Cyber Sentry Apt Detection from Incident Report

Abstract

Incident reports serve as a crucial resource for the identification and mitigation of Advanced Persistent Threats (APTs) in the realm of cybersecurity. This project presents a holistic solution for APT detection, categorization, and response by analyzing incident reports gathered from diverse sources. Utilizing cutting-edge Natural Language Processing and machine learning techniques, our system processes PDF-based incident reports, extracting vital textual data. State-of-the-art machine learning models, such as SciBERT from Hugging Face, are employed to accurately classify techniques described in these reports. Through a user-friendly web interface, users can submit PDF reports for analysis. The content undergoes preprocessing, and APT techniques are classified with exceptional precision. Furthermore, our system links these techniques to the MITRE ATTACK framework to discern the most similar APT groups. In the ever-evolving landscape of cyber threats, this project addresses the critical need for APT identification and comprehension, fortifying incident response in cybersecurity. While constrained by limited training data and computational resources, our system’s performance reflects potential for enhancement with larger datasets and increased computational power. The ability to efficiently classify techniques and connect them to recognized APT groups lays the groundwork for bolstering threat intelligence, incident response, and the wider cybersecurity domain. This project also underscores the prospects for future improvements in model accuracy and processing speed Keywords: APT Detection, Incident Reports, Cybersecurity, Machine Learning, Natural Language Processing, MITRE ATTACK, PDF Analysis.