* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant)
* 分层防御：为何需要静态分析、动态分析和机器学习...

# 分层防御：为何需要静态分析、动态分析和机器学习

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F12%2Fstatic-analysis-dynamic-analysis-machine-learning%2F%3Flang%3Dzh-hans)  
[](https://twitter.com/share?text=%E5%88%86%E5%B1%82%E9%98%B2%E5%BE%A1%EF%BC%9A%E4%B8%BA%E4%BD%95%E9%9C%80%E8%A6%81%E9%9D%99%E6%80%81%E5%88%86%E6%9E%90%E3%80%81%E5%8A%A8%E6%80%81%E5%88%86%E6%9E%90%E5%92%8C%E6%9C%BA%E5%99%A8%E5%AD%A6%E4%B9%A0&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F12%2Fstatic-analysis-dynamic-analysis-machine-learning%2F%3Flang%3Dzh-hans)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2018%2F12%2Fstatic-analysis-dynamic-analysis-machine-learning%2F%3Flang%3Dzh-hans&title=%E5%88%86%E5%B1%82%E9%98%B2%E5%BE%A1%EF%BC%9A%E4%B8%BA%E4%BD%95%E9%9C%80%E8%A6%81%E9%9D%99%E6%80%81%E5%88%86%E6%9E%90%E3%80%81%E5%8A%A8%E6%80%81%E5%88%86%E6%9E%90%E5%92%8C%E6%9C%BA%E5%99%A8%E5%AD%A6%E4%B9%A0&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2018/12/static-analysis-dynamic-analysis-machine-learning/?lang=zh-hans&ts=markdown)  
[](mailto:?subject=分层防御：为何需要静态分析、动态分析和机器学习)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?lang=zh-hans&ts=markdown "Posts by Palo Alto Networks")  
Dec 26, 2018  
1 minutes  
[未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

单点安全解决方案在整个[攻击生命周期](https://www.paloaltonetworks.com/resources/info-insights/disrupting-the-attack-lifecycle?ts=markdown)中仅专注于单点干预。即使安全解决方案的成功率高达 90%，也会有 10% 的几率无法阻止攻击跨越该点。想要增加阻止网络攻击获得成功的可能性，组织不能依赖单点解决方案。他们必须部署多层防御措施，同时覆盖多点拦截。堆叠使用有效的技术，可提高安全解决方案的有效性，并有机会中断多点的攻击生命周期。

结合使用下面的三种威胁识别方法，可阻止网络攻击获得成功。

### 动态分析

**唯一可检测到零日威胁的工具**

通过动态分析，在虚拟机（如恶意软件分析环境）中触发可疑文件，对该文件进行分析后，可了解其作用。可疑文件的分级依据执行文件后所起到的作用，而不是根据用于识别威胁的签名。这样便可通过动态分析来识别威胁，这些威胁与以前所见的任何威胁都不一样。

为获得最准确的结果，样本应拥有互联网的全部访问权限，就像企业网络上的普通端点一样，因为威胁通常需要通过命令和控制活动才能完全打开自己。作为预防机制，恶意软件分析可阻止互联网受到影响，并可冒充响应调用，尝试欺骗威胁暴露自己，但是该方法可能不可靠，不是用于访问互联网的理想替代方案。

**恶意软件分析环境容易被识别出来，且分析过程十分耗时**

为规避检测，攻击者会尝试通过分析网络，确定攻击是否运行于恶意软件分析环境中。他们将搜索指示恶意软件位于虚拟环境中的多项指标，例如在相似时间或由同一 IP 地址触发、缺少敲击键盘或移动鼠标等有效的用户活动，或者虚拟化技术，如异常大的磁盘空间。如果确定攻击在恶意软件分析环境中运行，攻击者将停止运行攻击。这意味着任何失效的分析均容易影响结果。例如，如果样本在触发过程中进行回拨，但是由于攻击者识别到恶意软件分析而导致操作失败，则样本不会执行任何恶意操作，分析也不会识别到任何威胁。同样地，如果威胁需要运行特定版本的特定软件，其不会在恶意软件分析环境中执行任何可识别的恶意操作。

动态分析可能需花几分钟时间来打开虚拟机，将文件导入其中，了解文件的作用，然后拆除虚拟机并分析结果。尽管动态分析所耗费的成本最高，且较为耗时，但它也是唯一可有效检测未知威胁和零日威胁的工具。

### 静态分析

**快速获得结果，对分析没有要求**

与动态分析不同，静态分析查看的是磁盘上特定文件的内容，而非被触发文件的内容。其会解析数据，提取模式、属性和组件，并标记异常。

静态分析可自如应对动态分析呈现的问题。该方法十分高效，在非常短的时间内即可完成相关工作，而且更具成本效益。此外，静态分析可用于任何文件，因为对分析没有任何特定要求，无需定制环境，也不用从待分析的文件进行外部通信。

**打包文件导致失去可视性**

但是，如果将文件打包，可十分轻松地规避静态分析。虽然打包文件很适用于动态分析，但在静态分析过程中会失去对实际文件的可视性，因为重新打包样本会使整个文件变成干扰。能以静态方式提取出来的内容微乎其微。

### 机器学习

**新版威胁根据行为与已知威胁聚类**

机器学习不会执行特定的模式匹配或文件触发，而是解析文件并提取数千项特征。这些特征通过称为特征向量的分类器运行，以根据已知标识符确定文件的好坏。如果文件特征的行为与任何之前评估的文件集群的特征行为一致，则计算机不会查找某种具体内容，而是会将该文件标记为集群的一部分。为实现良好的机器学习，需要训练一系列好坏参半的判定结果，而添加新数据或特征可改进该过程并降低误报率。

机器学习可弥补动态分析和静态分析的缺失。惰性的、未触发的、被打包程序侵害的、命令和控制失败的或者不可靠的样本，仍然可通过机器学习识别为恶意内容。如果发现大量版本的指定威胁并将它们聚类在一起，且样本的特征与集群中的特征一样，则计算机将假定该样本属于集群，并会立刻将其标记为恶意内容。

**仅能深入查找已知内容**

与其他两种方法一样，我们也应将机器学习视为一种工具，该工具在拥有许多优点的同时也有一些不足之处。也就是说，机器学习仅根据已知标识符来训练模型。与动态分析不同，机器学习从不查找任何原始或未知内容。如果在机器学习过程中遇到与以前所见的威胁不一样的威胁，计算机不会标记该威胁，因为它接受的训练仅是为了深入查找已知威胁。

**平台中的分层技术**

想要阻止高级攻击者对您发起的攻击，您需要的装备还远远不够。您需要分层技术 --- 多供应商解决方案的一个概念。虽然深度防御仍然合适且具有相关性，但其需要跨越多供应商单点解决方案的局限，扩展为集成了静态分析、动态分析和机器学习的平台。结合使用这三种方法，可通过层层的集成解决方案，实现深度防御。

[Palo Alto Networks Security Operating Platform](https://www.paloaltonetworks.cn/products/security-operating-platform.html) 与 WildFire 云威胁分析服务集成，可为相关组件提供可操作的情境威胁情报，并在网络、端点和云中提供安全启用功能。WildFire 结合了自定义构建的动态分析引擎、静态分析、机器学习和裸机分析，适用于高级威胁预防技术。许多恶意软件分析环境都利用开源技术，但 WildFire 删除了动态分析引擎内的所有开源虚拟化组件，取而代之的是重新构建的虚拟环境。攻击者必须创建全新的独特威胁来规避 WildFire 中的检测，这种威胁需独立于用来对付其他网络安全供应商的技术。对于可能规避 WildFire 头三层防御（动态分析、静态分析和机器学习）的小部分攻击，系统会将显示规避行为的文件动态导向到裸机环境中，以便完整执行硬件操作。

这些技术在该平台中以非线性方式共同发挥作用。多层方法可提高所有其他功能的安全性，如果一种技术将文件识别为恶意内容，则使用该方法的整个平台都会知道该文件是恶意内容。

*** ** * ** ***

## Related Blogs

### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

[#### AI代理已經來臨，威脅也隨之而來](https://www.paloaltonetworks.com/blog/2025/05/ai-agents-threats/?lang=zh-hant)

### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

[#### Strata Copilot - 加速迈向自主网络安全的未来](https://www.paloaltonetworks.com/blog/network-security/strata-copilot/?lang=zh-hans)

### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

[#### 防火墙已死？至少本世纪不会！](https://www.paloaltonetworks.com/blog/2023/08/ngfw-is-not-dead-yet/?lang=zh-hans)

### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

[#### 面对性命攸关的时刻，如何实现可靠的医疗物联网安全](https://www.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/?lang=zh-hans)

### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

[#### 利用业界首创的 AIOps for NGFW 革新防火墙运行](https://www.paloaltonetworks.com/blog/2022/03/industry-first-aiops-for-ngfw/?lang=zh-hans)

### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown)

[#### Prisma Access 是保护远程用户安全的领先云服务](https://www.paloaltonetworks.com/blog/2021/08/prisma-access-leading-cloud-service-secure-remote-users/?lang=zh-hans)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language