Cyber threat hunting: a cognitive endpoint behavior analytic system

Par Conseil national de recherches du Canada

Téléchargement	Voir la version finale : Cyber threat hunting: a cognitive endpoint behavior analytic system (PDF, 835 Kio)
DOI	Trouver le DOI : https://doi.org/10.4018/IJCINI.20211001.oa9
Auteur	Rechercher : Khan, Muhammad Salman; Rechercher : Richard, Rene¹Identifiant ORCID : https://orcid.org/0000-0002-1342-6225; Rechercher : Molyneaux, Heather¹; Rechercher : Cote-Martel, Danick; Rechercher : Kamalanathan Elango, Henry Jackson¹; Rechercher : Livingstone, Steve; Rechercher : Gaudet, Manon¹Identifiant ORCID : https://orcid.org/0000-0002-2119-9149; Rechercher : Trask, Dave
Affiliation	Conseil national de recherches du Canada. Technologies numériques
Format	Texte, Article
Sujet	cognitive analysis; cognitive command and control; cognitive machine learning; cyber security operation center; cyber threats; endpoint behavior; prediction; SARIMA; streaming; time series; training
Résumé	Security and Information Event Management (SIEM) systems require significant manual input; SIEM tools with machine learning minimizes this effort but are reactive and only effective if known attack patterns are captured by the configured rules and queries. Cyber threat hunting, a proactive method of detecting cyber threats without necessarily knowing the rules or pre-defined knowledge of threats, still requires significant manual effort and is largely missing the required machine intelligence to deploy autonomous analysis. This paper proposes a novel and interactive cognitive and predictive threat-hunting prototype tool to minimize manual configuration tasks by using machine intelligence and autonomous analytical capabilities. This tool adds proactive threat-hunting capabilities by extracting unique network communication behaviors from multiple endpoints autonomously while also providing an interactive UI with minimal configuration requirements and various cognitive visualization techniques to help cyber experts quickly spot events of cyber significance from high-dimensional data.
Date de publication	2021-10
Maison d’édition	IGI Global
Licence	Creative Commons Attribution 4.0 International (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/deed.fr
Dans	International Journal of Cognitive Informatics and Natural Intelligence 15, nº 4, 9 (octobre 2021) : 1–23.
Langue	anglais
Publications évaluées par des pairs	Oui
Exporter la notice	Exporter en format RIS
Signaler une correction	Signaler une correction (s'ouvre dans un nouvel onglet)
Identificateur de l’enregistrement	caad1d5e-950c-42bf-a0f6-90f302579b8c
Enregistrement créé	2023-06-09
Enregistrement modifié	2023-06-09

Date de modification :: 2024-07-21