A Framework for the Detection of Advanced Persistent Threats (APT) using Cyber Incident Preports

Abstract

Advanced persistent Threast are one of the largest threast in todays cybersecurity beacause they are defined by their stealty operation, longevity and purposeful goals. usually perpetrated by well funded, sophisticated attackers, APT;s attempt to gain access to targated infrasturctures, lie dormant for prolonged periods raanging from weeks to dozens of months, Traditional security controls are usually blind to these sophisticated threats, especially when the available threat intelligence is stuck in unstructured, human created sources like blogs, advisories, and incident reports. This thesis discusses the design and implementation of an artificial intelligence driven automated system that able to identify advanced persistent threat (APT) activity from open-source intelligence Reports. the text passed through a spacy natural language processing model that tailored to extract entities related to cybersecurity. For more contextual analysis, bigram as well as trigram phrase modeling techniques are employed to merge meaningful threat phrases. The phrases are then matched The technique belongs to specific apt group so that they are verified using a test set consisting of over 1,023 real world cybersecurity reports, This reasearch supports automated cyber threat intelligence by bridging unstructured OSINT and structured APT analysis thereby anabling scalable and effective real time APT detection.