Recent malicious activities and advanced persistent threat (APT) attacks use an approach that is similar to a zero-day attack technique, making malicious code detection difficult. In an APT network attack, an unauthorized person gains access to a network and remains undetected for a long period of time. APT attacks are a complex threat because they use highly technical methods, using network vulnerabilities in order to avoid high-security detection techniques. They also use traditional hacking techniques to increase their success rate. Usually, APT attacks cannot be identified or detected until the security incident damage has occurred. Therefore, research for a precise detection method that can comprehensively analyze and respond to APT attacks is needed. In this paper, the extraction of normal behavior and anomaly patterns to detect the anomalies of APT attacks on the target system is discussed. Using this approach, a method to detect anomalies by mining unknown anomaly patterns is proposed.

• 出版日期2017-3