Postdoc in Cyber Security - Marie Skłodowska-Curie Action COFUND

Outline

Exploring the Use of Artificial Intelligence to improve Security operations Centre Activities

This research program will investigate a number of targeted topics whose aim is to increase the efficiency of the  SOC team through the use of artificial intelligence techniques. This research will be conducted in collaboration with  the Security Operation Centres (SOC) of Hewlett Packard Enterprise (HPE)  in Galway, Ireland. HPE is one of the world’s leading information technology companies with a wide suite of IT solutions. The SOC team in Galway operates at the heart of HPE’s security defense system

It is a widely known fact that teams in Security Operation Centres (SOC) and SecOps teams struggle to deal with the vast volumes of information that are produced by all the various security sensors across an enterprise. For a large company this can run to billions of events per week. Sifting through even greatly aggregated data to find true threats is made even more difficult by the large number of false positives that are produced even by the best of security management suite of tools. Dealing with these false readings not only delays finding threats but also reduces the morale of the security team.  Nor is it just immediate interaction with the data that poses challenges- data must be retained for weeks or even months in order to provide a back-view on possible latent or well concealed attacks. This poses challenges for the retention, storage and subsequent processing of that data for activities such as threat hunting.

Machine learning/AI techniques have been widely used for a long time in cyber security. The vast majority of such research  has been applied to intrusion detection. More recently AI research is being directed at improving the efficiency of SOC team  operations  as part of Security Orchestration Automation and Response (SOAR) activities. Other suggested area where AI could be included in the SOC process include,

• Abstracting lessons from individual incidents, generalizing them across systems and networks, and applying those lessons to increase attack and defense effectiveness elsewhere.
• Identifying strategic and tactical trends from large datasets and using those trends to adapt attack and defense tactics.
• Using natural language sentiment analysis to automate security processes,

SOC activities span a wide range of roles and responsibilities with many possibilities for AI.

What is funded

This proposal has the following objectives

TO1 – To investigate the use of Interactive Machine Learning (IML) to improve analyst workloads and efficiency.

TO2- To explore existing datasets to uncover new data relationships to improve threat detection and response.

TO3- To explore the use of sentiment analysis to improve the security automation.

TO4- To investigate the use of AI to optimise event storage

see attached proposal description for more information on these objectives

Duration

36 months from Q2/Q3 2020

Eligibility

As per Marie Curie criteria for this call - see the Career-Fit Plus website

https://www.horizon2020.ie/career-fit-plus/