中文摘要：

针对攻击链模型攻击阶段划分过细且无法表示攻击手段的问题，提出了一种高级可持续性威胁（APT）攻击分层表示模型（APT-HARM）。通过总结分析大量公开的APT事件报告和参考APT攻击链模型与分层攻击表示模型（HARM），将APT攻击分为攻击链和攻击树上下两层，并将其形式化定义。首先，将APT攻击分为由侦察、渗透、行动和撤出四个阶段组成的攻击链，并研究了各阶段特点；然后，研究各阶段中采取的攻击手段，并依据其逻辑关系组成攻击树。APT攻击按照攻击链分阶段依次进行，各阶段按照攻击树流程依次执行。案例分析表明，本模型相较攻击链模型具有粒度划分合理、攻击描述完备准确的优点。APT-HARM形式化地定义了APT攻击，为APT攻击的预测和防范提供了一种思路。

英文摘要：

Aiming at the problem that the attack chain model for the attack phase is too small to indicate the means of attack, an Advanced Persistent Threat （APT） Hierarchical Attack Representation Model （APT-HARM） was proposed. By summarizing the analysis of a large number of published APT event reports and reference APT attack chain model and HARM, the APT attack was divided into into two layers, the upper layer attack chain and the lower layer attack tree, which were formally defined. Firstly, the APT attack was divided into four stages：reconnaissance, infiltration, operation and exfiltration and the characteristics of each stage were studied. Then, the attack methods in each stage were studied, and the attack tree was composed according to its logical relationship. APT attacks were carried out in stages according to the attack chain, and the attack of each stage was performed in accordance with the attack tree. The case study shows that the model has the advantages of reasonable granularity classification and better attack description compared to the attack chain model. APT-HARM formally defines the APT attack, which provides an idea for the prediction and prevention of APT attacks.