A Framework for the detection of Advanced Persistent Threats(APT) Using Cyber Incident Reports

Advanced Persistent Threats (APTs) represent one of the most significant challenges in modern cybersecurity due to their stealth, persistence, and targeted objectives. These attacks are typically conducted by well-resourced adversaries who infiltrate critical infrastructures, remain undetected for extended periods, and exfiltrate sensitive information or disrupt operations. Detecting APT activity remains difficult, particularly when threat intelligence is embedded in unstructured sources such as blogs, advisories, and incident reports. This study presents an artificial intelligence-driven framework for automated extraction and attribution of APT-related activity from open-source intelligence (OSINT) reports. The proposed system performs structured text extraction from cybersecurity-related sources, applies natural language processing techniques for entity recognition and phrase modeling, and utilizes bigram and trigram analysis to capture context-rich attack descriptions. Extracted threat indicators are mapped to the MITRE ATT&CK framework using semantic matching to infer relevant tactics, techniques, and associated APT groups. The framework further incorporates visualization mechanisms to support interpretability and threat analysis. The approach is evaluated on a corpus of over 1,000 real-world cybersecurity reports, including documents linked to known APT campaigns. Experimental results demonstrate high detection accuracy, effective mapping to ATT&CK techniques, and a reduction in false positives compared to baseline methods. The proposed framework contributes to scalable cyber threat intelligence by bridging unstructured OSINT data with structured adversary modeling, enabling more efficient and systematic APT detection and analysis.