Dr. Ehab Al-Shaer will talk about “Automated Analysis and Mitigation of Cyber Threats Using Analytics of Unstructured CTI Reports” from 12:45 p.m. to 1:45 p.m. on Thursday, October 24, 2019 at the Stuart Building (Room 111).
Cyber Threat Reports (CTI) are widely used for early-notification of emerging future cyber threats, and constructing proactive mitigation plans. The current practice is to manually analyze these reports. However, due to the complexity and large number of CTI reports, the manual analysis of these reports is labor-intensive, slow, and inaccurate.
In this talk, Dr. Ehab Al-Shaer will present his on-going research effort to fully automate cybersecurity sense-making and decision-making processes for analyzing unstructured CTI reports for predictive analytics, and constructing effective and safe threat hunting controls. First, for sensing-making, data-driven analytics approach of CTI and CVEs reports using text mining, machine learning, natural language understanding to extract the “actionable” cyber threat information, characterize the TTP (tactics techniques and procedure) chain, and identify the potential attack pattern to detect and predict attacks at real-time will be presented. Second, for decision-making, automated proactive threat hunting playbooks for threat investigation and prediction using evidential reasoning will be examined. Third, on-going research on formal composition and verification of playbooks for soundness and safety guarantees will be discussed.
Overall, the goal of this research is to offer automated cyber threat analysis and response to make cybersecurity effective, fast, and economical.
About Dr. Ehab Al-Shaer
Dr. Ehab Al-Shaer is a Professor and the Director of CyberDNA (www.cyberdna.uncc.edu/), as well as NSF Cybersecurity Analytics and Automation (CCAA) (www.ccaa-nsf.org) at the University of North Carolina at Charlotte. Dr. Al-Shaer’s research area of interest includes data-driven analytics for cybersecurity, security configuration verification and synthesis, cyber deterrence and deception, and resilience of smart grid and IoT. He was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on security analytics and automation in 2011, and he was awarded the IBM Faculty Award in 2012, and UNC Charlotte Faculty Research Award in 2013. Prof. Al-Shaer received more than $19M of research funding from NSF, NSA, DARPA, ARO/ARL, AFRL, ONR, IBM, Cisco, Intel, Bank of America, Wells Fargo, BB&T, DTCC, Duke Energy, and others.