An APT Attack Analysis Framework Based on Self-define Rules and Mapreduce

Abstract

The essence of Internet security is information security, as more and more industries rely on the Internet, in order to protect the information security of these industries, spawned local area networks (LANs), intranets and so on. With the development of information sensor technology, the Internet of Things (IoT) that interconnects physical devices has emerged. As a unity of computing process and physical process, the Cyberphysical systems (CPS) is the next generation intelligent system which integrates computing, communication and control. CyberPhysical systems cover a wide range of applications, including intelligent transportation systems, telemedicine, smart grids, aerospace, and many other fields, many of which involve critical infrastructure. The APT attacks are typically directed against these critical infrastructures around the world. So, timely and accurate detection APT attacks and take effective defensive measures, it is meaningful to protect the national information security. Although APT attacks seem destructive, their attack process are complex and changeable, in essence, they usually follow certain rules. This paper proposes an APT attack analysis framework based on the APT attack rules and current mainstream detection technologies. The framework iteratively matches the collected data with the cyber security knowledge graph, and implements constraints relies on the cyber security knowledge graph and self-defined attack rules, thereby realizing the current security status of the network in real time.