icon-carat-right menu search cmu-wordmark

Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection

Technical Report
This report examines the feasibility and usefulness of implementing AI and ML in cyber defense with a particular focus on advanced persistent threats (APTs).
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2024-TR-001
DOI (Digital Object Identifier)
10.1184/R1/25282333

Abstract

This report examines the feasibility and usefulness of implementing artificial intelligence (AI) and machine learning (ML) in cyber defense with a particular focus on advanced persistent threats (APTs). In this report, we examine the current state of AI-enabled APT defense. We begin by describing the stages that an APT must go through to succeed. Next, we perform a commercial market analysis of APT defenses. We then perform a bibliometric analysis to map out the academic research landscape on APTs. We highlight the strengths and limitations of research on the use of AI for APT defense. Finally, we offer practical recommendations that will help organizations start incorporating AI into their layered APT defense strategies.

Cite This Technical Report

Walsh, M., Worrell, C., & Scanlon, T. (2024, August 8). Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection. (Technical Report CMU/SEI-2024-TR-001). Retrieved December 21, 2024, from https://doi.org/10.1184/R1/25282333.

@techreport{walsh_2024,
author={Walsh, Matthew and Worrell, Clarence and Scanlon, Tom},
title={Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection},
month={{Aug},
year={{2024},
number={{CMU/SEI-2024-TR-001},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/25282333},
note={Accessed: 2024-Dec-21}
}

Walsh, Matthew, Clarence Worrell, and Tom Scanlon. "Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection." (CMU/SEI-2024-TR-001). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, August 8, 2024. https://doi.org/10.1184/R1/25282333.

M. Walsh, C. Worrell, and T. Scanlon, "Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2024-TR-001, 8-Aug-2024 [Online]. Available: https://doi.org/10.1184/R1/25282333. [Accessed: 21-Dec-2024].

Walsh, Matthew, Clarence Worrell, and Tom Scanlon. "Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection." (Technical Report CMU/SEI-2024-TR-001). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 8 Aug. 2024. https://doi.org/10.1184/R1/25282333. Accessed 21 Dec. 2024.

Walsh, Matthew; Worrell, Clarence; & Scanlon, Tom. Toward the Use of Artificial Intelligence (AI) for Advanced Persistent Threat Detection. CMU/SEI-2024-TR-001. Software Engineering Institute. 2024. https://doi.org/10.1184/R1/25282333