信息安全研究第10卷第4期2024年4月JournalotinformationSecurityResearchVol.10No.4Apr.2024DOl:10.12379/j.issn.2096-1057.2024.04.03面向取证的网络攻击者溯源分析技术研究综述王子晨汤艳君潘奕扬(中国刑事警察学院公安信息技术与情报学院沈阳110031)(2022110136@cipuc.edu.cn)ASurveyofForensicNetworkAttackSourceTracebackWangZichen,TangYanjun,andPanYiyang(CriminalInvestigationPoliceUniversityofChina,Shenyang110031)AbstractTheconcealmentandanonymityofcyberattackersposesignificantchallengestothefieldofnetworkattacktraceback.Thisstudyprovidesacomprehensiveoverviewofthecurrentstateofresearchonnetworkattacktracebackanalysistechniques,focusingonthreeaspects:traffic,scenarios,andsamples.Firstly,withrespecttotraffictraceback,thepaperoutlinesmethodsandapplicationsbasedonlogrecords,packetmarking,ICMPtracing,andlinktesting.Secondly,itcategorizestracebacktechniquesfordifferentscenarios,encompassinganonymousnetworks,zombienetworks,springboards,localareanetworks,andadvancedpersistentthreatattacks,aswellastheirapplicationsandlimitationsinreal-worldenvironments.Finally,concerningsampleanalysis,thepaperdiscussestheprogressandapplicationscenariosofstaticanddynamictracebackanalysisinthecontextofmaliciouscodeanalysisandattacktracing.Keywordscybersecurity;attribution;networkdeception;malicioussampletraceability;anonymousnetworktraceability摘要网络攻击者的隐藏性和匿名性使得网络攻击溯源技术充满挑战.研究综述了基于流量、场景和样本3个方面的网络攻击溯源分析技术的研究现状.首先,针对流量溯源,总结出基于日志记录、流量包标记、ICMP回溯和链路测试等方法和应用;其次,根据不同场景归纳出匿名网络攻击、僵尸网络攻击、跳板攻击、局域网攻击和高级可持续威胁攻击的溯源技术以及在实际环境中的应用和限制;最后,对于样本分析探讨了静态和动态溯源分析在恶意代码分析及攻击溯源方面的研究进展和应用场景。关键词网络安全;追踪溯源;网络欺骗;恶意样本溯源;匿名网络溯源中图法分类号TP393收稿日期:2023-07-18基金项目:辽宁网络安全执法协同创新中心项目(WXZX201912002);中国刑事警察学院研究生创新能力提升项目重点项目(2023YCZD06)通信作者:汤艳君(t...
