A survey on threat hunting in enterprise networks

B Nour, M Pourzandi, M Debbabi - … Communications Surveys & …, 2023 - ieeexplore.ieee.org
With the rapidly evolving technological landscape, the huge development of the Internet of
Things, and the embracing of digital transformation, the world is witnessing an explosion in …

[HTML][HTML] Evolving techniques in cyber threat hunting: A systematic review

A Mahboubi, K Luong, H Aboutorab, HT Bui… - Journal of Network and …, 2024 - Elsevier
In the rapidly changing cybersecurity landscape, threat hunting has become a critical
proactive defense against sophisticated cyber threats. While traditional security measures …

Future Horizons: AI-Enhanced Threat Detection in Cloud Environments: Unveiling Opportunities for Research

H Arif, A Kumar, M Fahad… - International Journal of …, 2024 - jurnal.itscience.org
In this extensive and comprehensive review paper, we delve into the dynamic landscape of
artificial intelligence (AI)-enhanced threat detection within cloud environments. The …

Holmes: real-time apt detection through correlation of suspicious information flows

SM Milajerdi, R Gjomemo, B Eshete… - … IEEE Symposium on …, 2019 - ieeexplore.ieee.org
In this paper, we present HOLMES, a system that implements a new approach to the
detection of Advanced and Persistent Threats (APTs). HOLMES is inspired by several case …

Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting

SM Milajerdi, B Eshete, R Gjomemo… - Proceedings of the …, 2019 - dl.acm.org
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might
have compromised an enterprise network for a long time without being discovered. To have …

Combating dependence explosion in forensic analysis using alternative tag propagation semantics

MN Hossain, S Sheikhi, R Sekar - 2020 IEEE Symposium on …, 2020 - ieeexplore.ieee.org
We are witnessing a rapid escalation in targeted cyber-attacks called Advanced and
Persistent Threats (APTs). Carried out by skilled adversaries, these attacks take place over …

Deepcase: Semi-supervised contextual analysis of security events

T Van Ede, H Aghakhani, N Spahn… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Security monitoring systems detect potentially malicious activities in IT infrastructures, by
either looking for known signatures or for anomalous behaviors. Security operators …

TIMiner: Automatically extracting and analyzing categorized cyber threat intelligence from social data

J Zhao, Q Yan, J Li, M Shao, Z He, B Li - Computers & Security, 2020 - Elsevier
Security organizations increasingly rely on Cyber Threat Intelligence (CTI) sharing to
enhance resilience against cyber threats. However, its effectiveness remains dubious due to …

{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding

F Yang, J Xu, C Xiong, Z Li, K Zhang - 32nd USENIX Security …, 2023 - usenix.org
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …

Threat detection and investigation with system-level provenance graphs: A survey

Z Li, QA Chen, R Yang, Y Chen, W Ruan - Computers & Security, 2021 - Elsevier
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …