| With the development of the Internet, network security becomes more and more important. Nowadays, many governments, organizations and enterprises have put their data on the computer or even on the cloud which makes it more possible to be attacked. Techniques of Network security must be updated in time to defense the attack. Advanced persistent threat(APT) has been a deadly attack in recent years. This kind of attacks always has specific purposes. Attackers always use complicated method to invade and hide for a long time so that they are hard to be prevented by the traditional security systems. Aiming to prevent the APT, the update of IDS is essential. Big data analysis has been used to resist the uncertainty and concealment. Based on the research of traditional IDS, this paper propose an approach to defense the APT attack, using IDS alert logs as data source, hadoop as the big data analysis platform and improved Apriori algorithm as the analysis method. The result has been tested and verified and is in line with expectations. |
PDF Full Text Request