This essay highlights the importance of leveraging Artificial Intelligence (AI) tools to combat Advanced Persistent Threats (APTs). Central to this study is the theoretical framework describing the design and evaluation of algorithms that analyze extensive datasets of security-related consultation items. Algorithms for aggregating such datasets are also developed, along with a detailed methodology to ensure adequate statistical significance. To test the research hypothesis, the designed algorithms were used to analyze a large dataset containing detailed information on APT campaigns. APT campaigns involve a series of distinct attacks aimed at gaining control over computational assets. These campaigns are significant cybersecurity threats because they are difficult to detect and are part of a lucrative black market worth hundreds of billions of dollars. Refined tools for launching and managing APT campaigns are supplied to criminal organizations and state actors through Growth Hacking, Inbound Marketing, and other B2B services. Networks of controlled computational assets infiltrated by sell-side ad networks are extensively exploited by these tools. Improved algorithms have been developed to coordinate content consumption and carry out hacking and phishing attacks. Data are stored in a unique, bottom-up event model that describes the lifecycle of APT campaigns and accounts for the limited knowledge of their participants. In the spirit of open science, scripts for collection, deduplication, labeling, and feature engineering, along with dataset splits, data dictionaries, and other materials, have been shared alongside the results of this study. The developed algorithms were used to train and evaluate predictive models for the lifecycle stages of APT campaigns and the decision to engage with them. By providing new domain knowledge and insights, this study encourages researchers to co-create domain-specific machine-learning algorithms with practitioners focusing on countermeasures and emphasizes the need for a new multidisciplinary field merging “Growth Hacking, Inbound Marketing, and Early-Stage Venture Cyber Security VC Strategies” 1.
Pedro Ramos Brandão (Tue,) studied this question.