Improving Cyber Security Operations using Knowledge Graphs

VIEW DIRECTORY

Abstract
The objective of this project is to improve the workflow and performance of security operation centers, including automating several of their tasks, by leveraging the vast amount of structured and unstructured real-world data available on threats, attacks, and mitigations. Toward this end, this project designs novel methods based on knowledge graphs to model and derive insights from cyber security data. These methods aggregate and represent knowledge about cyber data of various kinds (e.g., threat databases, cyber security incidents, user access events, application usage, etc.) and make decisions with that knowledge. The research entails developing ontologies to characterize entities, their properties, and relationships between entities, and using the ontologies to produce knowledge graphs out of existing data. In turn, the project explores applications of knowledge graphs for various cyber security activity purposes, including uncovering hidden relationships, identifying patterns and trends, and querying the data.

Repository

https://github.com/nislab/threat-knowledge-graph

Poster
Poster abstract: Sevval Simsek, Zhenpeng Shi, David Starobinski, David Sastre Medina, “Investigating Removals in the National Vulnerability Database”, presented at the 2023 IEEE SecDev conference, Atlanta, GA, October 2023.

This project is supported by the Red Hat Collaboratory at Boston University.

Status

In Progress

Research Area(s)

AI-ML | Cloud-DS | Testing and Ops

Contacts

Project Resources

RIG(s)

North America

Affiliations

Boston University
Red Hat Collaboratory At Boston University

Project Team

Publications