A Theoretical Model for Detection of Advanced Persistent Threat in Networks and Systems Using a Finite Angular State Velocity Machine (FAST-VM)

Abstract

Intrusion detection systems have undergone numerous years of study and yet a great deal of problems remain; primarily a high percentage of false alarms and abysmal detection rates. A new type of threat has emerged that of Advanced Persistent Threat. This type of attack is known for being sophisticated and slow moving over a long period of time and is found in networked systems. Such threats may be detected by evaluation of large numbers of state variables describing complex system operation and state transitions over time. Analysis of such large numbers of variables is computationally inefficient especially if it is meant to be done in real time. The paper develops a completely new theoretical model that appears to be able to distill high order state variable data sets down to the essence of analytic changes in a system with APT operating. The model is based on the computationally efficient use of integer vectors. This approach has the capability to analyze threat over time, and has potential to detect, predict and classify new threat as being similar to threat already detected. The model presented is highly theoretical at this point with some initial prototype work demonstrated and some initial performance data.