关键词: 高级可持续性（APT）攻击, 攻击检测, 行为分类, 行为量化

Abstract: The complexity and variety of APT attack increase the difficulty of detection, which is one of the most significant limitations in the research of APT. Based on the existing research, this paper proposes a phase-based classification and evaluation method of APT attack behaviors. By understanding the basic concept of APT, the phase-characteristic is analyzed and summarized. According to the target of each phase, the attack behaviors are fine-grained classified to build the classification framework of APT attack behavior. The primary impact factors which directly influence the performance of attack are extracted and quantified on the basis of each category’s features. These factors are used for guiding the selection as well as the detection of attack-behaviors. The experimental result shows that the proposed method can truly reflect the actual situation of attack and performs well in validity and accuracy.

Key words: APT attack, attack detection, behavior classification, behavior quantification