A Survey of Advanced Persistent Threats Attack and Defense

Advanced Persistent Threats (APT) are a complex attack method aimed at specific targets to steal high-value sensitive information or damage the target organization's infrastructure. The attackers patiently and constantly look for new methods to invade each endpoint in the target network system and formulate different attack strategies in different links. This purposeful, organized, and premeditated group targeted attack seriously threatens the country and the enterprise network security. Some of the proposed APT detection defense methods apply only to individual stages of attacks. They are constrained to the study of APT attack detection defense as a whole (from detection to target completion). In this survey paper, we first introduce the origin and attack mechanism of APT and compare it with the traditional attacks. We summarize a universal five-stage APT attack model, listing attack techniques and methods of different stages, which provide the basis for the design of threat detection defense framework, and finally, the optional detection defense techniques for different attack stages.