Cyber Threat Hunting: A Cognitive Endpoint Behavior Analytic System

IF 0.6 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE International Journal of Cognitive Informatics and Natural Intelligence Pub Date : 2021-10-01 DOI:10.4018/ijcini.20211001.oa9

Muhammad Salman Khan, Rene Richard, Heather Molyneaux, Danick Cote-Martel, Henry Jackson Kamalanathan Elango, Steve Livingstone, Manon Gaudet, David V. Trask

{"title":"Cyber Threat Hunting: A Cognitive Endpoint Behavior Analytic System","authors":"Muhammad Salman Khan, Rene Richard, Heather Molyneaux, Danick Cote-Martel, Henry Jackson Kamalanathan Elango, Steve Livingstone, Manon Gaudet, David V. Trask","doi":"10.4018/ijcini.20211001.oa9","DOIUrl":null,"url":null,"abstract":"Security and Information Event Management (SIEM) systems require significant manual input; SIEM tools with machine learning minimizes this effort but are reactive and only effective if known attack patterns are captured by the configured rules and queries. Cyber threat hunting, a proactive method of detecting cyber threats without necessarily knowing the rules or pre-defined knowledge of threats, still requires significant manual effort and is largely missing the required machine intelligence to deploy autonomous analysis. This paper proposes a novel and interactive cognitive and predictive threat-hunting prototype tool to minimize manual configuration tasks by using machine intelligence and autonomous analytical capabilities. This tool adds proactive threat-hunting capabilities by extracting unique network communication behaviors from multiple endpoints autonomously while also providing an interactive UI with minimal configuration requirements and various cognitive visualization techniques to help cyber experts quickly spot events of cyber significance from high-dimensional data.","PeriodicalId":43637,"journal":{"name":"International Journal of Cognitive Informatics and Natural Intelligence","volume":"11 I 1","pages":"1-23"},"PeriodicalIF":0.6000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Cognitive Informatics and Natural Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijcini.20211001.oa9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 1

Abstract

Security and Information Event Management (SIEM) systems require significant manual input; SIEM tools with machine learning minimizes this effort but are reactive and only effective if known attack patterns are captured by the configured rules and queries. Cyber threat hunting, a proactive method of detecting cyber threats without necessarily knowing the rules or pre-defined knowledge of threats, still requires significant manual effort and is largely missing the required machine intelligence to deploy autonomous analysis. This paper proposes a novel and interactive cognitive and predictive threat-hunting prototype tool to minimize manual configuration tasks by using machine intelligence and autonomous analytical capabilities. This tool adds proactive threat-hunting capabilities by extracting unique network communication behaviors from multiple endpoints autonomously while also providing an interactive UI with minimal configuration requirements and various cognitive visualization techniques to help cyber experts quickly spot events of cyber significance from high-dimensional data.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

网络威胁狩猎:认知端点行为分析系统

安全和信息事件管理(SIEM)系统需要大量的人工输入;带有机器学习的SIEM工具可以最大限度地减少这种工作量，但只有在配置的规则和查询捕获已知的攻击模式时，SIEM工具才会有效。网络威胁搜索是一种主动检测网络威胁的方法，无需了解规则或预定义的威胁知识，仍然需要大量的人工努力，并且在很大程度上缺乏部署自主分析所需的机器智能。本文提出了一种新颖的交互式认知和预测威胁搜索原型工具，利用机器智能和自主分析能力，最大限度地减少人工配置任务。该工具通过从多个端点自动提取独特的网络通信行为，增加了主动威胁搜索功能，同时还提供了具有最小配置要求的交互式UI和各种认知可视化技术，帮助网络专家从高维数据中快速发现具有网络意义的事件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Cognitive Informatics and Natural Intelligence COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-

CiteScore

2.00

自引率

11.10%

发文量

期刊介绍： The International Journal of Cognitive Informatics and Natural Intelligence (IJCINI) encourages submissions that transcends disciplinary boundaries, and is devoted to rapid publication of high quality papers. The themes of IJCINI are natural intelligence, autonomic computing, and neuroinformatics. IJCINI is expected to provide the first forum and platform in the world for researchers, practitioners, and graduate students to investigate cognitive mechanisms and processes of human information processing, and to stimulate the transdisciplinary effort on cognitive informatics and natural intelligent research and engineering applications.