篇名 | The Study of Using Big Data Analysis to Detecting APT Attack |
---|---|
卷期 | 30:1 |
作者 | Chung-Hsin Liu 、 Wei-Hung Chen |
頁次 | 206-222 |
關鍵字 | APT 、 big data 、 Splunk 、 EI 、 MEDLINE 、 Scopus |
出刊日期 | 201902 |
DOI | 10.3966/199115992019023001020 |
An advanced persistent threat (APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. Once an attack is successful, then the system timely detection is of paramount importance to mitigate its impact and will prohibit APTs from further spreading. For the early detection APT threat, this study proposes a detection mechanism, using Big Data and Splunk analysis, then using data mining techniques to find malicious IP position. Through the experimental results, decision tree algorithm is used as the best prediction model, and in the predictive model, the detection rate increased to 99%. Finally, this study established an alert system, can achieve real-time threat detection APT effect.