Phantom flow is cyber threat detection and response system that uses the concept of adaptive intrusion detection and response to address the dynamic nature of cyber threats. This system uses a combination of machine learning and deception to address the dynamic nature of cyber threats. This system collects information from the internet, API processes, user processes, credential processes, database queries, and other devices that are connected to it. This system uses advanced mathematical techniques like Count-Min Sketch, HyperLogLog, Markov Chain models, and statistical techniques like EWMA and MAD for the classification of attacks. This system uses a reinforcement learning-based decision engine to determine the best course of action to take in responding to the cyber attacks. This system uses graph technology and the Neo4j graph database to detect complex attacks like lateral movement and multi-vector attacks. This system uses the CICIDS2017 and CICIDS2018 datasets to evaluate this system. This system can attain a level of 98% accuracy in detecting attacks while at the same time ensuring that false positives are minimized and the response time to the attacks is less than 10 milliseconds. This system uses peer-to-peer communication and can proactively improve security to prevent future attacks.
G et al. (Thu,) studied this question.