A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model

Abstract

Advancements in computing technology and the growing number of devices (e.g., computers, mobile) connected to networks have contributed to an increase in the amount of data transmitted between devices. These data are exposed to various types of cyberattacks, one of which is advanced persistent threats (APTs). APTs are stealthy and focus on sophisticated, specific targets. One reason for the detection failure of APTs is the nature of the attack pattern, which changes rapidly based on advancements in hacking. The need for future researchers to understand the gap in the literature regarding APT detection and to explore improved detection techniques has become crucial. Thus, this systematic literature review (SLR) examines the different approaches used to detect APT attacks directed at the network system in terms of approach and assessment metrics. The SLR includes papers on computer, mobile, and internet of things (IoT) technologies. We performed an SLR by searching six leading scientific databases to identify 75 studies that were published from 2012 to 2022. The findings from the SLR are discussed in terms of the literature's research gaps, and the study provides essential recommendations for designing a model for early APT detection. We propose a conceptual model known as the Effective Cyber Situational Awareness Model to Detect and Predict Mobile APTs (ECSA-tDP-MAPT), designed to effectively detect and predict APT attacks on mobile network traffic.