"Using Game Theory to Advance the Quest for Autonomous Cyber Threat Hunting"
Ensuring information system security requires preventing system compromises and finding adversaries already present in the network before they can launch an attack from inside. Cyber threat hunting has been deemed critical for identifying threats by personnel in defensive computer operations. However, the time, expense, and expertise required for cyber threat hunting often prevent its use. What is needed is an autonomous cyber threat hunting tool capable of running more pervasively, achieving standards of coverage considered impractical, and significantly reducing competition for limited time, money, and analyst resources. Phil Groce, a senior network defense analyst in the Software Engineering Institute's (SEI) CERT Division, describes early efforts at Carnegie Mellon University (CMU) to apply game theory to the development of algorithms suitable for informing a fully autonomous threat hunting capability. As a starting point, the CMU team is developing chain games, a series of games that can be used to evaluate and refine threat hunting strategies. This article continues to discuss the work to apply game theory to developing algorithms fit for informing a fully autonomous threat hunting capability.