A Survey on Threat Hunting in Enterprise Networks

被引:13
|
作者
Nour, Boubakr [1 ,2 ]
Pourzandi, Makan [2 ]
Debbabi, Mourad [1 ]
机构
[1] Concordia Univ, Concordia Inst Informat Syst Engn, Gina Cody Sch Engn & Comp Sci, Montreal, PQ H3G 1M8, Canada
[2] Ericsson, GFTL Secur Res, Montreal, PQ H4S 0B6, Canada
来源
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS | 2023年 / 25卷 / 04期
关键词
Security; Surveys; Threat modeling; Computer security; Tutorials; Systematics; Organizations; Cybersecurity; cyber threat intelligence; threat hunting; threat detection; INTRUSION DETECTION; ARTIFICIAL-INTELLIGENCE; SECURITY; CHALLENGES; CYBERSECURITY; FRAMEWORK; PREDICTION; ANALYTICS; INTERNET;
D O I
10.1109/COMST.2023.3299519
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With the rapidly evolving technological landscape, the huge development of the Internet of Things, and the embracing of digital transformation, the world is witnessing an explosion in data generation and a rapid evolution of new applications that lead to new, wider, and more sophisticated threats that are complex and hard to be detected. Advanced persistence threats use continuous, clandestine, and sophisticated techniques to gain access to a system and remain hidden for a prolonged period of time, with potentially destructive consequences. Those stealthy attacks are often not detectable by advanced intrusion detection systems (e.g., LightBasin attack was detected in 2022 and has been active since 2016). Indeed, threat actors are able to quickly and intelligently alter their tactics to avoid being detected by security defense lines (e.g., prevention and detection mechanisms). In response to these evolving threats, organizations need to adopt new proactive defense approaches. Threat hunting is a proactive security line exercised to uncover stealthy attacks, malicious activities, and suspicious entities that could circumvent standard detection mechanisms. Additionally, threat hunting is an iterative approach to generate and revise threat hypotheses endeavoring to provide early attack detection in a proactive way. The proactiveness consists of testing and validating the initial hypothesis using various manual and automated tools/techniques with the objective of confirming/refuting the existence of an attack. This survey studies the threat hunting concept and provides a comprehensive review of the existing solutions for Enterprise networks. In particular, we provide a threat hunting taxonomy based on the used technique and a sub-classification based on the detailed approach. Furthermore, we discuss the existing standardization efforts. Finally, we provide a qualitative discussion on current advances and identify various research gaps and challenges that may be considered by the research community to design concrete and efficient threat hunting solutions.
引用
收藏
页码:2299 / 2324
页数:26
相关论文
共 50 条
  • [21] CTI ANT: Hunting for Chinese Threat Intelligence
    Tsai, Chia-En
    Yang, Cheng-Lin
    Chen, Chong-Kuan
    2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2020, : 1847 - 1852
  • [22] Hunting in the enterprise: Forensic triage and incident response
    Moser, Andreas
    Cohen, Michael I.
    DIGITAL INVESTIGATION, 2013, 10 (02) : 89 - 98
  • [23] Threat analysis of an enterprise messaging system
    Kalra, Gursev Singh
    Network Security, 2014, 2014 (12) : 7 - 13
  • [25] Revolutionizing Threat Hunting in Communication Networks: Introducing a Cutting-Edge Large-Scale Multiclass Dataset
    Abu Al-Haija, Qasem
    Masoud, Zaid
    Yasin, Assim
    Alesawi, Karam
    Alkarnawi, Yousef
    2024 15TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS, ICICS 2024, 2024,
  • [26] Skade - A Challenge Management System for Cyber Threat Hunting
    Sommestad, Teodor
    Karlzen, Henrik
    Kvist, Hanna
    Gustafsson, Hanna
    COMPUTER SECURITY. ESORICS 2023 INTERNATIONAL WORKSHOPS, PT I, 2024, 14398 : 84 - 103
  • [27] A Deep Learning Model for Threat Hunting in Ethereum Blockchain
    Rabieinejad, Elnaz
    Yazdinejad, Abbas
    Parizi, Reza M.
    2021 IEEE 20TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2021), 2021, : 1185 - 1190
  • [28] Architecting threat hunting system based on the DODAF framework
    Ali Aghamohammadpour
    Ebrahim Mahdipour
    Iman Attarzadeh
    The Journal of Supercomputing, 2023, 79 : 4215 - 4242
  • [29] Data-Driven Threat Hunting Using Sysmon
    Mavroeidis, Vasileios
    Josang, Audun
    ICCSP 2018: PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY, 2018, : 82 - 88
  • [30] Architecting threat hunting system based on the DODAF framework
    Aghamohammadpour, Ali
    Mahdipour, Ebrahim
    Attarzadeh, Iman
    JOURNAL OF SUPERCOMPUTING, 2023, 79 (04): : 4215 - 4242