DeepAI AI Chat
Log In Sign Up

Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence

by   Peng Gao, et al.

Log-based cyber threat hunting has emerged as an important solution to counter sophisticated attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external threat knowledge provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we propose ThreatRaptor, a system that facilitates threat hunting in computer systems using OSCTI. Built upon system auditing frameworks, ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, (3) a query synthesis mechanism that automatically synthesizes a TBQL query for hunting, and (4) an efficient query execution engine to search the big audit logging data. Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.


page 1

page 2

page 3

page 4


A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence

Log-based cyber threat hunting has emerged as an important solution to c...

ThreatKG: A Threat Knowledge Graph for Automated Open-Source Cyber Threat Intelligence Gathering and Management

Despite the increased adoption of open-source cyber threat intelligence ...

Research Directions in Cyber Threat Intelligence

Cyber threat intelligence is a relatively new field that has grown from ...

CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform

Ability to effectively investigate indicators of compromise and associat...

Automating Cyber Threat Hunting Using NLP, Automated Query Generation, and Genetic Perturbation

Scaling the cyber hunt problem poses several key technical challenges. D...

Zebra: Deeply Integrating System-Level Provenance Search and Tracking for Efficient Attack Investigation

System auditing has emerged as a key approach for monitoring system call...

Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors fo...