AI-Driven APT Detection Framework: Early Threat Identification Using ML
EasyChair Preprint 15109
8 pages•Date: September 27, 2024Abstract
An increasing number of hacktivists, state sponsored hackers, cybercriminals, cyber terrorists, cyber spies,
and cyberwarfare warfighters are attacking the systems. A balance between real-time cyberattack detection, cyber threat
intelligence, and, most importantly, cyber early warning capability is needed for a successful cyber security strategy. Cyber threats are tough and complex to describe since it is challenging to pinpoint the origin of the attack. The motivation driving them, or even to forecast how the attack will play out in realtime. The challenge of drawing boundaries between national or international, public or private objectives makes it more difficult to identify cyber threats. The fight to counteract cyber threats is dynamic and ever more difficult because they are worldwide in scope and entail quick technological advancements. In this study, we focused on the cyber-kill chain, proposed a universal/generic cyber-kill chain model, and analyzed various Advanced Persistent Threat(APT) cyber-kill chain steps/concepts. We focused on the detection of Advanced Persistent Threats by using different machine-learning models like XGBoost, Random Forest, Decision tree, Adatboost, and K Nearest Neigbor in real-time and achieved an accuracy of 99.95% by using the model of XGBoost.
Keyphrases: AI, APT, APT detection, Advanced Persistent Threat, Artificial Intelligence, CKC, Cyber Kill Chain, Decision Tree, Internet of Things, IoT, Kill Chain, PCA, PKI, Pearson correlation, Principal Component Analysis, Principal Component Analysis PCA, Prior Knowledge Input, RF, Random Forest, Security Information and Event Management, advanced persistent threat apt, advanced persistent threat apt attacks, configuration management database, detection of advanced persistent, feature extraction, feature score, learning and deep learning, prior knowledge
