Threat hunting is a proactive methodology for exploring, detecting and mitigating cyberattacks within complex environments. As opposed to conventional detection systems, threat hunting strategies assume adversaries have infiltrated the system; as a result they proactively search out any unusual patterns or activities which might indicate intrusion attempts. Historically, this endeavour has been pursued using three investigation methodologies: (1) Hypothesis-Driven Investigations; (2) Indicator of Compromise (IOC); and (3) High-level machine learning analysis-based approaches. Therefore, this paper introduces a novel machine learning paradigm known as Threat Trekker. This proposal utilizes connectors to feed data directly into an event streaming channel for processing by the algorithm and provide feedback back into its host network. Conclusions drawn from these experiments clearly establish the efficacy of employing machine learning for classifying more subtle attacks.

翻译：威胁猎杀是一种主动方法，用于在复杂环境中探索、检测和缓解网络攻击。与传统检测系统不同，威胁猎杀策略假设攻击者已渗透系统；因此，他们主动搜索可能表明入侵尝试的任何异常模式或活动。历史上，这一任务通过三种调查方法进行：(1) 假设驱动调查；(2) 入侵指标；以及 (3) 基于高级机器学习分析的方法。因此，本文引入了一种称为“威胁追踪者”的新型机器学习范式。该方案利用连接器将数据直接输入事件流通道，供算法处理，并将反馈返回至其主机网络。从这些实验中得出的结论明确证明了利用机器学习对更隐蔽攻击进行分类的有效性。