As cyber-crimes against critical infrastructure and large organizations increase and evolve, automated systems to supplement human analysis are required. In addition, hunting for breaches is like looking for a needle in a haystack.
Such organizations are so large, with so much information and data to sort for actionable intelligence, that just knowing where to begin seems impossible.
Intelligence analysis of an attack is traditionally an iterative mainly manual process going through unlimited amounts of data trying to determine sophisticated patterns and behaviors of intruders.
Furthermore, most detected intrusions will provide a limited set of attributes about a single phase of an attack.
Knowing all the stages of an intrusion accurately and in a timely manner would allow us to aid our cyber detective and preventive capabilities, as well as enrich our cyber threat intelligence and facilitate immediate threat information sharing, since we put several pieces together.
The workshop is expected to address the aforementioned issues and will aim at presenting novel research in the area of cyber-threat hunting and cyber-threat intelligence.