ACH Reference Model- A model of Architecture to Handle Advanced Cyberattacks

Abstract

In the modern world, nations and corporates are afraid of highly sophisticated state or nation sponsored cyber attacks referred to as Advanced Persistent Threats (APTs). Attackers are increasingly employing APTs to target susceptible systems. The attack group frequently uses complex strategies and tools during the APT assault process, posing numerous challenges for information security systems. Traditional defence mechanisms and Intrusion Detection Systems (IDS) cannot detect these types of attacks. The Defence system fails when relying on a single approach or method to detect advanced attacks. As attacker uses unique strategies, tools and methods to launch APTs, different layers of defence in the system are necessary to thwart the attacks. A robust defence mechanism is in high demand to address these APT attacks. All the existing frameworks are based on the attack steps and stages used by the attack groups, and there is a lack of a robust defence model in cyberspace that the system defenders could use to build a strong defence mechanism. This article proposes the four-layered model, called Advanced Cyberattack Handling (ACH) reference Model. This model is created by considering four different layers to cope with the processes like data handling, characterization, detection and mitigation of the advanced cyberattacks like APTs. Furthermore, this model is flexible enough to be used by the defenders of sensitive systems to handle real-time scenarios and meet the demands of changing world.