Abstract: Implementations are directed to methods for detecting and identifying advanced persistent threats (APTs) in networks, including receiving first domain activity data from a first network domain and second domain activity data from a second network domain, including multiple alerts from the respective first and second network domains and where each alert of the multiple alerts results from one or more detected events in the respective first or second network domains. A classification determined for each alert of the multiple alerts with respect to a cyber kill chain. A dependency is then determined for each of one or more pairs of alerts and a graphical visualization of the multiple alerts is generated, where the graphical visualization includes multiple nodes and edges between the nodes, each node corresponding to the cyber kill chain and representing at least one alert, and each edge representing a dependency between alerts.

Abstract: Aspects disclosed in the detailed description include a microprocessor fault detection and response system. The microprocessor fault detection and response system utilizes a hardware-based fault-attack aware microprocessor extension (FAME) and a software-based trap handler for detecting and responding to a fault injection on a microprocessor. Upon detecting the fault injection, the hardware FAME switches the microprocessor from a normal mode to a safe mode and instructs the microprocessor to invoke the software-based trap handler in the safe mode. The hardware-based FAME provides fault recovery information to the software-based trap handler via a fault recovery register (FRR) for restoring the microprocessor to a fault-free state. By utilizing a combination of the hardware-based FAME and the software-based trap handler, it is possible to effectively protect the microprocessor from malicious fault attacks without significantly increasing performance and area overheads.