Nip in the Bud: Forecasting and Interpreting Post-exploitation Attacks in Real-time through Cyber Threat Intelligence Reports

arXiv:2405.02826v1 Announce Type: new
Abstract: Advanced Persistent Threat (APT) attacks have caused significant damage worldwide. Various Endpoint Detection and Response (EDR) systems are deployed by enterprises to fight against potential threats. However, EDR suffers from high false positives. In order not to affect normal operations, analysts need to investigate and filter detection results before taking countermeasures, in which heavy manual labor and alarm fatigue cause analysts miss optimal response time, thereby leading to information leakage and destruction. Therefore, we propose …

advanced advanced persistent threat and response apt arxiv attacks cs.cr cyber cyber threat cyber threat intelligence detection detection and response edr endpoint endpoint detection endpoint detection and response enterprises exploitation false positives forecasting high intelligence normal order persistent persistent threat post-exploitation potential threats real reports response systems threat threat intelligence threats