Innovative Techniques for Cyber Threat Management Against Advanced Persistent Threats (APTs)

Abstract

The information age has been revolutionizing the world by bringing a plethora of opportunities with associated challenges. Cyber threats are eminent due to the increased dependence on the internet and the information infrastructure. The rapid evolution of cyber threats, particularly Advanced Persistent Threats (APTs), has highlighted the critical need for comprehensive and innovative threat management techniques. Detection of targeted attacks requires innovative and cutting-edge techniques for timely mitigation. The research examines a mul tipronged approach by considering the way existing solutions can be upgraded and the way new technology domains can be incorporated for the cyber threat management of APTs. C2-DNSEye, an encompassing framework has been intro duced for detecting APTs, during developmental stages through the discovery of command and control channels, established by employing the Domain Name Sys tem (DNS). C2-DNSEye integrates host-specific activity with the corresponding network-specific activity, to determine the maliciousness of a DNS request. C2- DNSEye enables the detection of targeted attacks with an F1-Score of 98.70%. Likewise, the emerging technology domain of digital twins has been incorporated for effective cyber threat management. A novel intrusion indicator-based ontol ogy modelling has been defined to facilitate the adoption of digital twins for APTs simulation and orchestration in the virtual environment. The ontology modelling facilitates the virtual replication of physical systems for threat monitoring and prediction through simulation and real-time input of attack indicators. The ontol ogy delineates mechanisms to determine the operational effectiveness and cyber readiness of the Critical Information Infrastructure (CII) through virtual mod elling, attack simulation, and anomaly detection. APT campaigns of HoneyBee, Sunburst, Hangover, Fin7 and DarkHotel have been evaluated under the pretext of the proposed ontology. Furthermore, the ontology modelling stipulates threat hunting mechanisms to make CII cyber resilient.