| With the development of information technology,people's lives become more and more convenient,e-bank,Paypal and Alipay have an important role in financial industry.However,it also brings a lot of security problems.Compared with traditional network attacks,advanced persistent threats(APT)cause a great loss in recent years.APT aims at country's infrastructure,confidential information and trade secrets of large companies.The characteristics of the APT are a long duration,appropriate targets and others.So the method of defending and detecting APT should also be different.Based on analysis of APT,this paper presented unique ideas on APT defense.We focus on related events in APT through the establishment of "three-dimensional" APT attack model.It aims to correlate events in order to effectively predict and detect APT attack.ADME(APT Defense Model based on related events)has four modules including event correlation module,decision-making system module,alarm module and manual analysis module.In addition,we also in-depth study the specific detection rules associated with ADME.According to the situation that APT attacks often SSL protocol to transfer encrypted information,therefore it is necessary to detect SSL.But the traditional detection of SSL is not appropriate for the ATP attack.So this paper establishes a method to detect SSL which focus on certificate,White lists,black lists and SSL finger prints.In the meantime,because of the lack of the distinction of SSL type,the paper concentrates on a method of SSL finger print.Finally,this paper introduces the trend of APT and emphasizes the detection of APT from technical security and management security. |
PDF Full Text Request