USING BEHAVIOR-BASED ANALYSIS TECHNIQUES FOR ADVANCED PERSISTENT THREAT ATTACK DETECTION AND RESPONSE, SYSTEM AND METHOD FOR THEREOF

摘要

An intelligent persistent attack detection and response system by using a behavior-based analysis technology according to one embodiment of the present invention comprises: a function audit module for managing an operation of entire module and for supporting an audit thereof; an audit policy module for defining a target scope of auditing of system state and for managing a standard policy for determining a validity of an attack; a system state audit module for retrieving the target scope of auditing as defined in the audit policy module and for performing an audit on a state of audit target and determining, upon detection of an audit violation act, a validity of the attack and for analyzing an attack type thereof and a scope of damage; and an audit violation response module for receiving a result of the attack analysis from the system state audit module and for deriving response measures corresponding to the attack and for executing the response measures.