A Review on Multi-step Attack Detection

Multi-step Attacks (MSAs) pose a significant cybersecurity threat, aiming at valuable assets and essential infrastructure across diverse sectors. This study offers an in-depth investigation of methodologies for multi-step attack detection, prevention, and automation (DPA). It looks at terms such as ‘multi-stage’ and ‘composite’ attacks, highlighting shared characteristics, including their complexity, persistence, and evasion tactics. The document highlights the significant obstacles contemporary detection systems encounter, especially in managing high-dimensional data, comprehending the sequential characteristics of attacks, and sustaining real-time detection efficacy. The research employs comprehensive visualizations and statistics to demonstrate industry-specific behaviors associated with these challenges. The study assesses the pros and cons of machine/deep learning and graph-based approaches using performance metrics, execution time, and cross-dataset analyses. This review significantly identifies prevalent concerns across multiple research studies and their respective frequencies. This underscores the necessity for more dependable, robust, and scalable approaches capable of adapting to the expanding threat landscape, including zero-day vulnerabilities. This review offers scholars and practitioners novel insights into formulating multi-layered threat identification and response tactics to enhance cybersecurity frameworks. Furthermore, it examines how different methodologies used for threat detection, such as machine learning (ML), graph-based techniques, and large language models (LLMs), address particular challenges such as elevated false positives (FPs), dynamic threat patterns, and high-dimensional data processing, while emphasizing the limitations of existing solutions.