Visible to the public Research and Application of APT Attack Defense and Detection Technology Based on Big Data Technology

TitleResearch and Application of APT Attack Defense and Detection Technology Based on Big Data Technology
Publication TypeConference Paper
Year of Publication2019
AuthorsLiu, Donglan, Zhang, Hao, Yu, Hao, Liu, Xin, Zhao, Yong, Lv, Guodong
Conference Name2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC)
Keywordsactive defense, active defense system, advanced persistent threat, anomaly detection, APT, APT attack, APT attack defense, APT attack detection sandbox technology, Big Data, Big Data analysis technology, Communication networks, computer network security, controllable virtual environment, Correlation, detection technology, dynamic analysis, heterogeneous data sources, high-risk Trojan horses, Human Behavior, invasive software, Malware, Metrics, network security risks, power engineering computing, power grid, power grids, power information system security situation prediction, power system security, pubcrawl, resilience, Resiliency, Scalability, security, security threats, Situation Prediction, telecommunication traffic, Threat Assessment, unknown malicious code
AbstractIn order to excavate security threats in power grid by making full use of heterogeneous data sources in power information system, this paper proposes APT (Advanced Persistent Threat) attack detection sandbox technology and active defense system based on big data analysis technology. First, the file is restored from the mirror traffic and executed statically. Then, sandbox execution was carried out to introduce analysis samples into controllable virtual environment, and dynamic analysis and operation samples were conducted. Through analyzing the dynamic processing process of samples, various known and unknown malicious code, APT attacks, high-risk Trojan horses and other network security risks were comprehensively detected. Finally, the threat assessment of malicious samples is carried out and visualized through the big data platform. The results show that the method proposed in this paper can effectively warn of unknown threats, improve the security level of system data, have a certain active defense ability. And it can effectively improve the speed and accuracy of power information system security situation prediction.
Citation Keyliu_research_2019