Survey of attack and detection based on the full life cycle of APT

WANG Zhiwei; HE Xijie; YI Xin; LI Ziyang; CAO Xudong; YIN Tao; LI Shuhao; FU Anmin; ZHANG Yuqing

Tongxin xuebao (Sep 2024)

Survey of attack and detection based on the full life cycle of APT

WANG Zhiwei,
HE Xijie,
YI Xin,
LI Ziyang,
CAO Xudong,
YIN Tao,
LI Shuhao,
FU Anmin,
ZHANG Yuqing

Affiliations

WANG Zhiwei
HE Xijie
YI Xin
LI Ziyang
CAO Xudong
YIN Tao
LI Shuhao
FU Anmin
ZHANG Yuqing

Journal volume & issue: Vol. 45
pp. 206 – 228

Abstract

Read online

The advanced persistent threat (APT) attack was explored from two perspectives: attack methods and detection methods. First, the definitions and characteristics of APT attacks were reviewed and the development of related attack models was summarized. Based on this, a more general APT full lifecycle model was proposed, which was divided into four stages: information gathering, intrusion execution, internal network penetration, and data exfiltration. For each stage, recent research papers from the past five years were thoroughly reviewed, and the attack and detection techniques for each stage were analyzed. Finally, in light of the dynamic landscape of APT attack and defense technologies, the paper underscores the formidable challenges confronting both offense and defense and offers guidance for future research in this domain.

APT;network kill chain model;full life cycle;0day attack;detect

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords