Enhancing Cyber Threat Hunting -- A Visual Approach with the Forensic Visualization Toolkit
- URL: http://arxiv.org/abs/2509.09185v1
- Date: Thu, 11 Sep 2025 06:53:45 GMT
- Title: Enhancing Cyber Threat Hunting -- A Visual Approach with the Forensic Visualization Toolkit
- Authors: Jihane Najar, Marinos Tsantekidis, Aris Sotiropoulos, Vassilis Prevelakis,
- Abstract summary: In today's dynamic cyber threat landscape, organizations must take proactive steps to bolster their cybersecurity defenses.<n>Rather than waiting for automated security systems to flag potential threats, threat hunting involves actively searching for signs of malicious activity within an organization's network.<n>We present the Forensic Visualization Toolkit, a powerful tool designed for digital forensics investigations, analysis of digital evidence, and advanced visualizations to enhance cybersecurity situational awareness and risk management.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: In today's dynamic cyber threat landscape, organizations must take proactive steps to bolster their cybersecurity defenses. Cyber threat hunting is a proactive and iterative process aimed at identifying and mitigating advanced threats that may go undetected by traditional security measures. Rather than waiting for automated security systems to flag potential threats, threat hunting involves actively searching for signs of malicious activity within an organization's network. In this paper, we present the Forensic Visualization Toolkit, a powerful tool designed for digital forensics investigations, analysis of digital evidence, and advanced visualizations to enhance cybersecurity situational awareness and risk management and empower security analysts with an intuitive and interactive tool. Through practical, real-world scenarios, we demonstrate how FVT significantly amplifies the capabilities of cybersecurity professionals, enabling them to effectively identify, analyze, and respond to threats. Furthermore, it is important to highlight that FVT has been integrated into, utilized, and continually enhanced within various EU-funded research projects over recent years.
Related papers
- Towards a Cognitive-Support Tool for Threat Hunters [42.97840843148333]
Cybersecurity increasingly relies on threat hunters to proactively identify adversarial activity.<n>The cognitive work underlying threat hunting remains underexplored or insufficiently supported by existing tools.<n>We present a prototype tool that operationalizes design propositions by enabling threat hunters to externalize reasoning.
arXiv Detail & Related papers (2026-01-31T01:02:58Z) - Techniques of Modern Attacks [51.56484100374058]
Advanced Persistent Threats (APTs) represent a complex method of attack aimed at specific targets.<n>I will investigate both the attack life cycle and cutting-edge detection and defense strategies proposed in recent academic research.<n>I aim to highlight the strengths and limitations of each approach and propose more adaptive APT mitigation strategies.
arXiv Detail & Related papers (2026-01-19T22:15:25Z) - Cyber Threat Hunting: Non-Parametric Mining of Attack Patterns from Cyber Threat Intelligence for Precise Threats Attribution [0.0]
We propose a machine learning based approach featuring visually interactive analytics tool named the Cyber-Attack Pattern Explorer (CAPE)<n>In the proposed system, a non-parametric mining technique is proposed to create a dataset for identifying the attack patterns within cyber threat intelligence documents.<n>The extracted dataset is used for training of proposed machine learning algorithms that enables the attribution of cyber threats with respective to the actors.
arXiv Detail & Related papers (2025-09-15T06:15:22Z) - Exploring the Role of Large Language Models in Cybersecurity: A Systematic Survey [25.73174314007904]
Traditional cybersecurity approaches are struggling to adapt to the rapidly evolving nature of modern cyberattacks.<n>The emergence of Large Language Model (LLM) provides an innovative solution to cope with the increasingly severe cyber threats.<n> exploring how to effectively use LLM to defend against cyberattacks has become a hot topic in the current research field.
arXiv Detail & Related papers (2025-04-22T06:28:08Z) - Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically.
Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations.
This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z) - Siren -- Advancing Cybersecurity through Deception and Adaptive Analysis [0.0]
This project employs sophisticated methods to lure potential threats into controlled environments.<n>The architectural framework includes a link monitoring proxy, a purpose-built machine learning model for dynamic link analysis.<n>The incorporation of simulated user activity extends the system's capacity to capture and learn from potential attackers.
arXiv Detail & Related papers (2024-06-10T12:47:49Z) - The MESA Security Model 2.0: A Dynamic Framework for Mitigating Stealth Data Exfiltration [0.0]
Stealth Data Exfiltration is a significant cyber threat characterized by covert infiltration, extended undetectability, and unauthorized dissemination of confidential data.
Our findings reveal that conventional defense-in-depth strategies often fall short in combating these sophisticated threats.
As we navigate this complex landscape, it is crucial to anticipate potential threats and continually update our defenses.
arXiv Detail & Related papers (2024-05-17T16:14:45Z) - SEvenLLM: Benchmarking, Eliciting, and Enhancing Abilities of Large Language Models in Cyber Threat Intelligence [27.550484938124193]
This paper introduces a framework to benchmark, elicit, and improve cybersecurity incident analysis and response abilities.
We create a high-quality bilingual instruction corpus by crawling cybersecurity raw text from cybersecurity websites.
The instruction dataset SEvenLLM-Instruct is used to train cybersecurity LLMs with the multi-task learning objective.
arXiv Detail & Related papers (2024-05-06T13:17:43Z) - Physical Adversarial Attacks for Surveillance: A Survey [40.81031907691243]
This paper reviews recent attempts and findings in learning and designing physical adversarial attacks for surveillance applications.
In particular, we propose a framework to analyze physical adversarial attacks and provide a comprehensive survey of physical adversarial attacks on four key surveillance tasks.
The insights in this paper present an important step in building resilience within surveillance systems to physical adversarial attacks.
arXiv Detail & Related papers (2023-05-01T20:19:59Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.