Accelerating Cognitive Cyber Security
Human analysts bring to bear background knowledge, rules of thumb, contextualized reasoning, flexible assessments of similarity, and dynamic information gathering to identify and counter cyber attacks. But we are easily overwhelmed by data. Machines can quickly look for known attack signatures in large volumes of data, but are myopic and easily fooled by adversaries that introduce syntactic variations of old attacks or invent new types of attacks. We will design and prototype a more semantic approach to cognitive cyber security that integrates diverse information sources and reasons about attacks like humans, and to leverage hardware acceleration at key points to scale up information integration to the enterprise and beyond.
Automated Information Extraction and Knowledge Management for Cybersecurity
For many cybersecurity problems, extracting information (e.g., entities, events and relations) from text and populating a knowledge base with the extracted information is a fundamental problem. So far, there have not been many resources (e.g., data and tools) specifically designed to support information extraction (IE) for cybersecurity. The lack of data and tools may significantly hinder our ability in detecting, analyzing and reporting emerging security risks effectively.
Our project is specifically designed to address this challenge by focusing on three key areas: (1) curating a comprehensive data repository to support IE for cybersecurity; (2) developing advanced software tools to support IE and semantic analytics; and (3) developing a prototype system to demonstrate the utility of the resources we create.