Egyptian Informatics Journal (Sep 2024)
Proactive threat hunting to detect persistent behaviour-based advanced adversaries
Abstract
Persistence behavior is a tactic advanced adversaries use to maintain unauthorized access and control of compromised assets over extended periods. Organizations can efficiently detect persistent adversaries and reduce the growing risks posed by highly skilled cyber threats by embracing creative techniques and utilizing sophisticated tools. By taking a proactive stance, businesses may increase their entire cybersecurity posture by anticipating and mitigating possible risks before they escalate. Security analysts perform thorough investigations and extract meaningful insights from large datasets with greater technical advantage by using Elasticsearch in conjunction with a variety of linguistic tools. This research presents a novel methodology for proactive threat intelligence to identify and mitigate advanced adversaries that use persistent behaviors. The authors designed and set up an Elasticsearch-based advanced Security Information and Event Management platform to offer a proactive threat-hunting strategy. This enables comprehensive analysis and detection by integrating Lucene, Kibana, and domain-specific languages. The goal of this research is to locate hidden advanced enemies who exhibit persistent behavior during cyberattacks. The framework can help improve the organization’s resilience to identify and respond to threats by closely examining activities like boot or logon auto-start execution in registry keys, tampering with system processes and services, and unauthorized creation of local accounts on compromised assets. This study emphasizes proactive actions over reactive reactions, which advances danger detection techniques. This technical study provides security practitioners seeking to improve defenses against new advanced attacks to stay ahead in a dynamic threat landscape.
