Security Architecture to Deal with APT Attacks: Abnormal Discovery

Threat is a potential damage to specific systems, organizations and their assets. It exists in the process of various prolonged attacks to the targets by attackers in light of their task requirement. Facing advanced persistent threat (APT), the existing security architecture cannot help the victims to detect the threat in time before serious economic losses are caused. Based on the in-depth analysis of the denotation and connotation of threat, this paper explores defense models to threat in details and proposes a theoretic security and defense framework to deal with the APT: abnormal discovery, so as to solve the problem of threats detection. As the prerequisite of defensing policy and protective deployment, abnormal discovery can provide the necessary information for making an effective and targeted defensing policy through discovering the abnormal in the environment in real time and in multi dimension, unscrambling unknown thread and analyzing the attackers purpose. “Wizeye”, a security architecture based on abnormal discovery is designed and proposed. With high and low monitoring technology coordination, it can monitor and detect the APT from its source, pathway and terminal.