Abstract: Advanced persistent threats have become the major threats of highly protected networks. Traditional detecting technologies were not able to find out APT attacks which were targeted, pretended and persistent. As a result, novel detecting technologies have become the hot topic in the field of APT defence. Firstly, concrete descriptions of the six phases of APT attacks were provided combined with typical technologies and theories of APT, the features of APT attacks were conduded. Secondly, the current research situation of frameworks defending APT was illustrated, and the research points and recent developments of four key technologies including anomalous detection of network flow, anomalous detection of malevolent codes, security events mining in social networks and correlation analysis of security events were analyzed. Finally, both the comprehensive defending framework and the detecting framework based on intelligent feedback were established, and the challenges and developing directions of detecting technologies in the process of dealing with APT attacks were pointed out.

Key words: network security detection; advanced persistent threat; big data analysis; intelligent feedback; correlation analysis