Research On Apt Attack And Defense Technology Based On Distributed Network

With the emergence of modern communication technologies and new Internet technologies, connectivity between different kinds of network has become more and more easily to implement. Such as, people can exchange information between the IP network and industrial network because of the emergence of Industrial Ethernet technology. The network attacks began with the birth of networking technology. Now, a means of network attacks called APT has become the major threats to network security, and the traditional network security technologies (firewalls) has been unable to respond effectively to it. Therefore, the research on APT attacks and detection and prevention strategy is very necessary.The dynamic network security has been a high-profile technology because of its active defense strategy and good performance.The dynamic network security technology including intrusion detection and intrusion prevention. Usually, the combination of these two technologies and other skills can provide an effective defense and detection capability. Intrusion prevention contains testing process and the corresponding response. Snort, an open source software, is well known as an excellent lightweight intrusion detection system. It has better detection performance, responsiveness and scalability. Snort can be expanded as an intrusion detection and prevention system in combination with other techniques. The system has the abilities of intrusion detection and proactive defense.In this paper, the intrusion detection for APT attack defense system has beening built, which adopts the hierarchical distributed network deployment and bases on the Snort. The system can detect and respond to the network intrusion behavior, and output the alarm information to the management platform. In order to improve the detection efficiency and the defensive performance of the system, the paper pay an attention to the Snort rules analysis. And then, an improvement rule matching alogorithm had been given. A new management level called Snort rules management level has been put forward, which main work is to manage the rules update. This management level can reduce the rate of false positives and the rate of non-response.Finally, the paper summarized the experimental results about the improved intrusion detection model. And the experimental results proof the system can effectively protect the APT attacks.