OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services

Fatimah Alaliwat; Lena Alqahtani; Manar Alzahrani; Nouf Alamoudi; Shaima Hakami; Abdulrahman Alharby; Nawaf Alharbi

doi:10.1109/ICIT64950.2025.11049292

OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services

Fatimah Alaliwat^*
, Lena Alqahtani
, Manar Alzahrani
, Nouf Alamoudi
, Shaima Hakami
, Abdulrahman Alharby
, Nawaf Alharbi

^*Corresponding author for this work

Networks and Communications Department

Imam Abdulrahman Bin Faisal University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

The convergence of IT and OT systems has height-ened cybersecurity risks, especially in OT/ICS environments where attacks can impact critical infrastructure. This paper proposes "OTuHunt", a conceptual framework to automate the extraction of Indicator of Compromise (IoC) and Tactics, Techniques, and Procedures (TTPs) from local reports and unstructured Cyber Threat Intelligence (CTI), using Natural Language Processing (NLP), aligning with the Managed Security Service Provider (MSSP) model. Extracted TTPs are mapped to MITRE ATT&CK for ICS and transformed into Security Information and Event Management (SIEM)-compatible queries. While still in the proposal stage, "OTuHunt"aims to provide an end-to-end automated threat hunting pipeline tailored to OT/ICS, addressing gaps in current solutions and enhancing early Advanced Persistent Threat (APT) detection in support of secure digital transformation.

Original language	English
Title of host publication	Proceeding - 12th International Conference on Information Technology
Subtitle of host publication	Innovation Technologies, ICIT 2025
Editors	Khalid Mohammad Jaber
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	39-46
Number of pages	8
ISBN (Electronic)	9798331508944
DOIs	https://doi.org/10.1109/ICIT64950.2025.11049292
State	Published - 2025
Event	12th International Scientific Conference on Information Technology, ICIT 2025 - Amman, Jordan Duration: 27 May 2025 → 30 May 2025

Publication series

Name	Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025

Conference

Conference	12th International Scientific Conference on Information Technology, ICIT 2025
Country/Territory	Jordan
City	Amman
Period	27/05/25 → 30/05/25

Access to Document

10.1109/ICIT64950.2025.11049292

Cite this

Alaliwat, F., Alqahtani, L., Alzahrani, M., Alamoudi, N., Hakami, S., Alharby, A., & Alharbi, N. (2025). OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services. In K. M. Jaber (Ed.), Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025 (pp. 39-46). (Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICIT64950.2025.11049292

Alaliwat, Fatimah ; Alqahtani, Lena ; Alzahrani, Manar et al. / OTuHunt : An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services. Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025. editor / Khalid Mohammad Jaber. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 39-46 (Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025).

@inproceedings{88761f6eae8a40d5a54d93cc47bdbf3d,

title = "OTuHunt: An Aggregated Threat Hunting \& Intelligence Platform for OT/ICS Environment and MSSP Services",

abstract = "The convergence of IT and OT systems has height-ened cybersecurity risks, especially in OT/ICS environments where attacks can impact critical infrastructure. This paper proposes {"}OTuHunt{"}, a conceptual framework to automate the extraction of Indicator of Compromise (IoC) and Tactics, Techniques, and Procedures (TTPs) from local reports and unstructured Cyber Threat Intelligence (CTI), using Natural Language Processing (NLP), aligning with the Managed Security Service Provider (MSSP) model. Extracted TTPs are mapped to MITRE ATT\&CK for ICS and transformed into Security Information and Event Management (SIEM)-compatible queries. While still in the proposal stage, {"}OTuHunt{"}aims to provide an end-to-end automated threat hunting pipeline tailored to OT/ICS, addressing gaps in current solutions and enhancing early Advanced Persistent Threat (APT) detection in support of secure digital transformation.",

author = "Fatimah Alaliwat and Lena Alqahtani and Manar Alzahrani and Nouf Alamoudi and Shaima Hakami and Abdulrahman Alharby and Nawaf Alharbi",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 12th International Scientific Conference on Information Technology, ICIT 2025 ; Conference date: 27-05-2025 Through 30-05-2025",

year = "2025",

doi = "10.1109/ICIT64950.2025.11049292",

language = "English",

series = "Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "39--46",

editor = "Jaber, \{Khalid Mohammad\}",

booktitle = "Proceeding - 12th International Conference on Information Technology",

}

Alaliwat, F, Alqahtani, L, Alzahrani, M, Alamoudi, N, Hakami, S, Alharby, A & Alharbi, N 2025, OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services. in KM Jaber (ed.), Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025. Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025, Institute of Electrical and Electronics Engineers Inc., pp. 39-46, 12th International Scientific Conference on Information Technology, ICIT 2025, Amman, Jordan, 27/05/25. https://doi.org/10.1109/ICIT64950.2025.11049292

OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services. / Alaliwat, Fatimah; Alqahtani, Lena; Alzahrani, Manar et al.
Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025. ed. / Khalid Mohammad Jaber. Institute of Electrical and Electronics Engineers Inc., 2025. p. 39-46 (Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - OTuHunt

T2 - 12th International Scientific Conference on Information Technology, ICIT 2025

AU - Alaliwat, Fatimah

AU - Alqahtani, Lena

AU - Alzahrani, Manar

AU - Alamoudi, Nouf

AU - Hakami, Shaima

AU - Alharby, Abdulrahman

AU - Alharbi, Nawaf

PY - 2025

Y1 - 2025

N2 - The convergence of IT and OT systems has height-ened cybersecurity risks, especially in OT/ICS environments where attacks can impact critical infrastructure. This paper proposes "OTuHunt", a conceptual framework to automate the extraction of Indicator of Compromise (IoC) and Tactics, Techniques, and Procedures (TTPs) from local reports and unstructured Cyber Threat Intelligence (CTI), using Natural Language Processing (NLP), aligning with the Managed Security Service Provider (MSSP) model. Extracted TTPs are mapped to MITRE ATT&CK for ICS and transformed into Security Information and Event Management (SIEM)-compatible queries. While still in the proposal stage, "OTuHunt"aims to provide an end-to-end automated threat hunting pipeline tailored to OT/ICS, addressing gaps in current solutions and enhancing early Advanced Persistent Threat (APT) detection in support of secure digital transformation.

AB - The convergence of IT and OT systems has height-ened cybersecurity risks, especially in OT/ICS environments where attacks can impact critical infrastructure. This paper proposes "OTuHunt", a conceptual framework to automate the extraction of Indicator of Compromise (IoC) and Tactics, Techniques, and Procedures (TTPs) from local reports and unstructured Cyber Threat Intelligence (CTI), using Natural Language Processing (NLP), aligning with the Managed Security Service Provider (MSSP) model. Extracted TTPs are mapped to MITRE ATT&CK for ICS and transformed into Security Information and Event Management (SIEM)-compatible queries. While still in the proposal stage, "OTuHunt"aims to provide an end-to-end automated threat hunting pipeline tailored to OT/ICS, addressing gaps in current solutions and enhancing early Advanced Persistent Threat (APT) detection in support of secure digital transformation.

UR - https://www.scopus.com/pages/publications/105011953821

U2 - 10.1109/ICIT64950.2025.11049292

DO - 10.1109/ICIT64950.2025.11049292

M3 - Conference contribution

AN - SCOPUS:105011953821

T3 - Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025

SP - 39

EP - 46

BT - Proceeding - 12th International Conference on Information Technology

A2 - Jaber, Khalid Mohammad

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 27 May 2025 through 30 May 2025

ER -

Alaliwat F, Alqahtani L, Alzahrani M, Alamoudi N, Hakami S, Alharby A et al. OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services. In Jaber KM, editor, Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025. Institute of Electrical and Electronics Engineers Inc. 2025. p. 39-46. (Proceeding - 12th International Conference on Information Technology: Innovation Technologies, ICIT 2025). doi: 10.1109/ICIT64950.2025.11049292

OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS Environment and MSSP Services

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this