APT-DFLC: A Defense System Framework against APT Attack for High Security Level Network Based on Life Cycle

• Published in: 2024 4th Asia-Pacific Conference on Communications Technology and Computer Science (ACCTCS) pp. 730 - 736
• Main Authors: Chen, Daowei, Zhu, Pengfei, Yan, Hongsheng, Yang, Chen
• Format: Conference Proceeding
• Language: English
• Published: IEEE 24.02.2024
• Subjects: APT; Communications technology; Computer science; defense system; Finance; Framework Design; Government; Life Cycle; Machine learning; network; Reviews; Systematics
• DOI: 10.1109/ACCTCS61748.2024.00135

APT attacks with concealment features and zero-day vulnerability utilization have become a major threat to high-security network environments such as government, finance and energy institutions. However the existing APT attack detection and defense methods based on dynamic analysis, anomaly detection and machine learning are mostly aimed at a single stage, this is obviously not enough for APT attack with multiple links and multi-stage characteristics. It is a meaningful work to study how to prevent APT attack comprehensively and deeply. This paper firstly reviews and analyzes the APT attack life cycle and APT attack defense mechanism of high security level network, then puts forward the defense system framework of APT attack for high security level network based on life cycle. This framework has the characteristics of full cycle, multi-level, and systematic defense deeply, which can prevent APT attacks from multiple dimensions. And we also analyzes the key problems of each part of defense. Our framework will provide the ability for high security level network to defense the complex multi-source APT attacks.