A survey on threat hunting in enterprise networks
With the rapidly evolving technological landscape, the huge development of the Internet of
Things, and the embracing of digital transformation, the world is witnessing an explosion in …
Things, and the embracing of digital transformation, the world is witnessing an explosion in …
[HTML][HTML] Evolving techniques in cyber threat hunting: A systematic review
In the rapidly changing cybersecurity landscape, threat hunting has become a critical
proactive defense against sophisticated cyber threats. While traditional security measures …
proactive defense against sophisticated cyber threats. While traditional security measures …
Future Horizons: AI-Enhanced Threat Detection in Cloud Environments: Unveiling Opportunities for Research
In this extensive and comprehensive review paper, we delve into the dynamic landscape of
artificial intelligence (AI)-enhanced threat detection within cloud environments. The …
artificial intelligence (AI)-enhanced threat detection within cloud environments. The …
Holmes: real-time apt detection through correlation of suspicious information flows
In this paper, we present HOLMES, a system that implements a new approach to the
detection of Advanced and Persistent Threats (APTs). HOLMES is inspired by several case …
detection of Advanced and Persistent Threats (APTs). HOLMES is inspired by several case …
Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might
have compromised an enterprise network for a long time without being discovered. To have …
have compromised an enterprise network for a long time without being discovered. To have …
Combating dependence explosion in forensic analysis using alternative tag propagation semantics
We are witnessing a rapid escalation in targeted cyber-attacks called Advanced and
Persistent Threats (APTs). Carried out by skilled adversaries, these attacks take place over …
Persistent Threats (APTs). Carried out by skilled adversaries, these attacks take place over …
Deepcase: Semi-supervised contextual analysis of security events
Security monitoring systems detect potentially malicious activities in IT infrastructures, by
either looking for known signatures or for anomalous behaviors. Security operators …
either looking for known signatures or for anomalous behaviors. Security operators …
TIMiner: Automatically extracting and analyzing categorized cyber threat intelligence from social data
Security organizations increasingly rely on Cyber Threat Intelligence (CTI) sharing to
enhance resilience against cyber threats. However, its effectiveness remains dubious due to …
enhance resilience against cyber threats. However, its effectiveness remains dubious due to …
{PROGRAPHER}: An Anomaly Detection System based on Provenance Graph Embedding
In recent years, the Advanced Persistent Threat (APT), which involves complex and
malicious actions over a long period, has become one of the biggest threats against the …
malicious actions over a long period, has become one of the biggest threats against the …
Threat detection and investigation with system-level provenance graphs: A survey
With the development of information technology, the border of the cyberspace gets much
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …
broader and thus also exposes increasingly more vulnerabilities to attackers. Traditional …