This paper takes snort as the core and builds the defense system of APT attack-based intrusion detection module based on hierarchical distributed network， and proposes a new OTN dynamic matching algorithm. Firstly， the characteristics of APT attacks are introduced. Then a set of snort-based defense detection model for APT attacks is proposed. Based on the original three-step dynamic adjustment algorithm of snort， a new dynamic matching algorithm is proposed. Finally， a new dynamic matching algorithm is proposed. Using the original dynamic matching algorithm and the new dynamic matching algorithm to do the contrast experiment， the final result is compared and analyzed. and the conclusion is that the distributed network detection model using the new dynamic matching algorithm can better meet the needs of network security protection.