Authors - Peruru Gayathri, Rohini M, Anand R Nair Abstract - Cyber threats are getting more sophisticated and conventional security solutions are not keeping up with detecting cyber-attack. In this research, a hybrid detection and prediction system for TTP (Tactics, Techniques and Procedures) based on deep learning and graph-based is presented. The planned study is based on an analysis of data originating from cyber security systems at large scale, which can be used to detect attack patterns and correlations of attacks. Host logs and threat intelligence data are trained using deep learning models to detect discriminative features, while graph-based models are used to model the structural relationships between users, systems, and attack patterns. Combined these techniques will result in more complex attacks and lateral movement being easier to detect. It also assumes probable attack methods to move to the next level, so that it can predict the attacks and take proactive actions to mitigate attacks in the future. The entire predictive and graph based solution enhances threat visibility and threat response speed, while boosting threat detection accuracy. The system enables the detection of the APTs and real time monitoring them by the Cyber Security analysts. The experimental results show that the highest accurate transformer is able to achieve 95% classification accuracy, and the graph neural network is demonstrated to achieve 78.26% accuracy for predicting next technique. The framework has been shown end-to-end, with the intent of showing it can be utilized as an extra layer of Intelligence on the enterprise security side, with Splunk.
Open Zoom