Methods, systems for preventing an APT attack and non-transitory machine-readable storage mediums are disclosed. In one aspect, communication data is obtained in a network, association analysis is performed for the communication data, threat data is obtained from the communication data based on an association analysis result, each piece of the obtained threat data is mapped to a corresponding APT attack phase based on a kill chain model; and for each piece of the threat data, prevention is performed for a network entity associated with the piece of the threat data based on prevention strategies corresponding to the plurality of APT attack phases.
展开▼