A Network Gene-Based Framework for Detecting Advanced Persistent Threats

Abstract

Advanced Persistent Threat (APT) poses a serious threat to cyber security, and its unique high unpredictability, deep concealment and grave harmfulness make the traditional network monitoring technology facing unprecedented challenges in the background of massive and complicated network traffic. This paper aimed for the urgent demand of APT network monitoring. Relying on the rapid development of big data analysis and cloud computing technology, to draw lessons from biology gene concept, we put forward a new connotation of the network gene to depict the semantic-rich behavior characteristics pattern of network applications. Through the organic combination of network protocol reverse analysis and the network data stream processing technology, we established a set of basic theories and technical architecture of network gene construction and calculation, forming a new detection framework for APTs to support the construction of intrusion-tolerant network ecological environment.