A Trust-Aware Framework for Detecting Hidden Threat Persistence in Distributed Enterprise Networks
Main Article Content
Abstract
Advanced Persistent Threats (APTs) increasingly evade traditional signature- and rule-based defenses by mimicking legitimate user behavior over extended dwell periods, often exceeding 200 days in distributed enterprise environments. Existing intrusion detection systems (IDS) and user and entity behavior analytics (UEBA) platforms struggle to differentiate slow, low-and-slow lateral movement from benign operational drift, resulting in high false-negative rates for persistence-stage attacks. This paper proposes a Trust-Aware Hidden Threat Persistence Detection (TA-HTPD) framework that fuses dynamic, graph-based trust scoring with deep behavioral anomaly modeling and MITRE ATT&CK-aligned persistence pattern matching. The framework continuously recalibrates a Bayesian trust score for every network entity based on multi-source telemetry (endpoint, network flow, identity, and cloud audit logs), enabling early detection of trust erosion indicative of credential abuse, lateral movement, and command-and-control beaconing. We formalize the trust update model, derive an adaptive thresholding mechanism, and implement the framework on a hybrid testbed combining the CICIDS2017 dataset with a synthetically augmented lateral-movement corpus emulating a 312-host enterprise topology. Experimental results demonstrate that TA-HTPD achieves a detection precision of 0.93, recall of 0.91, and F1-score of 0.92, outperforming Isolation Forest, standalone LSTM-autoencoder, static rule-based SIEM correlation, and graph-based UEBA baselines by 18.4 to 41.6 percent in F1-score, while reducing mean detection latency for persistent threats from 19.5 hours (static SIEM) to 4.2 hours. These findings indicate that integrating dynamic trust modeling with behavioral and pattern-based detection significantly improves early-stage visibility into hidden threat persistence without proportionally increasing analyst alert volume.