关键词: 高级持续性威胁, 态势感知, 攻击链, 概念模型, 态势预测

Abstract: Most existing researches on advanced persistent threats focus on the detection and discovery of threats, and the description of threats is not comprehensive. Network security situational awareness provides a clear network status for decision makers from a holistic perspective, which helps to comprehensively understand threats. Although scholars have carried out a lot of researches on situational awareness, most of them focus on their own state, only achieving the effect of "know ourselves", and relatively few studies on "know the enemy". Based on the situational awareness model, combined with related research such as the kill chain model, a conceptual situational awareness model for advanced persistent threats is proposed. This paper comprehensively discussed the functional tasks and related technologies of situation acquisition, understanding, and prediction from both perspectives. And then we made a discussion on the formal definition of each phase, providing a theoretical basis for advanced persistent threat detection and recognition.

Key words: advanced persistent threats, situation awareness, kill chain, conceptual model, situation projection