Threat Trekker: An Approach to Cyber Threat Hunting

TL;DR

Threat Trekker introduces a novel machine learning approach for proactive cyber threat hunting, enabling detection of subtle attacks through real-time data processing and feedback in complex environments.

Contribution

The paper presents Threat Trekker, a new machine learning paradigm that enhances threat hunting by integrating data streaming and feedback mechanisms.

Findings

Machine learning effectively classifies subtle cyber attacks.

Real-time data streaming improves threat detection accuracy.

Feedback loops enhance threat hunting responsiveness.

Abstract

Threat hunting is a proactive methodology for exploring, detecting and mitigating cyberattacks within complex environments. As opposed to conventional detection systems, threat hunting strategies assume adversaries have infiltrated the system; as a result they proactively search out any unusual patterns or activities which might indicate intrusion attempts. Historically, this endeavour has been pursued using three investigation methodologies: (1) Hypothesis-Driven Investigations; (2) Indicator of Compromise (IOC); and (3) High-level machine learning analysis-based approaches. Therefore, this paper introduces a novel machine learning paradigm known as Threat Trekker. This proposal utilizes connectors to feed data directly into an event streaming channel for processing by the algorithm and provide feedback back into its host network. Conclusions drawn from these experiments clearly establish the efficacy of employing machine learning for classifying more subtle attacks.