Classification of Advanced Persistent Threat（APT）, and a proposal for reducing threats

Abstract

APT（Advanced Persistent Threat） has been discussed in recent years because the APT has caused huge damage to the company and organization around the world. For example, “Operation Aurora” which Google has been attacked with suffered a serious damage in Jan. 2010and” Stuxnet” which attached to SCADA and was discovered in Jun. 2010. After that the number of incident reports published for APT is increasing. However, there is no clear definition for APT, and there is no effective and systematic but only ad hoc treatments are taken. This paper, first challenges to define APT through investigation of historical background as a terminology to cover incidents and then consider the appropriateness of a definition which explains its activity and resulted damage. Also, the feature of APT has been categorized and discussed from the viewpoint of targeted information system asset CIA and of a process of activity and deep insight analysis has been carried out to discuss “what is APT?” Finery, the potential direction of the possible measures against APT has been discussed.