Threat hunting in large-scale SOCs: A cyber threat intelligence-driven model using MITRE ATTandCK and machine learning
NTS Netzwerk Telekom Service AG.
Review Article
World Journal of Advanced Research and Reviews, 2024, 21(03), 2679-2689
Article DOI: 10.30574/wjarr.2024.21.3.0830
Publication history:
Received on 01 February 2024; revised on 21 March 2024; accepted on 28 March 2024
Abstract:
The scale of large-scale Security Operations Centers (SOCs) has led to a serious need for implementing proactive security solutions, as cyber threats have become more complex and elusive. The proposed paper introduces a unified threat hunting model that integrates Cyber Threat Intelligence (CTI), the MITRE ATTandCK framework, and Machine Learning (ML) to enhance threat detection, investigation, and response. The paper sets out with an explanation of the changing role of threat hunting in contemporary SOCs and addresses the way CTI provides contextual information to adversaries. It also discusses the structural strengths of the MITRE ATTandCK framework and demonstrates how machine learning methods can be utilized to identify patterns that cannot be observed with conventional tools. A CTI-based model is subsequently proposed, along with an explanation of its structure, development process, and enabling technologies. The practical use of the model and its benefits are illustrated in real-life case studies. At the same time, a discussion of the main challenges, including data integration and trade-offs between automation, provides the background for exploring future trends. This paper concludes that an intelligence-driven, behavior-based, and machine learning-enhanced approach to threat hunting is a critical measure to ensure that SOCs remain several steps ahead of the adversary in a rapidly evolving strategic environment.
Keywords:
Cyber Threat Intelligence; Threat Hunting; MITRE ATT and CK Framework; Security Operations Center (SOC); Machine Learning
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0