网络攻击螺旋模型构建及运用研究

网络攻击模型是实施网络攻击的基本遵循依据,本文分析了经典网络攻击链模型存在的适用性不足、全面性欠缺、整体性不够三个主要问题,构建了更适合描述APT攻击的网络攻击螺旋模型。该模型将网络攻击活动描述为侦察、武器化、渗透与破坏、横向移动、撤出以及评估与改进6个阶段,并设置为螺旋循环式结构,通过对攻击链模型的优化与重构,使模型层次更加分明,任务更加明确,功能更加完备。在此基础上,对模型中各阶段行动应当完成的攻击任务和采取的攻击方式进行了梳理,运用统一建模语言从静态和动态两个方面对网络攻击螺旋模型在APT攻击中的运用方式进行了形式化描述,梳理了该模型的运用原则和特性,对分析识别APT攻击行为并采取针对性防御措施阻断攻击链具有一定借鉴意义。

Research on the construction and application of network attack spiral model

The network attack model is the basic principle of the network attack operation. This paper analyzes the main problems of the classic network attack chain model in three aspects: the lack of applicability, the lack of comprehensiveness and the lack of integrity, and constructs a spiral model of network attack which is more suitable for cyberspace operations. The model describes the network attack action as six stages: reconnaissance, weaponization, penetration and destruction, lateral movement, withdrawal, assessment and improvement, and is set up as a spiral cycle structure. Through the optimization and reconstruction of the attack chain model, the model has clearer hierarchy, clearer tasks and more complete functions. On this basis, this paper combs the attack tasks and attack methods that should be completed in each stage of the action in the model, uses unified modeling language to formally describe the application of network attack spiral model in APT attack activities from both static and dynamic aspects, combs the application principles and characteristics of the model, and takes countermeasures to analyze and identify apt attack behaviors. It can be used as a reference for targeted defense measures to block the attack chain.