Software Engineering Institute

In this project, we take on the challenge of finding adversaries already present in the network by developing algorithms to enable fully autonomous threat hunting by modeling threat hunting as a Cyber Camouflage Game (CCG), a type of mathematical game played between a “probing” player (analogous to a threat hunter) and a potentially deceptive “target” (analogous to an attacker).

We will test these algorithms in a simulation environment, and evaluate success using metrics derived from CCG analysis and the threat-hunting domain. Cloud telemetry data will be used to develop and verify the hunt algorithms, assessing the sufficiency of this data for threat hunting, and identifying potential gaps that can be fed back into vendor requirements and open standards to make threat hunting more effective in cloud-native environments.