly.pdf (2013/9/9).
  5. K. Zetter, “Google hack attack was ultra sophisticated, new details show,”http://www.wired.com/threatlevel/2010/01/operation-aurora/ (2013/9/9).
  6. Splunk, “Splunk: The IT search company,” http://www.splunk.com/ (2013/9/9)
  7. Symantec, “Security Response”, http://www.symantec.com/ security_response/(2013/9/9).
  8. C. Raiu, I. Soumenkov, K. Baumgartner and V. Kamluk, The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor, http://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
  9. F. Li and A. Atlasis, “A Detailed Analysis of an Advanced Persistent Threat Malware,” http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814 (2013/9/9).
  10. Damballa, “Advanced Persistent Threats (APT),”http://www.damballa.com/knowledge/advanced-persistent-threats.php (2013/9/9).
  11. D. Pogue, “Google Takes on Your Desktop,”http://www.nytimes.com/2004/10/21/technology/circuits/21stat.html (2013/9/9).
  12. Sophos, “SOPHOS”, http://www.sophos.com/ (2013/9/9).
  13. Alperovitch, D..Revealed: operation shady RAT.
  14. Aquilina, J.M.,Casey, E.,Malin, C.H.(2008).Malware forensics: investigating and analyzing malicious code.Syngress Publishing.
  15. Baize, E.(2012).Developing Secure Products in the Age of Advanced Persistent Threats.IEEE Security & Privacy,10,88-92.
  16. Dempsey, K.L.,Chawla, N.S.,Johnson, L.A.,Johnston, R.,Jones, A.C.,Orebaugh, A.D.,Scholl, M.A.,Stine, K.M.(2011).Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations.National Institute of Standards and Technology U.S. Department of Commerce.
  17. Goebel, J.,Holz, T.(2007).Rishi: identify bot contaminated hosts by IRC nickname evaluation.Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
  18. Gordon, T.(2011).APTs: a poorly understood challenge.Network Security,2011,9-11.
  19. Grow, B.,Epstein, K.,Tschang, C.C.(2008).The New E-spionage Threat.Bloomberg Businessweek Magazine,2008(April 09)
  20. Gu, G.,Zhang, J.,Lee, W.(2008).BotSniffer: Detecting botnet command and control channels in network traffic.Proceedings of the 15th Annual Network and Distributed System Security Symposium
  21. Juels, A.,Yen, T.F.(2012).Sherlock Holmes and The Case of the Advanced Persistent Threat.Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
  22. Larson, R.E.(2003).CCSP: Cisco Certified Security Professional Certification All-in-One Exam Guide.McGraw Hill.
  23. Leung, A.W.,Shao, M.,Bisson, T.,Pasupathy, S.,Miller, E.L.(2009).Spyglass: Fast, scalable metadata search for large-scale storage systems.Proccedings of the 7th conference on File and storage technologies
  24. Li, F.,Lai, A.,Ddl, D.(2011).Evidence of Advanced Persistent Threat: A case study of malware for political espionage.6th International Conference on Malicious and Unwanted Software
  25. Liu, S.T.,Chen, Y.M.(2010).Retrospective Detection of Malware Attacks by Cloud Computing.2010 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery
  26. Liu, S.T.,Chen, Y.M.,Hung, H.C.(2012).N-Victims: An Approach to Determine N-Victims for APT Investigations.Lecture Notes in Computer Science,7690,226-240.
  27. Oberheide, J.,Cooke, E.,Jahanian, F.(2008).Cloudav: N-version antivirus in the network cloud.Proceedings of the 17th conference on Security symposium
  28. Perdisci, R.,Lee, W.,Feamster, N.(2010).Behavioral clustering of HTTP-based malware and signature generation using malicious network traces.Proceedings of the 7th USENIX conference on Networked systems design and implementation
  29. Pipkin, D.L.(2000).Information Security: Protecting the Global Enterprise.Prentice Hall PTR.
  30. Rieck, K.,Schwenk, G.,Limmer, T.,Holz, T.,Laskov, P.(2010).Botzilla: detecting the "phoning home" of malicious software.Proceedings of the 2010 ACM Symposium on Applied Computing
  31. Shah, S.,Soules, C.A.N.,Ganger, G.R.,Noble, B.D.(2007).Using provenance to aid in personal file search.2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
  32. Sood, A.K.,Bansal, R.,Enbody, R.J.(2013).Cybercrime : Dissecting the State of Underground Enterprise.IEEE Internet Computing,17,60-68.
  33. Sood, A.K.,Enbody, R.J.(2013).Targeted Cyber Attacks - A Superset of Advanced Persistent Threats.IEEE Security & Privacy,11,54-61.
  34. Soules, C.A.N.,Ganger, G.R.(2005).Connections: using context to enhance file search.ACM SIGOPS Operating Systems Review,39,119-132.
  35. Tan, J.,Pan, X.,Kavulya, S.,Gandhi, R.,Narasimhan, P.(2008).SALSA: analyzing logs as state machines.Proceedings of the First USENIX conference on Analysis of system logs
  36. Tankard, C.(2011).Advanced Persistent threats and how to monitor and deter them.Network Security,2011,16-19.
  37. Thonnard, O.,Bilge, L.,O'Gorman, G.,Kiernan, S.,Lee, M.(2012).Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat Research in Attacks, Intrusions, and Defenses.Lecture Notes in Computer Science,7462,64-85.
  38. Warmer, M.(2011).University of TWENTE.
  39. Winder, D.(2011).Persistent and Evasive Attacks Uncovered.Infosecurity,8,40-43.
  40. Zhu, Z.,Lu, G.,Chen, Y.,Fu, Z.,Roberts, P.,Han, K.(2008).Botnet Research Survey.32nd Annual IEEE International Computer Software and Applications,Evanston, I.L.:
print cancel