Improving Cyber Security Operations using Knowledge Graphs
The objective of this project is to improve the workflow and performance of security operation centers, including automating several of their tasks, by leveraging the vast amount of structured and unstructured real-world data available on threats, attacks, and mitigations. Toward this end, this project designs novel methods based on knowledge graphs to model and derive insights from cyber security data. These methods aggregate and represent knowledge about cyber data of various kinds (e.g., threat databases, cyber security incidents, user access events, application usage, etc.) and make decisions with that knowledge. The research entails developing ontologies to characterize entities, their properties, and relationships between entities, and using the ontologies to produce knowledge graphs out of existing data. In turn, the project explores applications of knowledge graphs for various cyber security activity purposes, including uncovering hidden relationships, identifying patterns and trends, and querying the data.