Viral News

Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence. (arXiv:2010.13637v2 [cs.CR] UPDATED)

[Submitted on 26 Oct 2020 (v1), last revised 25 Feb 2021 (this version, v2)]

Download PDF

Abstract: Log-based cyber threat hunting has emerged as an important solution to
counter sophisticated attacks. However, existing approaches require non-trivial
efforts of manual query construction and have overlooked the rich external
threat knowledge provided by open-source Cyber Threat Intelligence (OSCTI). To
bridge the gap, we propose ThreatRaptor, a system that facilitates threat
hunting in computer systems using OSCTI. Built upon system auditing frameworks,
ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP
pipeline that extracts structured threat behaviors from unstructured OSCTI
text, (2) a concise and expressive domain-specific query language, TBQL, to
hunt for malicious system activities, (3) a query synthesis mechanism that
automatically synthesizes a TBQL query for hunting, and (4) an efficient query
execution engine to search the big audit logging data. Evaluations on a broad
set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in
practical threat hunting.

Submission history

From: Peng Gao [view email]

Mon, 26 Oct 2020 14:54:01 UTC (598 KB)

Thu, 25 Feb 2021 06:20:46 UTC (496 KB)

Read More

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker