特色专题:2024年科技热点回眸

2024年网络空间安全科技热点回眸

  • 苏璞睿 ,
  • 冯登国 , *
展开
  • 中国科学院软件研究所, 北京 100190
冯登国(通信作者),研究员,中国科学院院士,研究方向为网络与信息安全,电子信箱:

苏璞睿,研究员,研究方向为网络空间安全,电子信箱:

收稿日期: 2024-12-25

  网络出版日期: 2025-02-10

版权

版权所有,未经授权,不得转载。

Review of cybersecurity technology hotspots in 2024

  • Purui SU ,
  • Dengguo FENG , *
Expand
  • Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

Received date: 2024-12-25

  Online published: 2025-02-10

Copyright

All rights reserved. Unauthorized reproduction is prohibited.

摘要

2024年世界各国继续加大网络安全战略部署,针对软件供应链、大语言模型等新兴场景的安全问题发布了相关技术指南和管理政策。面对新形势、新问题,中国进一步完善网络空间安全方面的政策法规,以规划指导网络空间安全体系建设、规范网络空间安全产业发展。然而,当前网络攻击事件依然频发,APT攻击、勒索攻击等网络攻击对全球网络空间安全造成严重威胁。2024年,围绕数据安全、人工智能安全、量子计算和软件漏洞等热点领域有了系列突破。未来,亟需发展新的技术能力和技术体系,为构建安全、健康的网络空间环境提供技术保障。

本文引用格式

苏璞睿 , 冯登国 . 2024年网络空间安全科技热点回眸[J]. 科技导报, 2025 , 43(1) : 102 -117 . DOI: 10.3981/j.issn.1000-7857.2024.12.01867

张振峰研究员、陈恺研究员、秦宇研究员、张敏研究员、陈隆副研究员、李昊副研究员、冯伟副研究员、贾相堃副研究员、赵月副研究员、胡洁工程师等为文章撰写提供相关素材。

1
Joseph Clark, DOD News. DOD Releases strategy to bolster cybersecurity across industrial base[EB/OL]. [2024-12-24]. https://www. defense. gov/News/News-Stories/Article/Article/ 3724118/dod-releases-strategy-to-bolster-cybersecurityacross-industrial-base/.

2
Building digital solidarity: The United States International Cyberspace & Digital Policy Strategy-United States Department of State[EB/OL]. (2024-07-18) [2024-12-24]. https://www.state.gov/building-digital-solidarity-the-united-statesinternational-cyberspace-and-digital-policy-strategy/.

3
DOE Leads Effort to Improve the cybersecurity of energy supply Chains[EB/OL]. [2024-12-24]. https://www.energy. gov/articles/doe-leads-effort-improve-cybersecurity-energy -supply-chains.

4
Guidance: Framing software component transparency: Establishing a common software bill of materials[EB/OL]. [2024- 12-28]. https://www.cisa.gov/news-events/alerts/2024/10/15/ guidance-framing-software-component-transparency-estab lishing-common-software-bill-materials-sbom.

5
New rules to boost cybersecurity of the EU institutions enter into force[EB/OL]. [2024-12-24]. https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6782.

6
First EU-wide cybersecurity certification scheme to make European digital space safer[EB/OL]. (2024-01-31) [2024- 12-24]. https://digital-strategy.ec.europa.eu/en/news/firsteu-wide-cybersecurity-certification-scheme-make-europe an-digital-space-safer.

7
European Cyber Resilience Act(CRA)-Regulation EU 2024/ 2847[EB/OL]. [2024-12-24]. https://www.european-cyberresilience-act.com/.

8
Guidelines for secure AI system development[EB/OL]. [2024-12-24]. https://www.ncsc.gov.uk/collection/guidelines-secure-ai-system-development.

9
简报: 拜登-哈里斯政府阐明协调性方针以利用人工智能之力促进美国国家安全[EB/OL]. [2024-12-24]. https://www. state. gov/translations/chinese/20241024-fact-sheet_ - biden- _harris-administration-outlines-coordinated-approach-to-harness-power-of-ai-for-u-s-national-security-chinese/.

10
Framework to advance AI governance and risk management in national security[R/OL]. [2024-12-24]. https://ai. gov/wp-content/uploads/2024/10/NSM-Framework-to-Ad vance-AI-Governance-and-Risk-Management-in-Nation al-Security.pdf.

11

12
Guidelines and companion guide on securing AI systems [EB/OL]. [2024-12-24]. https://www. csa. gov. sg/Tips-Resource/publications/2024/guidelines-on-securing-ai.

13
工业和信息化部关于印发工业控制系统网络安全防护指南的通知[EB/OL]. [2024-12-24]. https://www. gov. cn/ zhengce/zhengceku/202402/content_6929643.htm.

14
四部门制定《互联网政务应用安全管理规定》[EB/OL]. [2024-12-24]. https://www. gov. cn/lianbo/bumen/202405/ content_6952940.htm.

15
《电力监控系统安全防护规定》2024年第27号令[EB/OL]. [2024-12-24]. https://zfxxgk. nea. gov. cn/2024-12/12/c_ 1310787545.htm.

16
十七部门关于印发《"数据要素×"三年行动计划(2024— 2026年)》的通知[EB/OL]. [2024-12-24]. https://www.cac. gov.cn/2024-01/05/c_1706119078060945.htm.

17
公布《网络数据安全管理条例》[EB/OL]. [2024-12-24]. https://www.moj.gov.cn/pub/sfbgw/gwxw/xwyw/202409/t202- 40930_507076.html.

18
工业和信息化部关于印发《工业和信息化领域数据安全事件应急预案(试行)》的通知[EB/OL]. [2024-12-24]. https://www.gov.cn/zhengce/zhengceku/202411/content_6984322.htm.

19
习近平出席亚太经合组织第三十一次领导人非正式会议并发表重要讲话[EB/OL]. [2024-12-24]. https://www.mfa. gov.cn/zyxw/202411/t20241117_11527668.shtml.

20
中共中央关于进一步全面深化改革推进中国式现代化的决定[EB/OL]. [2024-12-24]. https://www.gov.cn/zhengce /202407/content_6963770.htm.

21
11月1日起, 13项网络安全国家标准开始实施[EB/OL]. [2024-12-24]. https://www. chinanews. com. cn/cj/2024/10- 31/10311099.shtml.

22
TC260-003《生成式人工智能服务安全基本要求》发布[EB/OL]. [2024-12-24]. https://www. tc260. org. cn/front/ postDetail.html?id=20240301164054.

23
《人工智能安全治理框架》1.0版发布[EB/OL]. [2024-12- 24]. https://www.cac.gov.cn/2024-09/09/c_172756788619- 9789.htm.

24
Michael Skelton. Supply Chain Backdoors, xz/liblzma, CVE- 2024-3094, and what we currently know[EB/OL]. [2024- 12-24]. https://www. bugcrowd. com/blog/supply-chainbackdoors-xz-liblzma-cve-2024-3094-and-what-we-cur rently-know/.

25
2024 CrowdStrike-related IT outages: Wikipedia[EB/OL]. [2024-12-30]. https://en. wikipedia. org/wiki/2024_CrowdStrike-related_IT_outages.

26
开发者被Linux大清洗!俄罗斯宣告建立独立Linux开发社区_腾讯新闻[EB/OL]. (2024-10-30) [2024-12-24]. https://news.qq.com/rain/a/20241030A07WB100.

27
2024 Lebanon electronic device attacks-Wikipedia[EB/OL]. [2024-12-30]. https://en. wikipedia. org/wiki/2024_Lebanon _electronic_device_attacks.

28
奇安信威胁情报中心. 网络安全威胁2024年中报告[EB/ OL]. [2024-12-30]. https://www. qianxin. com/threat/reportdetail?report_id=317.

29
StopRansomware: Black Basta|CISA[EB/OL]. [2024-12- 24]. https://www. cisa. gov/news- events/cybersecurity-advisories/aa24-131a.

30
Searchlight Cyber. Ransomware in H12024 trends from the dark web[EB/OL]. [2024-12-30]. https://slcyber. io/ whitepapers-reports/ransomware-in-h1-2024-trends-from -the-dark-web/.

31
Zscaler. ThreatLabz 2024_Ransomware report[EB/OL]. [2024-12-30]. https://www.zscaler.com/resources/industry-reports/threatlabz-ransomware-report.pdf.

32
Alder S. Nebraska sues change healthcare over february ransomware attack[EB/OL]. [2024-12-24]. https://www.hipaajournal.com/change-healthcare-responding-to-cyberattack/.

33
Matos G. Cencora pays $75 million in Bitcoin in the largest known case of ransomware attack[EB/OL]. (2024-09- 18) [2024-12-24]. https://cryptobriefing. com/cencora-bitcoin-ransom-payment/.

34
几乎所有客户被波及!美国电信巨头AT & T再曝重大数据泄漏事故[EB/OL]. [2024-12-30]. https://www.qianxin.com/news/detail?news_id=12226.

35
Muncaster P. Vodka giant stoli files for bankruptcy after ransomware attack[EB/OL]. [2024-12-24]. https://www. infosecurity-magazine.com/news/vodka-stoli-bankruptcy-ran somware/.

36
Mihir Bagwe. Russia's 2024 cyber offensive strategy favors espionage[EB/OL]. (2024-09-23)[2024-12-24]. https://thecyberexpress. com/russia-h1-2024-cyber-offensive-strategy/.

37
Paganini P. Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center[EB/OL]. (2024-01-27) [2024-12-24]. https://securityaffairs. com/158214/hacktivism/ukraines-ministry-of-defense-hit-russian-recent-cen ter.html.

38
Toulas B. Ukraine claims it hacked Russian Ministry of Defense servers[EB/OL]. (2024-03-04)[2024-12-24]. https://www. bleepingcomputer. com/news/security/ukraine-claims-it-hacked-russian-ministry-of-defense-servers/.

39
消息人士称乌克兰情报部门攻击俄罗斯800多台服务器[EB/OL]. [2024-12-24]. https://news.cctv.com/2024/09/27/ ARTIwgfCbzO4yXs8zTT4gRCS240927.shtml.

40
Ukraine's defense ministry launches military CERT to counter Russian cyberattacks[EB/OL]. [2024-12-24]. https://therecord.media/ukraine-creates-military-cert.

41
Helmus T C, Khrystyna H. Ukrainian resistance to Russian disinformation: Lessons for future conflict[EB/OL]. [2024- 12-24]. https://www.rand.org/pubs/research_reports/RRA2771-1.html.

42
Apple launches private cloud compute for privacy-centric AI Processing[EB/OL]. (2024-06-11)[2024-12-24]. https://thehackernews.com/2024/06/apple-integrates-openais-chatgpt-into.html.

43
机器之心. 蚂蚁集团开源可信隐私计算框架"隐语": 开放、通用[EB/OL]. [2024-12-24]. https://news.qq.com/rain/ a/20220705A048I600.

44
中关村实验室、蚂蚁等联合发布, "星绽"操作系统内核开源_腾讯新闻[EB/OL]. (2024-10-23)[2024-12-24]. https://news.qq.com/rain/a/20241023A03MAA00.

45
隐私计算产品通用安全分级白皮书(2024年)[R/OL]. [2024-12-24]. https://www.shujiaowang.cn/uploads/20240923/b28ba9aa46dae72fb999fbb0fb01919a.pdf.

46
中国网络空间安全协会发布六项隐私计算系列团体标准[EB/OL]. [2024-12-24]. https://www.secrss.com/articles/73741.

47
Zhou M, Park A, Zheng W, et al. Piano: Extremely simple, single-server PIR with sublinear server computation[C]// 2024 IEEE Symposium on Security and Privacy (SP). Oakland: IEEE, 2024: 4296-4314.

48
Celi S, Davidson A. Call me by my name: Simple, practical private information retrieval for keyword queries[C]// Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. Salt lake: ACM, 2024: 4107-4121.

49
冯登国. 机密计算: 进展与展望——CNCC2024特邀报告[EB/OL]. [2024-12-24]. https://dl.ccf.org.cn/video/videoDetail.html?_ack=1&id=7227251887065088.

50
Zhou Z Q, An J L, Chen W T, et al. VeriSMo: A verified security module for confidential vms. in 18th usenix symposium on operating systems design and implementation [R]. OSDI, Santa Clara, 2024.

51
AI场景下确保模型数据安全, Confidential AI技术最佳实践解读-阿里云开发者社区[EB/OL]. (2024-11-06)[2024-12- 24]. https://developer.aliyun.com/article/1634420.

52
李为, 冯伟, 秦宇, 等. 基于动态完整性度量的机密计算运行时监控方案[J]. 计算机研究与发展, 2024, 61 (10): 2482- 2500.

53
Wang C, Zhang F, Deng Y, et al. CAGE: Complementing arm CCA with GPU Extensions[C]//Network and Distributed System Security (NDSS) Symposium. San Diego: NDSS, 2024.

54
Cui T, Wang Y, Fu C, et al. Risk taxonomy, mitigation, and assessment benchmarks of large language model systems[J]. 2024, arXiv preprint arXiv: 2401.05778.

55
OpenAI's Whisper experiencing"AI Hallucinations"despite high-risk applications[EB/OL]. [2024-12-24]. https://www. pcmag.com/news/openais-whisper-experiencing-ai-hallucinations-despite-high-risk-applications.

56
AI生成版权纠纷涌现著作权保护难题待解[EB/OL]. (2024-12-06)[2024-12-24]. https://finance.sina.com.cn/jjxw/2024-12-07/doc-incyqiwa8351891.shtml.

57
Wang S , Zhao Y , Hou X , et al. Large language model supply chain: A research agenda[J]. ACM Transactions on Software Engineering and Methodology, 2024,

58
+1500 HuggingFace API Tokens were exposed, leaving millions of Meta-Llama, Bloom, and Pythia users vulnerable [EB/OL]. [2024-12-24]. https://www.lasso.security/blog/1500-huggingface-api-tokens-were-exposed-leaving-millions-of-meta-llama-bloom-and-pythia-users-for-supply-chain-attacks.

59
Securing research infrastructure for advanced AI[EB/OL]. [2024-12-24]. https://openai.com/index/securing-research-infrastructure-for-advanced-ai/.

60
WDTA发布《大模型供应链安全要求》推进AI安全可信负责任发展-新华丝路[EB/OL]. [2024-12-24]. https://www. imsilkroad.com/news/p/526784.html.

61
《生成式人工智能服务安全基本要求》发布[EB/OL]. [2024-12-24]. https://www.secrss.com/articles/64121.

62
google/oss-fuzz-gen: LLM powered fuzzing via OSS-Fuzz [EB/OL]. [2024-12-24]. https://github.com/google/oss-fuzz -gen.

63
Project Zero. From naptime to big sleep: Using large language models to catch vulnerabilities in real-world code [EB/OL]. [2024-12-24]. https://googleprojectzero. blogspot. com/2024/10/from-naptime-to-big-sleep.html.

64
GreyDGL/PentestGPT: A GPT-empowered penetration testing tool[EB/OL]. (2024-05-15)[2024-12-24]. https://github. com/GreyDGL/PentestGPT.

65
Microsoft security copilot-microsoft adoption[EB/OL]. (2024-11-18) [2024-12-24]. https://adoption. microsoft. com/zhcn/security-copilot/.

66
华清未央MLM机器语言大模型全球首发, 开启软件智能化时代[EB/OL]. (2024-09-09)[2024-12-24]. https://finance.sina.com.cn/tech/roll/2024-09-09/doc-incnpptn2855893.shtml.

67
2024年世界互联网大会乌镇峰会网络安全技术发展与国际合作论坛举行[EB/OL]. [2024-12-24]. https://www.cert.org.cn/publish/main/12/2024/20241125161520192572249/20241125161520192572249_.html.

68
林惠民. 计算智能安全: CNCC2024特邀报告[EB/OL]. [2024-12-24]. https://dl.ccf.org.cn/video/videoDetail.html?_ack=1&id=7225805846317056.

69
IBM Expands quantum data center in poughkeepsie, new york to advance algorithm discovery globally[EB/OL]. [2024-12-28]. https://newsroom.ibm.com/2024-09-26-ibm-expands-quantum-data-center-in-poughkeepsie,-new-york-to-advance-algorithm-discovery-globally.

70
IBM Quantum delivers on 2022100×100 performance challenge|IBM quantum computing blog[EB/OL]. [2024-12- 28]. https://www.ibm.com/quantum/blog/qdc-2024.

71
谷歌推出突破性量子芯片[EB/OL]. [2024-12-20]. https://xinhuanet.com/20241211/6fee8a80e09c42d09120cb36c6d-805c2/c.html.

72
科技日报. 全球最大规模量子计算流体动力学仿真完成[EB/OL]. http://kpzg.people.com.cn/n1/2024/1029/c404214-40349440.html.

73
就这一个字!"芯"——你见过量子计算机的内核吗[EB/ OL]. [2024-12-24]. https://www.news.cn/tech/20240430/5ecf34fd9a3e4a3fa939c83c86a3e155/c.html.

74
Post-quantum cryptography: Additional digital signature schemes|CSRC[EB/OL]. [2024-12-24]. https://csrc.nist.gov/Projects/pqc-dig-sig/round-2-additional-signatures.

75
Moody D, Perlner R, Regenscheid A, et al. Transition to post-quantum cryptography standards[R]. National Institute of Standards and Technology, 2024.

76
Recommendation on a coordinated implementation roadmap for the transition to post-quantum cryptography[EB/ OL]. (2024-04-11) [2024-12-24]. https://digital-strategy.ec.europa.eu/en/library/recommendation-coordinated-implementation-roadmap-transition-post-quantum-cryptography.

77
中国将牵头制定抗量子攻击的通信网络安全协议设计指南[EB/OL]. [2024-12-24]. http://finance.people.com.cn/n1/2024/1028/c1004-40348899.html.

78
google/oss-fuzz: OSS-Fuzz-continuous fuzzing for open source software[EB/OL]. [2024-12-24]. https://github.com/google/oss-fuzz.

79
Jiang L, An J, Huang H, et al. BinaryAI: Binary software composition analysis via intelligent binary source code matching[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, 2024: 1-13.

80
Jia A, Fan M, Xu X, et al. Cross-inlining binary function similarity detection[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. New York: ACM, 2024: 1-13.

81
Wang J, Zhang C, Chen L, et al. Improving ML-based binary function similarity detection by assessing and deprioritizing control flow graph features[C]//33rd USENIX Security Symposium (USENIX Security 24). Philadelphia: USENIX, 2024: 4265-4282.

82
Wang H, Gao Z, Zhang C, et al. CEBin: A cost-effective framework for large-scale binary code similarity detection [C]//Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis. Xian: ACM, 2024: 149-161.

83
He H, Lin X, Weng Z, et al. Code is not natural language: Unlock the power of semantics-oriented graph representation for binary code similarity detection[C]//33rd USENIX Security Symposium (USENIX Security 24). Philadelphia: USENIX, 2024.

84
Sang Q, Wang Y, Liu Y, et al. Airtaint: Making dynamic taint analysis faster and easier[C]//2024 IEEE Symposium on Security and Privacy (SP). San Francisco: IEEE, 2024: 3998-4014.

85
Zhang Y , Liu T , Wang Y , et al. HardTaint: Production-run dynamic taint analysis via selective hardware tracing[J]. Proceedings of the ACM on Programming Languages, 2024, 8 (OOPSLA2): 1615- 1640.

DOI

86
Jain R, Tihanyi N, Ndhlovu M, et al. Rapid taint assisted concolic execution (TACE) [C]//Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering. New York: ACM, 2024: 627-631.

87
Qi Z, Hu J, Xiao Z, et al. SymFit: Making the common (concrete) case fast for binary-code concolic execution[C]// 33rd USENIX Security Symposium (USENIX Security 24). Philadelphia: USENIX, 2024: 415-432.

88
安卓手机"最受伤", 专家演示零点击蓝牙漏洞攻击力[EB/OL]. (2024-01-25) [2024-12-24]. https://www.163.com/dy/article/IP9UNLR40511B8LM.html.

89
我国昆仑实验室发现!微软Win10/Win11被曝9.8分漏洞: 影响所有IPv6系统[EB/OL]. (2024-08-16)[2024-12- 24]. https://finance.sina.com.cn/tech/discovery/2024-08-16/doc-inciuumq6022053.shtml.

90
ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by Russia-aligned RomCom APT group[EB/OL]. [2024-12-28]. https://www.eset.com/int/about/newsroom/press-releases/research/esetresearch-discovers-mozilla-and-windows-zero-day-zeroclick-vulnerabilities-exploited-by-russia-aligned-romcom-apt-group/.

91
微软2024财年发放了约1.2亿元漏洞赏金: 平均每个漏洞8.6万元[EB/OL]. [2024-12-24]. https://www.secrss.com/articles/69003.

92
华为安全奖励计划[EB/OL]. [2024-12-24]. https://bugbounty.huawei.com/#/home.

93
Federal data, security leaders release zero-trust guide ahead of White House deadline[EB/OL]. [2024-12-30]. https://fedscoop.com/zero-trust-guide-federal-ciso-cdo-councils/.

94
2024中国数交会"软件促进数实融合支撑新型工业化论坛"举办-新华网[EB/OL]. [2024-12-28]. https://www.xinhuanet.com/tech/20241203/6f7224025fed4e2e9043d787f45e041f/c.html.

95
AI Cyber Challenge[EB/OL]. [2024-12-24]. https://aicyberchallenge.com/.

文章导航

/