摘要 |
The present invention relates to an apparatus and method for detecting an advanced persistent threat (APT) and, more particularly, to an apparatus and method for providing early warning, in which an Internet service provider (ISP) priorly detects a sign of an APT attack in a network, and takes an action before an accident occurs. According to the present invention, the apparatus for priorly detecting the APT comprises: a node risk calculation unit for calculating a synthetic risk degree with respect to each of the nodes included in a network; a target setting unit for setting at least one target node which is attempted to be protected from the APT among the nodes based on the calculated synthetic risk degree by the node, and at least one among safety distance, an allowable risk degree, and a minimum allowable risk degree with respect to the target node; an attack sign detecting unit for detecting an attack sign within the safety distance of the target node; and a security warning unit for notifying the detected attack sign. |