| This thesis introduces the advanced persistent threat to APT(Advanced Persistent Threat)concept,introduces its various attack methods and attack characteristics,technical details of the APT attack case analysis in recent years.From the attacker exposure probability,the attack cost may be detected,the implementation of remedial cost,characteristics of dangerous stage defenses how much evidence and the difficulty of the investigation analysis of APT attack.The solution introduces several common defenses APT,this scheme has the defense APT attack in the advantages and disadvantages.In view of the fact that APT has the characteristics of long latency,and longtime accumulated data,alarm log is enormous,in order to ensure the efficiency of analysis requires the use of distributed computing platform for analysis,using the existing mature technology to build big data,big data analysis platform,using flume acquisition alarm log file Hadoop offline data analysis,Kafka and spark streaming for real-time analysis,ensure the large amount of data,efficiency of the implementation of the algorithm.This thesis introduces the data mining,introduces the traditional Apriori algorithm,and applies it to the intrusion detection system,and tests the data analysis platform.This thesis focuses on the concept and characteristics of APT are introduced,the current mature APT defense solutions,whereas APT defense process will produce a large amount of data,to build a big data analysis platform uses big data technologies mature,convenient for data mining,introduces the traditional Apriori algorithm and its application to intrusion detection system,improved algorithm make it suitable for distributed computing platform,built in the big data analysis platform for testing,gives the final test results and draw conclusions. |
PDF Full Text Request