ATHAFI: Agile Threat Hunting And Forensic Investigation

03/07/2020
by   Rami Puzis, et al.
0

Attackers rapidly change their attacks to evade detection. Even the most sophisticated Intrusion Detection Systems that are based on artificial intelligence and advanced data analytic cannot keep pace with the rapid development of new attacks. When standard detection mechanisms fail or do not provide sufficient forensic information to investigate and mitigate attacks, targeted threat hunting performed by competent personnel is used. Unfortunately, many organization do not have enough security analysts to perform threat hunting tasks and today the level of automation of threat hunting is low. In this paper we describe a framework for agile threat hunting and forensic investigation (ATHAFI), which automates the threat hunting process at multiple levels. Adaptive targeted data collection, attack hypotheses generation, hypotheses testing, and continuous threat intelligence feeds allow to perform simple investigations in a fully automated manner. The increased level of automation will significantly boost the analyst's productivity during investigation of the harshest cases. Special Workflow Generation module adapts the threat hunting procedures either to the latest Threat Intelligence obtained from external sources (e.g. National CERT) or to the likeliest attack hypotheses generated by the Attack Hypotheses Generation module. The combination of Attack Hypotheses Generation and Workflows Generation enables intelligent adjustment of workflows, which react to emerging threats effectively.

READ FULL TEXT

page 1

page 4

page 7

research
02/03/2022

Design and Development of Automated Threat Hunting in Industrial Control Systems

Traditional industrial systems, e.g., power plants, water treatment plan...
research
06/02/2020

Threat Detection and Investigation with System-level Provenance Graphs: A Survey

With the development of information technology, the border of the cybers...
research
07/08/2020

Agile Approach for IT Forensics Management

The forensic investigation of cyber attacks and IT incidents is becoming...
research
03/27/2021

Strategically-Motivated Advanced Persistent Threat: Definition, Process, Tactics and a Disinformation Model of Counterattack

Advanced persistent threat (APT) is widely acknowledged to be the most s...
research
01/16/2022

Adversarial Machine Learning Threat Analysis in Open Radio Access Networks

The Open Radio Access Network (O-RAN) is a new, open, adaptive, and inte...
research
09/25/2018

A Framework for Data-Driven Physical Security and Insider Threat Detection

This paper presents PS0, an ontological framework and a methodology for ...
research
09/22/2021

An Investigation And Insight Into Terrorism In Nigeria

Terrorism is one of the most serious life-challenging threat facing huma...

Please sign up or login with your details

Forgot password? Click here to reset