The present application provides a defense method and defense system against an APT attack. In the defense method, the communication data in the network is acquired, the related analysis is performed on the communication data, the threat data in the communication data is selected based on the result of the related analysis, and each selected threat data is dealt with according to the kill chain model. APT attack stages corresponding to each of the plurality of APT attack stages are protected, and the network entity related to each threat data is protected based on the defense measures corresponding to the plurality of APT attack stages. According to the present application, since the threat data is mapped to the corresponding APT attack stage and appropriate defense measures are adopted for different APT attack stages, the APT attack process is more targeted and more effective against the APT attack. Can be detected and dealt with.
展开▼