DeepAI AI Chat
Log In Sign Up

Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence

10/26/2020
by   Peng Gao, et al.
15

Log-based cyber threat hunting has emerged as an important solution to counter sophisticated attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external threat knowledge provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we propose ThreatRaptor, a system that facilitates threat hunting in computer systems using OSCTI. Built upon system auditing frameworks, ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, (3) a query synthesis mechanism that automatically synthesizes a TBQL query for hunting, and (4) an efficient query execution engine to search the big audit logging data. Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.

READ FULL TEXT

page 1

page 2

page 3

page 4

01/17/2021

A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence

Log-based cyber threat hunting has emerged as an important solution to c...
12/20/2022

ThreatKG: A Threat Knowledge Graph for Automated Open-Source Cyber Threat Intelligence Gathering and Management

Despite the increased adoption of open-source cyber threat intelligence ...
01/18/2020

Research Directions in Cyber Threat Intelligence

Cyber threat intelligence is a relatively new field that has grown from ...
02/16/2022

CGraph: Graph Based Extensible Predictive Domain Threat Intelligence Platform

Ability to effectively investigate indicators of compromise and associat...
04/23/2021

Automating Cyber Threat Hunting Using NLP, Automated Query Generation, and Genetic Perturbation

Scaling the cyber hunt problem poses several key technical challenges. D...
11/10/2022

Zebra: Deeply Integrating System-Level Provenance Search and Tracking for Efficient Attack Investigation

System auditing has emerged as a key approach for monitoring system call...
08/03/2018

Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors fo...