中文摘要：

大数据时代下,将大数据分析技术引入高级可持续性攻击防御体系是必然趋势.充分考虑高级可持续性攻击防护框架的需求,充分考虑所有可能的攻击模式和防护方法,基于大数据分析技术提出了一个参考性的APT防护框架.利用大数据技术对监控检测数据进行深度关联分析,不仅能够综合分析目标系统是否存在被攻击的风险,实现事前预警,也可对当前受到的攻击威胁进行综合研判,更加准确地理解意图和反向追踪,从而及时采取相关的策略阻止攻击,实现事中阻断;还可同时对安全审计信息进行大数据分析,根据追踪路径重现数据的历史状态和演变过程,实现事后审计溯源.

英文摘要：

In the age of big data, the introduction of big data analytics technology to advance persistent threat defense system is inevitable. Based on big data analysis technology, the paper proposed a reference framework for protection of advanced persistent threat, fully considering the requirement of advanced persistent threat protection framework, all the possible attack mode and protection methods. Through deep correlation analyzing the monitoring data by big data technology, we could not only obtain a comprehensive analysis about if the target system in the risk of being attacked to achieve pre-warning, but also detect the ongoing attacks and understand the intent more accurately to achieve real-time blocking. Meantime, according to track the data path to reproduce the historical status and evolutionary process . post audit traceability is realized.