Advanced persistent threat (APT) is extremely dynamic. Recently, new modus and techniques have been developed rapidly to overcome known detection methods. This design proposed new approach through a combination of previously successful mitigation techniques especially based on the DNS traffic analysis that directly represents APT challenges. Our preliminary experiment shows better accuracy and faster response in detecting suspicious behavior.

APT, DNS, traffic analysis, anomaly detection.