Saved in:
Bibliographic Details
Main Authors: Abdelwahed, Mustafa F., Shafee, Ahmed, Espasa, Joan
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.25806
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911340361154560
author Abdelwahed, Mustafa F.
Shafee, Ahmed
Espasa, Joan
author_facet Abdelwahed, Mustafa F.
Shafee, Ahmed
Espasa, Joan
contents Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber threat hunting presents challenges, particularly in generating hypotheses, as it is a manually created and confirmed process, making it time-consuming. To address these challenges, we introduce APThreatHunter, an automated threat hunting solution that generates hypotheses with minimal human intervention, eliminating analyst bias and reducing time and cost. This is done by presenting possible risks based on the system's current state and a set of indicators to indicate whether any of the detected risks are happening or not. We evaluated APThreatHunter using real-world Android malware samples, and the results revealed the practicality of using automated planning for goal hypothesis generation in cyber threat hunting activities.
format Preprint
id arxiv_https___arxiv_org_abs_2510_25806
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle APThreatHunter: An automated planning-based threat hunting framework
Abdelwahed, Mustafa F.
Shafee, Ahmed
Espasa, Joan
Cryptography and Security
Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber threat hunting presents challenges, particularly in generating hypotheses, as it is a manually created and confirmed process, making it time-consuming. To address these challenges, we introduce APThreatHunter, an automated threat hunting solution that generates hypotheses with minimal human intervention, eliminating analyst bias and reducing time and cost. This is done by presenting possible risks based on the system's current state and a set of indicators to indicate whether any of the detected risks are happening or not. We evaluated APThreatHunter using real-world Android malware samples, and the results revealed the practicality of using automated planning for goal hypothesis generation in cyber threat hunting activities.
title APThreatHunter: An automated planning-based threat hunting framework
topic Cryptography and Security
url https://arxiv.org/abs/2510.25806