A Survey on Threat Hunting: Approaches and Applications

Advanced Persistent Threats (APT) have the characteristics of concealment, low frequency and high technology integration. Threat hunting techniques can help the security analyst trace the attack path and locate the attacker. The use case of APT attacks and threat hunting is given to introduce the the process of network attack and defense. Artificial intelligence technology is widely used to trace the source of attacks. Based on typical use cases of APT attacks and their threat hunting procedure, this paper provides a comprehensive analysis of the existing threat hunting techniques classified by industry and academia, and focuses on unsupervised learning-based and supervised learning-based analysis techniques. Challenges and research directions for threat hunting are given finally.