Threat Hunting in Large-Scale Socs: A Cyber Threat Intelligence-Driven Model Using MITRE ATT&CK And Machine Learning

Abstract

Cyber threats have grown increasingly sophisticated and difficult to track, necessitating the implementation of proactive security solutions at large-scale Security Operations Centers (SOCs). In order to improve threat detection, investigation, and response, the proposed research presents a unified threat hunting paradigm that incorporates MITRE ATT&CK, ML, and Cyber Threat Intelligence (CTI). The paper begins by discussing how CTI gives attackers contextual knowledge and how threat hunting has evolved in modern SOCs. Also covered are the MITRE ATT&CK framework's structural strengths and how to use machine learning to spot patterns that are not visible with the naked eye. After that, we lay out the framework, development methodology, and supporting technologies for a model that is based on CTI. A number of real-world case studies demonstrate the model's utility and advantages. While doing so, we lay the groundwork for investigating potential trends in the future by talking about the primary obstacles, such as data integration and the trade-offs between automation. To stay ahead of the competition in a constantly changing strategic landscape, this study suggests that SOCs should employ a threat hunting strategy that is intelligence-driven, behavior-based, and improved with machine learning.