Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber threat hunting presents challenges, particularly in generating hypotheses, as it is a manually created and confirmed process, making it time-consuming. To address these challenges, we introduce APThreatHunter, an automated threat hunting solution that generates hypotheses with minimal human intervention, eliminating analyst bias and reducing time and cost. This is done by presenting possible risks based on the system's current state and a set of indicators to indicate whether any of the detected risks are happening or not. We evaluated APThreatHunter using real-world Android malware samples, and the results revealed the practicality of using automated planning for goal hypothesis generation in cyber threat hunting activities.

翻译：网络攻击威胁经济利益、关键基础设施以及公共卫生与安全。为应对此威胁，各机构采用网络威胁狩猎这一主动防御方法，该方法涉及提出假设并在组织网络内搜寻攻击模式。自动化网络威胁狩猎面临诸多挑战，尤其是在生成假设方面，因为该过程目前依赖人工创建与确认，耗时严重。为应对这些挑战，我们提出了APThreatHunter——一种自动化威胁狩猎解决方案，能够以最少的人工干预生成假设，从而消除分析人员偏见并降低时间与成本。该框架通过基于系统当前状态和一组指示器来呈现潜在风险，这些指示器可显示任何已检测风险是否正在发生。我们使用真实世界的Android恶意软件样本对APThreatHunter进行了评估，结果表明在网络威胁狩猎活动中运用自动化规划进行目标假设生成具有实际可行性。