Threat Trekker: An Approach to Cyber Threat Hunting

• URL: http://arxiv.org/abs/2310.04197v1
• Date: Fri, 6 Oct 2023 12:29:41 GMT
• Title: Threat Trekker: An Approach to Cyber Threat Hunting
• Authors: Ángel Casanova Bienzobas, Alfonso Sánchez-Macián,
• Abstract summary: Threat hunting is a proactive methodology for exploring, detecting and mitigating cyberattacks. This paper introduces a novel machine learning paradigm known as Threat Trekker.
• Score: 0.5371337604556311
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Threat hunting is a proactive methodology for exploring, detecting and mitigating cyberattacks within complex environments. As opposed to conventional detection systems, threat hunting strategies assume adversaries have infiltrated the system; as a result they proactively search out any unusual patterns or activities which might indicate intrusion attempts. Historically, this endeavour has been pursued using three investigation methodologies: (1) Hypothesis-Driven Investigations; (2) Indicator of Compromise (IOC); and (3) High-level machine learning analysis-based approaches. Therefore, this paper introduces a novel machine learning paradigm known as Threat Trekker. This proposal utilizes connectors to feed data directly into an event streaming channel for processing by the algorithm and provide feedback back into its host network. Conclusions drawn from these experiments clearly establish the efficacy of employing machine learning for classifying more subtle attacks.

Related papers

• Time-Aware Face Anti-Spoofing with Rotation Invariant Local Binary Patterns and Deep Learning [50.79277723970418]
  imitation attacks can lead to erroneous identification and subsequent authentication of attackers. Similar to face recognition, imitation attacks can also be detected with Machine Learning. We propose a novel approach that promises high classification accuracy by combining previously unused features with time-aware deep learning strategies.
  arXiv  Detail & Related papers  (2024-08-27T07:26:10Z)
• Multi-stage Attack Detection and Prediction Using Graph Neural Networks: An IoT Feasibility Study [2.5325901958283126]
  This paper proposes a novel 3-stage intrusion detection system inspired by a simplified version of the Lockheed Martin cyber kill chain. The proposed approach consists of three models, each responsible for detecting a group of attacks with common characteristics. Using the ToN IoT dataset, we achieved an average of 94% F1-Score among different stages, outperforming the benchmark approaches.
  arXiv  Detail & Related papers  (2024-04-28T22:11:24Z)
• Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey [114.17568992164303]
  Adrial attacks and defenses in machine learning and deep neural network have been gaining significant attention. This survey provides a comprehensive overview of the recent advancements in the field of adversarial attack and defense techniques. New avenues of attack are also explored, including search-based, decision-based, drop-based, and physical-world attacks.
  arXiv  Detail & Related papers  (2023-03-11T04:19:31Z)
• Prepare for Trouble and Make it Double. Supervised and Unsupervised Stacking for AnomalyBased Intrusion Detection [4.56877715768796]
  We propose the adoption of meta-learning, in the form of a two-layer Stacker, to create a mixed approach that detects both known and unknown threats. It turns out to be more effective in detecting zero-day attacks than supervised algorithms, limiting their main weakness but still maintaining adequate capabilities in detecting known attacks.
  arXiv  Detail & Related papers  (2022-02-28T08:41:32Z)
• Detect & Reject for Transferability of Black-box Adversarial Attacks Against Network Intrusion Detection Systems [0.0]
  We investigate the transferability of adversarial network traffic against machine learning-based intrusion detection systems. We examine Detect & Reject as a defensive mechanism to limit the effect of the transferability property of adversarial network traffic against machine learning-based intrusion detection systems.
  arXiv  Detail & Related papers  (2021-12-22T17:54:54Z)
• A Heterogeneous Graph Learning Model for Cyber-Attack Detection [4.559898668629277]
  A cyber-attack is a malicious attempt by hackers to breach the target information system. This paper proposes an intelligent cyber-attack detection method based on provenance data. Experiment results show that the proposed method outperforms other learning based detection models.
  arXiv  Detail & Related papers  (2021-12-16T16:03:39Z)
• Adversarial Robustness of Deep Reinforcement Learning based Dynamic Recommender Systems [50.758281304737444]
  We propose to explore adversarial examples and attack detection on reinforcement learning-based interactive recommendation systems. We first craft different types of adversarial examples by adding perturbations to the input and intervening on the casual factors. Then, we augment recommendation systems by detecting potential attacks with a deep learning-based classifier based on the crafted data.
  arXiv  Detail & Related papers  (2021-12-02T04:12:24Z)
• Evidential Cyber Threat Hunting [4.1535961847899925]
  A formal cyber reasoning framework for automating the threat hunting process is described. The new cyber reasoning methodology introduces an operational semantics that operates over three subspaces. An implementation of this framework shows that the approach is practical and can be used to generalize evidence-based multi-criteria threat investigations.
  arXiv  Detail & Related papers  (2021-04-21T02:38:29Z)
• Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence [94.94833077653998]
  ThreatRaptor is a system that facilitates threat hunting in computer systems using open-source Cyber Threat Intelligence (OSCTI) It extracts structured threat behaviors from unstructured OSCTI text and uses a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities. Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
  arXiv  Detail & Related papers  (2020-10-26T14:54:01Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)
• Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process [63.75363908696257]
  We review the methods that have been applied to network data with the purpose of developing an intrusion detector. We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods. As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
  arXiv  Detail & Related papers  (2020-01-27T11:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.