Combating Advanced Persistent Threats through Artificial Intelligence: An Algorithmic Approach

This essay emphasizes the significance of leveraging Artificial Intelligence (AI) tools to combat Advanced Persistent Threats (APTs). Central to this study is the theoretical framework describing the design and evaluation of algorithms that analyze very large datasets of security-related consultation items. Algorithms for the aggregation of such datasets are also developed along with a detailed methodology to ensure sufficient statistical significance. To test the research hypothesis, the designed algorithms were used to analyze a large dataset containing detailed data on APT campaigns. APT campaigns involve a chain of distinct attacks aimed at obtaining control over computational assets. APT campaigns are important cyber security threats as they are difficult to detect and are part of a lucrative black market currently worth hundreds of billions of dollars. Refined tools for launching and managing APT campaigns are supplied to criminal organizations and state actors through Growth Hacking, Inbound Marketing, and other B2B services. Networks of controlled computational assets infiltrated by sell-side ad networks are extensively leveraged by these tools. Improved algorithms have been developed for coordinating content consumption and carrying out hacking and phishing attacks. These data are kept in a unique, bottom-up event model that describes the lifecycle of APT campaigns and considers their participants’ limited knowledge. In the spirit of open science, collection, deduplication, labeling, and feature engineering scripts, dataset splits, data dictionaries, and other materials have been released along with the results of this study. The developed algorithms were used to train and evaluate predictive models for the lifecycle stages of APT campaigns and the decision to bond with them. By yielding new domain knowledge and insights, this study encourages researchers to co-create domain-specific machine-learning algorithms with practitioners focusing on countermeasures and highlights the need for a new multi-disciplinary field merging “Growth Hacking, Inbound Marketing, and Early-Stage Venture Cyber Security VC Strategies” ¹ .