| An Efficient Approach of Threat Hunting Using Memory Forensics |
| Pages: 37-45 (9) | [Full Text] PDF (532 KB) |
| D Javeed, MT Khan, I Ahmad, T Iqbal, UM Badamasi, CO Ndubuisi, A Umar |
|
Northeastern University, Shenyang, Liaoning province, ChinaRiphah Institute of Science and Technology, Islamabad, PakistanChangchun University of Science and Technology, China https://doi.org/10.47277/IJCNCS/8(5)1 |
|
Abstract - The capacity and occurrence of new cyber-attacks have shattered in recent years. Such measures have very complicated workflows and comprise multiple illegal actors and organizations. Threat hunting demonstrates the process of proactively searching through networks for threats based on zero-day attacks by repeating the hunting process again and again. Unlike threat intelligence, it uses different automated security tools to collect logs in order to provide a pattern for making new intelligence-based tools by following those logs. According to our research findings about “threat hunting tools” theres a major flaw that the designed tools are limited to the collection of logs. It works completely on logs for generating new patterns avoiding systems main memory. Codes written directly to memory fail this process to provide proactive hunting. To overcome this major challenge, we are proposing two distinct methods, either by generating malicious code alerts or by binding memory forensics processes with threat hunting tools to make active hunting possible. |
| Index Terms - Information Security, Memory Forensics, Threat Hunting, Logs, Threat Intelligence, Automated Tools |
C itation - D Javeed, MT Khan, I Ahmad, T Iqbal, UM Badamasi, CO Ndubuisi, A Umar. "An Efficient Approach of Threat Hunting Using Memory Forensics." International Journal of Computer Networks and Communications Security 8, no. 5 (2020): 37-45. |