Threat Hunting

Threat hunting is the proactive search for malicious activity within a system, aiming to identify and mitigate threats before they cause significant damage. Current research emphasizes automation through machine learning models, including graph neural networks for analyzing system logs and large language models for extracting threat intelligence from unstructured data sources like the dark web and open-source reports. This field is crucial for improving cybersecurity defenses, particularly in complex environments like cloud systems and the Internet of Things, by enabling faster threat detection and response and informing the development of more effective security measures.

Papers

November 11, 2024

Towards Characterizing Cyber Networks with Large Language Models
Alaric Hartsock, Luiz Manella Pereira, Glenn Fink
Network Programming Adversarial Behavior Attack Dataset Threat Hunting

September 13, 2024

Incorporation of Verifier Functionality in the Software for Operations and Network Attack Results Review and the Autonomous Penetration Testing System
Jordan Milbrath, Jeremy Straub
Software System Economic Operation Penetration Testing State of the Art Verifier Network Attack Threat Hunting

August 8, 2024

The Role and Applications of Airport Digital Twin in Cyberattack Protection during the Generative AI Era
Abraham Itzhak Weinberg
Financial Application Integral Role Digital Twin Cyber Attack Real World Attack Threat Hunting

July 6, 2024

LLMCloudHunter: Harnessing LLMs for Automated Extraction of Detection Rules from Cloud-Based CTI
Yuval Schwartz, Lavi Benshimol, Dudu Mimran, Yuval Elovici, Asaf Shabtai
Large Language Model Automatic Extraction Threat Intelligence Cloud Based Threat Hunting Detection Rule Adversarial Cloud

June 21, 2024

Securing the Future: Proactive Threat Hunting for Sustainable IoT Ecosystems
Saeid Ghasemshirazi, Ghazaleh Shirvani
Future Reasoning Security Measure Internet of Thing Ecosystem Threat Hunting Sustainable IoT

June 10, 2024

Siren -- Advancing Cybersecurity through Deception and Adaptive Analysis
Girish Kulathumani, Samruth Ananthanarayanan, Ganesh Narayanan
Cybersecurity Perspective Threat Word Cyber Threat Honeypot Technology Threat Hunting Hi Lo SIReN

March 15, 2024

Unsupervised Threat Hunting using Continuous Bag-of-Terms-and-Time (CBoTT)
Varol Kayhan, Shivendu Shivendu, Rouzbeh Behnia, Clinton Daniel, Manish Agrawal
Bag of Word Malicious User Threat Hunting Expert Driven Cybersecurity Instruction System Log

April 24, 2023

ThreatCrawl: A BERT-based Focused Crawler for the Cybersecurity Domain
Philipp Kuehn, Mike Schmidt, Markus Bayer, Christian Reuter
Natural Language Processing Open Source Threat Intelligence Cybersecurity Domain Threat Hunting Focused Crawler

February 21, 2023

Sedition Hunters: A Quantitative Study of the Crowdsourced Investigation into the 2021 U.S. Capitol Attack
Tianjiao Yu, Sukrit Venkatagiri, Ismini Lourentzou, Kurt Luther
Twitter Resource Social Medium Platform Social Network Analysis Quantitative Analysis Crowd Sourced Data Threat Hunting

January 8, 2022

Counteracting Dark Web Text-Based CAPTCHA with Generative Adversarial Learning for Proactive Cyber Threat Intelligence
Ning Zhang, Mohammadreza Ebrahimi, Weifeng Li, Hsinchun Chen
Generative Adversarial CAPtcha Solver Dark Web Threat Hunting Darknet Traffic

November 8, 2021

threaTrace: Detecting and Tracing Host-based Threats in Node Level Through Provenance Graph Learning
Su Wang, Zhiliang Wang, Tao Zhou, Xia Yin, Dongqi Han, Han Zhang, Hongbin Sun, Xingang Shi, Jiahai Yang
Data Detection Random Node Data Provenance Threat Hunting Host Based

Threat Hunting

Papers

Towards Characterizing Cyber Networks with Large Language Models

Incorporation of Verifier Functionality in the Software for Operations and Network Attack Results Review and the Autonomous Penetration Testing System

The Role and Applications of Airport Digital Twin in Cyberattack Protection during the Generative AI Era

LLMCloudHunter: Harnessing LLMs for Automated Extraction of Detection Rules from Cloud-Based CTI

Securing the Future: Proactive Threat Hunting for Sustainable IoT Ecosystems

Siren -- Advancing Cybersecurity through Deception and Adaptive Analysis

Unsupervised Threat Hunting using Continuous Bag-of-Terms-and-Time (CBoTT)

ThreatCrawl: A BERT-based Focused Crawler for the Cybersecurity Domain

Sedition Hunters: A Quantitative Study of the Crowdsourced Investigation into the 2021 U.S. Capitol Attack

Counteracting Dark Web Text-Based CAPTCHA with Generative Adversarial Learning for Proactive Cyber Threat Intelligence

threaTrace: Detecting and Tracing Host-based Threats in Node Level Through Provenance Graph Learning