| In this paper, we introduce the nature of advanced persistent threat(APT) and its attack techniques,analyse the APT attacks’ technical details of the cases in recent years.From attackers exposure risk, implementation of cost,may be detected, the implementation of the cost of remediation, defense and the difficulty of forensics investigation analys is of APT attacks of the characteristics of the dangerous phase.Combined with the four common APT testing technology, sums up the evolving law of APT defense strategy, Put forwarddefense strategy based on APT attacks chain block, in different s tages with different detection combination attack methods can effectively block the APT attacks. Through to the APT attacks continue to follow up, find the new trend and new attack methods include: precision fishing, senior hidden technology, puddles and attack, using social attack Tor network, remote control more diverse and fine, advanced volatile threat, etc. Put forward using "activetechnology " and "variabletechnology" thoughts of APT mitigation strategy, from the construction of elastic network and safety system engineering, alleviate the impact of APT attacks.Artic le focuses on analyzing the new APT to escape the sandbox detection technical details, from the human-computer interaction, special, special environment, the typical characteristics in this paper, the virtual machine system aspects to avoid sandbox detection means;Points out the shortage of existing APT sandbox detection system, and puts forward the main technical points of the new APT sandbox detection system based on vulnerability and the lure of new APT defense mode.Defense from the view of forensics and response, based on multistage endpoint forensics and response of senior defense threat, senior defense architecture, chain model and D-S evidence according to the theory of fusion diagnosis decision model in detail, build synergy overall defense system of real-time forensics and rapid response. |
PDF Full Text Request