Enhancing Enterprise Network Security with Machine Learning: An In-Depth Analysis of Advanced Persistent Threat Detection

Sophisticated cyberattacks known as Advanced Persistent Threats (APTs) gradually create an undetectable network presence in order to access confidential data. APTs are carefully planned to infiltrate specific organizations, evading existing security measures. These attacks require high customization and sophistication, often executed by well-funded, experienced cybercriminal teams. Adversaries target high-value organizations, exploiting identified vulnerabilities. APTs pose a significant risk to enterprise network security, necessitating innovative detection methods. This study investigates the application of machine learning (ML) techniques to detect APTs in enterprise networks. Utilizing network traffic data and threat intelligence feeds, our approach demonstrates superior APT detection capabilities compared to traditional signature-based methods. Experimental results validate the effectiveness of our framework, contributing to the advancement of AI-powered threat detection and enhanced enterprise network security. The objective of this paper is to enhance network security by investigating the use of ML techniques in enterprise networks to identify APTs. Gradient Boosting is a potent ML method that, when applied to the CICIDS2017 dataset, can detect APTs with superior recall, accuracy, precision, and F1-score compared to other algorithms.