Heimdall: Machine Learning-Driven Attack Correlation and Forensic Intelligence for Enterprise Cybersecurity

Authors

  • J. Rajeshwar Department of Computer Science and Engineering, CMR College of Engineering & Technology, Telangana, India Author
  • Yaddanapudi Vishnu Srivatsava Department of Computer Science and Engineering, CMR College of Engineering & Technology, Telangana, India Author
  • Sai Kiran B L S Department of Computer Science and Engineering, CMR College of Engineering & Technology, Telangana, India Author
  • Dasari Ajay Department of Computer Science and Engineering, CMR College of Engineering & Technology, Telangana, India Author

DOI:

https://doi.org/10.21467/proceedings.7.6.14

Keywords:

Digital Forensics, Machine Learning, Cybersecurity

Abstract

Heimdall is a cyber attack detection system that joins digital forensics with security frameworks such as MITRE ATT&CK and the Cyber Kill Chain (CKC). In comparison to traditional signature based tools (e.g. McAfee, Symantec) or static machine learning models (e.g. IBM QRadar, Cisco SecureX), Heimdall finds new threats including advanced persistent threats (APTs) and zero day vulnerabilities. By checking system logs, files as well as network activity, it finds attack methods in real time placing them in CKC phases for better threat visibility. This allows security teams to see an attack’s advance and act fast. Heimdall also rebuilds attack timelines by linking diverse data points helping organizations uncover threats early and lower risks before major damage results.

References

[1] A. Dimitriadis, E. Lontzetidis, B. Kulvatunyou, N. Ivezic, D. Gritzalis, and I. Mavridis, ”Fronesis: Digital Forensics-Based Early Detection of Ongoing Cyber-Attacks,” IEEE Access, vol. 11, pp. 728-743, 2022.

[2] M. P. Barrett, ”Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1,” NIST Nat. Inst. Standards Technol., Gaithersburg, MD, USA, Tech. Rep. CSWP 04162018, Apr. 2018.

[3] C. Liu, A. Singhal, and D. Wijesekera, ”Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments,” in Proc. IFIP Int. Conf. Digit. Forensics, New Delhi, India: Springer, 2020, pp. 161–180.

[4] MANDIANT, ”M-Trends 2021: Insights Into Today’s Top Cyber Trends and Attacks,” Accessed: Sep. 5, 2021.

[5] B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas, ”MITRE ATT&CK: Design and Philosophy,” The MITRE Corporation, McLean, VA, USA, Tech. Rep. 10AOH08A-JC, Mar. 2020.

[6] P. G. Bradford and N. Hu, ”A Layered Approach to Insider Threat Detection and Proactive Forensics,” in Proc. 21st Annu. Comput. Secur. Appl. Conf. (Technology Blitz), 2005.

Downloads

Published

2025-11-21

Issue

Vol. 7 No. 6 (2025): Proceedings of the 3rd International Conference on Artificial Intelligence, Machine Learning and Cybersecurity

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

[1]
J. Rajeshwar, Y. V. Srivatsava, S. K. B L S, and D. Ajay, “Heimdall: Machine Learning-Driven Attack Correlation and Forensic Intelligence for Enterprise Cybersecurity”, AIJR Proc., vol. 7, no. 6, pp. 108–114, Nov. 2025, doi: 10.21467/proceedings.7.6.14.