ORGANISATION NAMEAthlone Institute of Technology
FUNDING TYPEMobility Incoming
RESEARCH FIELDFormal sciences
CAREER STAGERecognised Researcher (R2) (PhD holders or equivalent who are not yet fully independent)Established Researcher (R3) (Researchers who have developed a level of independence)
Exploring the Use of Artificial Intelligence to improve Security operations Centre Activities
This research program will investigate a number of targeted topics whose aim is to increase the efficiency of the SOC team through the use of artificial intelligence techniques. This research will be conducted in collaboration with the Security Operation Centres (SOC) of Hewlett Packard Enterprise (HPE) in Galway, Ireland. HPE is one of the world’s leading information technology companies with a wide suite of IT solutions. The SOC team in Galway operates at the heart of HPE’s security defense system
It is a widely known fact that teams in Security Operation Centres (SOC) and SecOps teams struggle to deal with the vast volumes of information that are produced by all the various security sensors across an enterprise. For a large company this can run to billions of events per week. Sifting through even greatly aggregated data to find true threats is made even more difficult by the large number of false positives that are produced even by the best of security management suite of tools. Dealing with these false readings not only delays finding threats but also reduces the morale of the security team. Nor is it just immediate interaction with the data that poses challenges- data must be retained for weeks or even months in order to provide a back-view on possible latent or well concealed attacks. This poses challenges for the retention, storage and subsequent processing of that data for activities such as threat hunting.
Machine learning/AI techniques have been widely used for a long time in cyber security. The vast majority of such research has been applied to intrusion detection. More recently AI research is being directed at improving the efficiency of SOC team operations as part of Security Orchestration Automation and Response (SOAR) activities. Other suggested area where AI could be included in the SOC process include,
- Abstracting lessons from individual incidents, generalizing them across systems and networks, and applying those lessons to increase attack and defense effectiveness elsewhere.
- Identifying strategic and tactical trends from large datasets and using those trends to adapt attack and defense tactics.
- Using natural language sentiment analysis to automate security processes,
SOC activities span a wide range of roles and responsibilities with many possibilities for AI.
What is funded
This proposal has the following objectives
TO1 – To investigate the use of Interactive Machine Learning (IML) to improve analyst workloads and efficiency.
TO2- To explore existing datasets to uncover new data relationships to improve threat detection and response.
TO3- To explore the use of sentiment analysis to improve the security automation.
TO4- To investigate the use of AI to optimise event storage
see attached proposal description for more information on these objectives
36 months from Q2/Q3 2020
As per Marie Curie criteria for this call - see the Career-Fit Plus website
The responsibility for the funding offers published on this website, including the funding description, lies entirely with the publishing institutions. The application is handled uniquely by the employer, who is also fully responsible for the recruitment and selection processes.