Today, network threat hunting is largely carried out by analysts sifting through network logs in response to a suspected intrusion. This comes with two downsides: log hunting is reactive after a known threat is suspected/detected and an average â1,000 user network generates 13,000 log entries per second.â This makes after-action log sifting a reactive, labor- intensive exercise. Our proposed system is a network threat hunting solution that analyzes network traffic within network environments to detect which internal systems have been compromised. It is able to provide security to all types of networks, by identifying the beaconing activity between hosts and malicious Command and Control nodes based off of packet capture and flow data rather than the traditional model of collecting logs and forcing analysts to sift through them. The value is a fast, largely automated, and point-and-shoot-simple cyber threat detection tool. AI Hunter takes a novel approach to threat hunting. By real-time monitoring of packet capture and flow data, AI Hunter identifies beaconing activity between hosts and malicious Command-and-Control nodes. The program captures this data, renders a threat assessment, and then visually conveys malicious packet flow via lines-and-shapes to show compromised syst
