DeepAI AI Chat
Log In Sign Up

A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence

by   Peng Gao, et al.

Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external knowledge about threat behaviors provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI. Built upon mature system auditing frameworks, ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors, and (4) an efficient query execution engine to search the big system audit logging data.


page 1

page 2

page 3

page 4


Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence

Log-based cyber threat hunting has emerged as an important solution to c...

Automating Cyber Threat Hunting Using NLP, Automated Query Generation, and Genetic Perturbation

Scaling the cyber hunt problem poses several key technical challenges. D...

Towards Effective Cybercrime Intervention

Cybercrimes are on the rise, in part due to technological advancements, ...

A Query Tool for Efficiently Investigating Risky Software Behaviors

Advanced Persistent Threat (APT) attacks are sophisticated and stealthy,...

CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform

Ability to effectively investigate indicators of compromise and associat...

Recognizing and Extracting Cybersecurtity-relevant Entities from Text

Cyber Threat Intelligence (CTI) is information describing threat vectors...

Evidential Cyber Threat Hunting

A formal cyber reasoning framework for automating the threat hunting pro...