Threat Hunting in Large-Scale Socs: A Cyber Threat Intelligence-Driven Model Using MITRE ATT&CK And Machine Learning

Abstract

The scale of large-scale Security Operations Centers (SOCs) has led to a serious need for implementing proactive security solutions, as cyber threats have become more complex and elusive. The proposed paper introduces a unified threat hunting model that integrates Cyber Threat Intelligence (CTI), the MITRE ATT&CK framework, and Machine Learning (ML) to enhance threat detection, investigation, and response. The paper sets out with an explanation of the changing role of threat hunting in contemporary SOCs and addresses the way CTI provides contextual information to adversaries. It also discusses the structural strengths of the MITRE ATT&CK framework and demonstrates how machine learning methods can be utilized to identify patterns that cannot be observed with conventional tools. A CTI- based model is subsequently proposed, along with an explanation of its structure, development process, and enabling technologies. The practical use of the model and its benefits are illustrated in real-life case studies. At the same time, a discussion of the main challenges, including data integration and trade-offs between automation, provides the background for exploring future trends. This paper concludes that an intelligence-driven, behavior-based, and machine learning-enhanced approach to threat hunting is a critical measure to ensure that SOCs remain several steps ahead of the adversary in a rapidly evolving strategic environment.