The network attack model is the basic principle of the network attack operation. This paper analyzes the main problems of the classic network attack chain model in three aspects: the lack of applicability, the lack of comprehensiveness and the lack of integrity, and constructs a spiral model of network attack which is more suitable for cyberspace operations. The model describes the network attack action as six stages: reconnaissance, weaponization, penetration and destruction, lateral movement, withdrawal, assessment and improvement, and is set up as a spiral cycle structure. Through the optimization and reconstruction of the attack chain model, the model has clearer hierarchy, clearer tasks and more complete functions. On this basis, this paper combs the attack tasks and attack methods that should be completed in each stage of the action in the model, uses unified modeling language to formally describe the application of network attack spiral model in APT attack activities from both static and dynamic aspects, combs the application principles and characteristics of the model, and takes countermeasures to analyze and identify apt attack behaviors. It can be used as a reference for targeted defense measures to block the attack chain.
陈栋伟,杨 林,李 光.网络攻击螺旋模型构建及运用研究[J].国防科技,2021,42(2):84-91；CHEN Dongwei, YANG Lin, LI Guang. Research on the construction and application of network attack spiral model[J]. National Defense Technology,2021,42(2):84-91复制