摘要
保障企业域环境中的敏感信息与数据的安全一直是安全研究人员所面临的挑战之一。针对这一难题,提出将ATT&CK框架所提供的攻击行为知识库与域安全防御结合,对ATT&CK中涉及的域安全相关战术和技术进行全覆盖,在模拟环境中分析实时产生的日志数据,监控并捕获敏感日志事件和连续异常的日志事件。最后,组织安全领域技术人员进行红蓝实战对抗。对抗结果表明,基于ATT&CK框架能够有效检测域攻击姿势。
It has always been one of the challenges faced by security researchers about how to ensure the security of sensitive information and data in the enterprise domain environment.In response to this problem,it is proposed to combine the attack behavior knowledge base provided by the ATT&CK framework with the domain security defense to fully cover the domain security-related tactics and technologies involved in ATT&CK.Real-time log data generated in a simulated environment is analyzed,and sensitive log events and continuous abnormal log events are monitored and captured.Finally,technical personnel in the security field are organized to conduct a red-blue exercise.The results of the exercise show that under the guidance of the ATT&CK framework,the domain attack posture can be well detected.
作者
何树果
袁瑗
朱震
卢圣龙
陈嘉磊
毕鑫泰
He Shuguo;Yuan Yuan;Zhu Zhen;Lu Shenglong;Chen Jialei;Bi Xintai(Qingteng AI Lab,Shengxin Network Technology Co.,Ltd.,Beijing 101111,China;College of Computer&Information Science,Southwest University,Chongqing 400715,China)
出处
《信息技术与网络安全》
2021年第12期15-18,25,共5页
Information Technology and Network Security
关键词
ATT&CK框架
域渗透
域安全
威胁情报
ATT&CK framework
domain penetration
domain security
threat intelligence
