Cyber Threat Hunting: A Cognitive Endpoint Behavior Analytic System

Pub Date : 2021-10-01 DOI:10.4018/ijcini.20211001.oa9
Muhammad Salman Khan, Rene Richard, Heather Molyneaux, Danick Cote-Martel, Henry Jackson Kamalanathan Elango, Steve Livingstone, Manon Gaudet, David V. Trask
{"title":"Cyber Threat Hunting: A Cognitive Endpoint Behavior Analytic System","authors":"Muhammad Salman Khan, Rene Richard, Heather Molyneaux, Danick Cote-Martel, Henry Jackson Kamalanathan Elango, Steve Livingstone, Manon Gaudet, David V. Trask","doi":"10.4018/ijcini.20211001.oa9","DOIUrl":null,"url":null,"abstract":"Security and Information Event Management (SIEM) systems require significant manual input; SIEM tools with machine learning minimizes this effort but are reactive and only effective if known attack patterns are captured by the configured rules and queries. Cyber threat hunting, a proactive method of detecting cyber threats without necessarily knowing the rules or pre-defined knowledge of threats, still requires significant manual effort and is largely missing the required machine intelligence to deploy autonomous analysis. This paper proposes a novel and interactive cognitive and predictive threat-hunting prototype tool to minimize manual configuration tasks by using machine intelligence and autonomous analytical capabilities. This tool adds proactive threat-hunting capabilities by extracting unique network communication behaviors from multiple endpoints autonomously while also providing an interactive UI with minimal configuration requirements and various cognitive visualization techniques to help cyber experts quickly spot events of cyber significance from high-dimensional data.","PeriodicalId":0,"journal":{"name":"","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijcini.20211001.oa9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Security and Information Event Management (SIEM) systems require significant manual input; SIEM tools with machine learning minimizes this effort but are reactive and only effective if known attack patterns are captured by the configured rules and queries. Cyber threat hunting, a proactive method of detecting cyber threats without necessarily knowing the rules or pre-defined knowledge of threats, still requires significant manual effort and is largely missing the required machine intelligence to deploy autonomous analysis. This paper proposes a novel and interactive cognitive and predictive threat-hunting prototype tool to minimize manual configuration tasks by using machine intelligence and autonomous analytical capabilities. This tool adds proactive threat-hunting capabilities by extracting unique network communication behaviors from multiple endpoints autonomously while also providing an interactive UI with minimal configuration requirements and various cognitive visualization techniques to help cyber experts quickly spot events of cyber significance from high-dimensional data.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
网络威胁狩猎:认知端点行为分析系统
安全和信息事件管理(SIEM)系统需要大量的人工输入;带有机器学习的SIEM工具可以最大限度地减少这种工作量,但只有在配置的规则和查询捕获已知的攻击模式时,SIEM工具才会有效。网络威胁搜索是一种主动检测网络威胁的方法,无需了解规则或预定义的威胁知识,仍然需要大量的人工努力,并且在很大程度上缺乏部署自主分析所需的机器智能。本文提出了一种新颖的交互式认知和预测威胁搜索原型工具,利用机器智能和自主分析能力,最大限度地减少人工配置任务。该工具通过从多个端点自动提取独特的网络通信行为,增加了主动威胁搜索功能,同时还提供了具有最小配置要求的交互式UI和各种认知可视化技术,帮助网络专家从高维数据中快速发现具有网络意义的事件。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1