[1]Chen P,Desmet L,Huygens L.A study on advanced persistent threats[C]//Proc of IFIP Int Conf on Communications and Multimedia Security.Berlin:Springer,2014:63–72
[2]Alshamrani A, Myneni S, Chowdhary A, et al. A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities[J].IEEE Communications Surveys&Tutorials,2019,21(2):1851–1877
[3]崔传桢,田霞. 卫达安全,构建网络安全智能动态防御系统[J].信息安全研究,2017,3(12):1058-1066
[4]Pietrzak P. Jak skutecznie obslugiwac zaawansowane ataki APT[EB/OL].[2020-12-19].https://magazyn.mediarecovery.pl/jak-skutecznie-obslugiwaczaawansowane-ataki-apt-tzw-advanced-persistent-threats
[5]奇安信威胁情报中心.全球高级持续性威胁(APT)2020年度报告[EB/OL].[2021-02-07].https://ti.qianxin.com/uploads/2021/02/08/dd941ecf98c7cb9bf0111a8416131aa1.pdf
[6]360政企安全.2020全球高级持续性威胁APT研究报告[EB/OL].[2021-02-25]. http://pub-shbt.s3.360.cn/cert-public-file/2020全球高级持续性威胁APT研究报告.pdf
[7]Thailand Computer Emergency Response Team. Threat group cards:A threat actor encyclopedia[EB/OL].[2020-12-03].https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf
[8]The MITRE Corporation. ATT&CK matrix for enterprise[EB/OL].[2020-08-11].https://attack.mitre.org/
[9]McWhorter D. Mandiant exposes APT1-One of China’s cyber espionage units & releases 3,000 indicators[EB/OL]. Alexandria, Virginia:Mandiant,2013[2020-11-14].https://www.fireeye.com/blog/threat-research/2013/02/mandiant-exposes-apt1-chinas-cyber-espionage-units.html
[10]Bhatt P, Yano E T, Gustavsson P. Towards a framework to detect multi-stage advanced persistent threats attacks[C]//Proc of the 8th IEEE Int Symp on Service Oriented System Engineering. Piscataway,NJ:IEEE,2014:390–395.
[11]Caltagirone S. The diamond model of intrusion analysis[EB/OL].Hanover Md:Center For Cyber Intelligence Analysis and Threat Research,2013[2021-01-22]. https://www.threatintel.academy/wp-content/uploads/2020/07/diamond_summary.pdf
[12]Li Z, Chen Q A, Yang R, et al. Threat detection and investigation with system-level provenance graphs:A survey[J].Computers & Security,2021,106
[13]Hossain M, Milajerdi S, Wang Junao, et al.SLEUTH: Real-time attack scenario reconstruction from COTS audit data[C]//Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association,2017
[14]Defense Advanced Research Projects Agency. DRAPA transparent computing[EB/OL].2015[2020-08-14].https://www.darpa.mil/program/transparent-computing.
[15]王文娟,杜学绘,任志宇,等.基于因果知识和时空关联的云平台攻击场景重构[J].计算机科学,2021,48(2):317-323
[16]Ning Peng, Cui Yun, S. Reeves Douglas. Constructing attack scenarios through correlation of instrusion[C]//Proc of ACM Symp on Computer and Communications Security. New York:ACM,2002:245-254
[17]King S.T, Chen P M. Backtracking intrusions[C]//Proc of the 19th ACM Symp on Operating Systems Principles. New York:ACM,2003
[18]Liu Yushan, Zhang Mu, Li Ding, et al. Towards a timely causality analysis for enterprise security[C]//Proc of Network and Distributed System Security Symp (NDSS). Reston, Virginia: ISOC,2018
[19]Hu Erteng, Fu Anmin, Zhang Zhiyi, et al. ACTracker:A fast and efficient attack investigation method based on event causality[C]//IEEE INFOCOM-IEEE Conf on Computer Communications Workshops. Los Alamitos, CA: IEEE Computer Society,2021
[20]Symantec.Symantec internet security threat report[EB/OL].2020[2021-01-24]. https://docs.broadcom.com/doc/istr-24-2019-en
[21]Hassan W U, Guo Shengjian, Li Ding, et al.NODOZE:Combatting threat alert fatigue with automated provenance triage[C]//Proc of the 26th Annual Network and Distributed System Security Symp (NDSS).Reston,Virginia:ISOC,2019
[22]Milajerdi S M, Gjomemo R, Eshete B, et al. HOLMES: Real-time APT detection through correlation of suspicious information flows[C]//Proc of 2019 IEEE Symp on security and privacy (S&P). Los Alamitos, CA:IEEE Computer Society,2019:1137-1152
[23]Hassan W U, Bates A, Marino D. Tactical provenance analysis for endpoint detection and response systems[C]//Proc of 2020 IEEE Symp on Security and Privacy (S&P). Los Alamitos, CA: IEEE Computer Society,2020:1172-1189
[24]Pei Kexin, Gu Zhongshu, Saltaformaggio B, et al. HERCULE: Attack story reconstruction via community discovery on correlated log graph[C]//Proc of the 32nd Annual Conf on Computer Security Applications (ACSAC '16).New York: ACM, 2016:583–595
[25]Milajerdi S M, Eshete B, Gjomemo R, et al. Poirot:Aligning attack behavior with kernel audit records for cyber threat hunting[C]//Proc of 2019 ACM SIGSAC Conf on Computer and Communications Security. New York:ACM,2019:1795-1812
[26]Luo Zhicheng, Ding Weijia, Fu Anmin, et al. High-speed network attack detection framework based on optimized feature selection[C]//Proc of Int Conf on Security and Privacy in Digital Economy(SPDE). Berlin: Springer, 2020:65-78
[27]杨频,朱悦,张磊.基于属性数据流图的恶意代码家族分类[J].信息安全研究,2020,6(3):228-234
|