Comprehensive Event-Time-Action Threat Intelligence To Prevent Advanced Persistent Threats

Abstract

The overall efforts and expenses put across by the organizations and institutions to protect their sensitive information from the larceners has drastically elevated in the recent past with the enhancement and sophistication of advanced persistent threats (APT) attacks, yet obfuscation that these APTs create while in business are proving these organization’s and institution’s security systems feeble. To prevent the APT’s proliferation, the computer security systems shall get out-of-the-box solutions that can challenge the invaders. The proposed comprehensive event-time-action (CETA) threat intelligence has come up with such a model. The basic cons of the existing security systems is to go with the flow which they have found in forensic investigation of the attacks that APTs have made. The CETA model uses the pattern and procedures that the APTs follow, as proposed by Lockheed Martin’s intrusion kill chain (IKC), with a new shade every-time. CETA with the consolidation of shuffle-selective-search module, octa-secured entry module, ensnare the invader module and machine learning tools has successfully detected and with better efficiency has prevented the APT’s attacks trails. The rigorous experiments with penetration tests and vulnerability exploitations the CETA model has found that sensitive information system could not be breached with success rate of 97.43% of prevention and 98.67% accuracy of detection of the attacks by the APT’s spear phishing and social engineering attack vectors.