阅读材料：Malware triage for early identiﬁcation of Advanced Persistent Threat activities
Advanced Criminal minds behind attacks utilize the full spectrum of computer intrusion technologies and techniques. While individual attacker may not be classed as particularly “advanced” (e.g. single stage malware component found on the black market), their operators typically access and develop more advanced tools as required.
Persistent Criminal operators give priority to a speciﬁc task, rather than opportunistically seeking immediate ﬁnancial gain. The attack is indeed conducted through continuous monitoring and interaction in order to achieve the deﬁned objectives. A “low-and-slow”approach is usually more successful.
Threat The attack has a malicious nature. Malevolent attacker have a speciﬁc objective and are skilled, motivated, organized and of course well funded. Moreover this advanced attacks are strongly targeted in order to overcome all the general defences that one can apply.
- 侦查阶段 攻击者进行长时间地精心准备，搜集个人敏感信息和安全漏洞，熟悉目标网络环境，定位关键敏感信息的存储位置和通信方式。
- 前过滤阶段 （达成目的）
帐号，并最终突破 ＡＤ（Active Directory，活动目录）服
through the changing of the classiﬁcation approach, moving from a single Multi-Class
Classiﬁer to a set of One Class classiﬁers.
malware developed by known APTs have been detected with a precision of 100% and an accuracy up to 95%.