Automated Threat Hunting for Early APT Identification

Advanced Persistent Threats (APTs) present a significant challenge to organizations due to their sophisticated, stealthy, and persistent nature. Traditional reactive security measures often do not detect these threats in real-time, leaving systems vulnerable to long-term exploitation. This research project will explore how to automate threat hunting to proactively identify APTs in real time, reducing manual intervention and enhancing early-stage detection. The partner organization, Ericsson, a leading multi-national networking and telecommunications company, focuses on delivering resilient 5G/6G solutions with threat detection, incident response, and security analytics to enterprise and Telco clients. Enhancing threat detection capabilities through automation, artificial intelligence (AI), and threat actor attribution-based analytics is extremely important to proactively identify APTs. This project will address the need to enhance threat-hunting capabilities, reduce the reliance on manual threat-hunting, and improve real-time detection and response. The development of an automated proactive threat-hunting solution is expected to provide significant economic benefits to the partner organization. By automating key aspects of threat hunting, the organization will reduce operational costs associated with manual threat hunting and improve the efficiency of its SOCs. Additionally, this solution will allow us to offer enhanced security services to verticals, customers, and clients potentially opening new revenue streams.

Faculty Supervisor:

Mourad Debbabi

Student:

Partner:

Ericsson Canada Inc (Quebec)

Discipline:

Computer science

Sector:

Professional, scientific and technical services

University:

Concordia University

Program: