Despite the large numbers of malware programs, Advanced Persistent Threat (APT) has an appreciable impact in attack environment nowadays. APT is a deliberately cyber-attack that is utilized to target specific and sensitive information in systems without revealing itself. APTs usually use several methods of attack to have possibility of unauthorized access to system and get the targeted information. This survey studies and analysis three types of attack model and consider the attack pyramid as the model of APTs attack. Also, we present a detection framework as well as the methodology of its implementation. The method proposes to use the MapReduce operation to evaluate all the possible events and context where the attack might take place. The results show that using these methods will improve the performance as well as reduce the overall load