Towards Developing Data-Driven Detection Methods for Advanced Persistent Threats In Multi-Domains

The cyber security field of advanced persistent threats is studied in this thesis. Cyber threat intelligence data is used for the analysis of behaviour, identifying a consensus system-driven behaviour and comparison of detection techniques and challenges. Behaviour insights are revealed, namely attack artefacts relating to burn, churn and survival. Data driven features are studied given this behaviour. And a broad log-based detection comparison study demonstrates the ability to adapt data to multiple domains for detection. The outcomes of this is insights into how top cyber threats operate, means to detect them, and understanding how broader security controls can be constructed.