Effect Analysis of Network Security Attack and Defense Technology

Abstract

Abstract: This paper presents the risks of network security faced by medical institutions, the reasons for the risks and the necessity of network security construction, aiming at improving the network security of network medical institutions. According to the national network security laws and regulations and level protection policies, the idea of putting forward to the architecture of network defense based on open source software is proposed, basing on kill chain model and MITRE ATT&CK framework as the basis of network attack knowledge base. This architecture applies defense strategy, technology and software to all stages of AntiKillChain and AntiATT&CK framework attack. Through a large number of network attackdefense experiment and the actual running effect of inspection for a long time, it can achieve better defense effect, and provide the practical reference significance for medical institutions to improve network security.

Key words: medical institutions, free-open-source software, ATT and CK framework, defense architecture, network security

摘要： 从医疗机构面临的网络安全风险、风险存在的原因和网络安全建设必要性出发，以提高网络医疗机构网络安全性为目的，依据国家网络安全法律法规和等级保护政策，以Kill Chain模型和MITRE ATT&CK框架为基础网络攻击知识库，提出了构建以开源软件为基础的网络防御体系，将防御的策略、技术和工具运用于反杀伤链及防御ATT&CK框架攻击的各阶段，通过大量网络攻防演练和长期的实际运行效果的检验，可以实现较好的防御效果，对医疗机构等单位提高网络安全性具有现实参考意义.

关键词: 医疗机构, 免费开源软件, ATT and CK框架, 防御体系, 网络安全

马晓亮. 网络安全攻防实战技术与效果分析[J]. 信息安全研究, 2021, 7(8): 763-772.

References

［1］中国信息通信研究院. 2019年健康医疗行业网络安全观测报告［OL］. (20190831)［20210101］. http:www.caict.ac.cnkxyjqwfbztbg201908t20190805_206353.htm

［2］平国楼, 叶晓俊. 网络攻击模型研究综述［J］. 信息安全研究, 2020, 6(12): 10581067

［3］王松, 张艺然, 朱佳卿. 某市二级以上公立中医医院信息安全的现状调查与分析［J］. 中国医药导报, 2019,16(15): 176180

［4］罗森林, 朱帅, 王春晓. 网络空间安全对抗演练模型研究［J］. 信息安全研究, 2016, 2(8): 712720

［5］孙惟皓, 凌宗南, 陈炜忻. 日志智能分析在银行业IT安全运维管理中的应用［J］. 微型机与应用, 2018, 37(7):1317

［6］Hahn A, Thomas A, Lozano I, et al. A multilayered and killchain based security analysis framework for cyberphysical systems［J］. International Journal on Critical Infrastructure Protection, 2015, 11: 3950

［7］Malone S. Using an expanded cyber kill chain model to increase attack resiliency［OL］.［20210102］.https:www.blackhat.comdocsus16materialsus16MaloneUsingAnExpandedCyberKillChainModelToIncreaseAttackResiliency.pdf

［8］Storm B E, Applebaum A, Miller D P, et al. Mitre ATT&CK: Design an philosophy, MP180360［R］. Bedford, MA: The MITRE Corporation, 2018

［9］Kriston. 2019年全球重大网络攻击及数据泄露事件回顾［OL］. FREEBUF, (20191211) ［20210101］. https:www.freebuf.comarticlesnetwork222565.html

［10］柳遵梁. 从Verizon数据泄露报告看医疗行业数据安全［OL］. FREEBUF, (20190507) ［20210101］. https:www.freebuf.comcolumn202921.html

［11］北京瑞星网安技术股份有限公司. 2019年瑞星中国网络安全报告与趋势展望［J］. 信息安全研究, 2020, 6(2): 98107

［12］高向东. PCIDSS数据安全标准V2.0变更分析［J］.中国信息安全, 2011, 16(4): 9091

［13］王世轶, 吴江, 张辉. 渗透测试在网络安全等级保护测评中的应用［J］. 计算机应用与软件, 2018, 35(11): 190193

［14］马晓亮, 孙艳红. 基于远程评估分析的政务系统安全防护研究［J］. 电脑知识与技术, 2018, 14(21): 304306

［15］陈伟, 周继军, 许德武. Snort轻量级入侵检测系统全攻略［M］. 北京: 北京邮电大学出版社, 2009

［16］Wrench P M, Irwin B V W . Towards a PHPwebshell taxonomy using deobfuscationassisted similarity analysis［C］ Proc of Conf on Information Security for South Africa. Piscataway, NJ: IEEE, 2015

[1]	. [J]. Journal of Information Security Reserach, 2021, 7(8): 773-778.
[2]	. Research on Network Security Monitoring in Attack and Defense Drill [J]. Journal of Information Security Reserach, 2021, 7(7): 669-673.
[3]	. Analysis on Standardization Construction of Cyber Threat Intelligence [J]. Journal of Information Security Reserach, 2021, 7(6): 503-511.
[4]	. Real-time automatic detection and recognition of Internet of Things equipment based on flow fingerprint [J]. Journal of Information Security Reserach, 2021, 7(6): 543-549.
[5]	. The current situation of the international mobile communication security detection and certification system [J]. Journal of Information Security Reserach, 2021, 7(5): 402-411.
[6]	. Unified Security Evaluation Test Model and System Establishment for 5G Assets [J]. Journal of Information Security Reserach, 2021, 7(5): 436-442.
[7]	. Research on Browser Security and Trusted Architecture Under Xinchuang System [J]. Journal of Information Security Reserach, 2021, 7(4): 328-334.
[8]	. Research on Evaluation System of Digital Government Network Security Index [J]. Journal of Information Security Research, 2021, 7(3): 257-262.
[9]	. Phishing Email Analysis of Social Engineering Attacks [J]. Journal of Information Security Research, 2021, 7(2): 166-170.
[10]	. The design and thinking of the security protection system of classified and sub domain of the trade secret network of the central management enterprises [J]. Journal of Information Security Research, 2020, 6(9): 0-0.
[11]	. Research on 5G Supply Chain Security Under Global Digital Economy Strategic [J]. Journal of Information Security Research, 2020, 6(8): 688-693.
[12]	. Network Situation Prediction Model Based on MEA-LVQ [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[13]	. Research on Web Traffic Baseline Analysis of Government Website [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[14]	. The Key Techniques Research of 10Gbps IPSec Protocol Chip [J]. Journal of Information Security Research, 2020, 6(2): 145-150.
[15]	. Research on Industrial Internet Security Monitoring Audit and Trend Awareness Technology [J]. Journal of Information Security Research, 2020, 6(11): 0-0.