Evidential Cyber Threat Hunting
This addresses the challenge of efficient and scalable cyber threat detection for security professionals, though it appears incremental as it builds on existing reasoning and automation methods.
The paper tackles the problem of automating cyber threat hunting by introducing a formal reasoning framework with an operational semantics across knowledge, hypothesis, and action subspaces, enabling human-machine co-creation of threat hypotheses and protective recommendations, with an implementation showing the approach is practical for evidence-based multi-criteria investigations.
A formal cyber reasoning framework for automating the threat hunting process is described. The new cyber reasoning methodology introduces an operational semantics that operates over three subspaces -- knowledge, hypothesis, and action -- to enable human-machine co-creation of threat hypotheses and protective recommendations. An implementation of this framework shows that the approach is practical and can be used to generalize evidence-based multi-criteria threat investigations.