Threat Hunting Architecture Using a Machine Learning Approach for Critical Infrastructures Protection

The number and the diversity in nature of daily cyber-attacks have increased last few years, trends show that both will grow exponentially near future. Critical Infrastructures (CI) operators are not excluded from these issues; therefore, CIs’ Security Departments must their own group IT specialists to prevent respond cyber-attacks. To introduce more challenges existing cyber security landscape, many attacks unknown until they spawn, even a long time after initial actions, posing increasing difficulties on detection remediation. be reactive against those cyber-attacks, usually defined as zero-day attacks, organizations Threat Hunters at departments aware unusual behaviors Modus Operandi. face vast amounts data (mainly benign repetitive, following predictable patterns) short periods detect any anomaly, with associated cognitive overwhelming. application Artificial Intelligence, specifically Machine Learning (ML) techniques, can remarkably impact real-time analysis data. Not only that, but providing useful visualizations significantly increase Hunters’ understanding issues facing. Both help discriminate between harmless malicious data, alleviating analysts above-mentioned overload means enhance Cyber Situational Awareness (CSA). This work aims design system architecture helps Hunters, using approach applying state-of-the-art visualization techniques order protect based distributed, scalable online configurable framework interconnected modular components.