Improving Cyber Security Operations using Knowledge Graphs

Abstract
The objective of this project is to improve the workflow and performance of security operation centers, including automating several of their tasks, by leveraging the vast amount of structured and unstructured real-world data available on threats, attacks, and mitigations. Toward this end, this project designs novel methods based on knowledge graphs to model and derive insights from cyber security data. These methods aggregate and represent knowledge about cyber data of various kinds (e.g., threat databases, cyber security incidents, user access events, application usage, etc.) and make decisions with that knowledge. The research entails developing ontologies to characterize entities, their properties, and relationships between entities, and using the ontologies to produce knowledge graphs out of existing data. In turn, the project explores applications of knowledge graphs for various cyber security activity purposes, including uncovering hidden relationships, identifying patterns and trends, and querying the data.

Open Source Artifacts

• Threat Knowledge Graphs materials: https://github.com/nislab/threat-knowledge-graph
• Transaction Pool Synchronization Simulator: https://github.com/nislab/SREPSim
• Framework for benchmarking and optimizing reconciliation of data :https://github.com/nislab/gensync

Poster

• Poster abstract: Sevval Simsek, Zhenpeng Shi, David Starobinski, David Sastre Medina, “Investigating Removals in the National Vulnerability Database”, presented at the 2023 IEEE SecDev conference, Atlanta, GA, October 2023.

Awards

• “SREP: out-of-band sync of transaction pools for large-scale blockchains” won the Best Paper award at the 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). (read the news piece)
• Student Travel Grant for Sevval Simsek, 2023 IEEE Secure Development (SecDev) Conference