Skip navigation

Chronohunt: Determining Optimal Pace For Automated Alert Analysis in Threat Hunting using Reinforcement Learning

Threat hunting is a proactive practice applied to identify stealthy threats that evade traditional detection mechanisms. Real-time threat hunting, in particular, necessitates substantial manpower and computational resources to identify threats and might lead to inefficiencies and overlooked threats. Batch-mode hunting is more economical in resource allocation, but risks missing fast-moving threats.

The paper won Best Paper Award at the 2024 IEEE Conference on Dependable and Secure Computing (DSC)

To address these pivotal challenges, we have designed CHRONOHUNT, a solution that automatically and adaptively adjusts the threat hunting pace in alignment with the security importance, volume of events, available resources, and the evolving threat landscape. 

Obtained results show the efficacy of CHRONOHUNT in adaptively aligning the hunting pace based on changes in the environmental conditions while ensuring high accuracy in threat hunting and optimal resource utilization.

Full abstract in IEEEXplore DOI:0.1109/DSC63325.2024.00013

Authors

  • Boubakr Nour and Makan Pourzandi, Ericsson Research, Canada
  • Jesus Alatorre and Jan Willekens, Ericsson Cyber Defense Center, Sweden
  • Mourad Debbabi, Concordia University, Canada 

Published in 2024 IEEE Conference on Dependable and Secure Computing (DSC).

 

©2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse.