A MACHINE LEARNING AND RULE-BASED HYBRID APPROACH FOR ADVANCED PERSISTENT THREAT DETECTION

Abstract

Advanced Persistent Threats present major risks to organizational security because attackers maintain access to target systems for extended periods while using sophisticated evasion methods. This study develops a hybrid intrusion detection framework that integrates signature-based rules with Isola- tion Forest for anomaly identification, combined with MITRE ATT&CK technique mapping to enhance threat recognition and forensic investigation. The proposed system applies feature extraction, signature matching, and machine learning-driven anomaly detection to analyze network flow records from the CIC- IDS-2017 dataset containing 2.8 million flows. Evaluation results demonstrate 92.6% accuracy, 91% precision, 89% recall, and an ROC-AUC score of 0.96. Performance comparisons are conducted against traditional signature-based tools using benchmark data.