Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber threat hunting presents challenges, particularly in generating hypotheses, as it is a manually created and confirmed process, making it time-consuming. To address these challenges, we introduce APThreatHunter, an automated threat hunting solution that generates hypotheses with minimal human intervention, eliminating analyst bias and reducing time and cost. This is done by presenting possible risks based on the system's current state and a set of indicators to indicate whether any of the detected risks are happening or not. We evaluated APThreatHunter using real-world Android malware samples, and the results revealed the practicality of using automated planning for goal hypothesis generation in cyber threat hunting activities.

翻译：网络攻击威胁着经济利益、关键基础设施以及公共卫生与安全。为应对此威胁，各组织采用网络威胁狩猎这一主动防御方法，其涉及提出假设并在组织网络内搜索攻击模式。自动化网络威胁狩猎面临挑战，特别是在生成假设方面，因为这是一个手动创建和确认的过程，耗时费力。为解决这些挑战，我们提出了APThreatHunter，一种自动化威胁狩猎解决方案，能够以最少的人工干预生成假设，消除分析员偏见并降低时间和成本。该方案通过基于系统当前状态和一组指示器来呈现潜在风险，以指示任何已检测风险是否正在发生。我们使用真实世界的Android恶意软件样本对APThreatHunter进行了评估，结果表明在网络威胁狩猎活动中使用自动化规划进行目标假设生成具有实际可行性。