CSE Colloquium: Ehab Al-Shaer

Presenter: Ehab Al-Shaer, Professor and Director of Cybersecurity Centers, University of North Carolina

Title: Automated Cyber Threat Extraction, Characterization and Hunting

Using Analytics of Unstructured CTI Reports

Date: Friday, February 22

Time: 11-12pm

Location: HBL Video Theatre 2

Abstract:

Many businesses, government agencies, and enterprises highly rely on analyzing cyber threat information reports for early-notification and prediction of emerging future cyber threats, and constructing proactive mitigation plans. In most enterprises, hundreds of unstructured cyber threat intelligence (CTI) reports are manually analyzed by dedicated engineers every day in order to identify enterprise-relevant threats, and implement the appropriate counter-measures. Considering the complexity and large number of generated CTI reports, this manual process is often labor-intensive, slow, and inaccurate.

In this talk, I will present our research effort to automate cybersecurity sense-making and decision-making by analyzing unstructured CTI reports and constructing the most-effective security controls. First, for sensing-,making, we present our novel hybrid data-driven analytics approach of CTI reports using text mining, machine learning, natural language understanding to extract the “actionable” cyber threat information, characterize the TTP (tactics techniques an procedure) chain, and identify the potential attack pattern (PowerShell or API command sequence) to detect or predict attacks at real-time. Unlike IoC-based (indicator of compromise) approaches, our approach constructs behavioral signatures that are robust for prevention and detection because they are hard to evade by attackers. Second, for decision-making, we present our novel automated threat monitoring and investigation approach using evidential reasoning to predict and hunt threat actions proactively based on the sense-making of the CTI analytics. Third, I will present our recent cutting edge research in analyzing unpatchable CVEs using deep learning in order to classify novel CVEs to existing CWEs, CAPEC and other threat information, and determine the appropriate detection and mitigation counter-measures beyond vulnerability patching.

The goal of our research in this direction is automate the entire cyber defense ecosystem, from sense-making to the decision-making, to make cybersecurity effective, fast, and economical.

Short Bio:

 Dr. Al-Shaer is a Professor and the Director of CyberDNA (www.cyberdna.uncc.edu/) and NSF Cybersecurity Analytics and Automation (CCAA) (www.ccaa-nsf.org) in the University of North Carolina Charlotte. Dr. Al-Shaer’s research area of interest includes data-driven analytics for cybersecurity, security configuration verification and synthesis, cyber deterrence and deception, and resilience of smart grid and IoT. He was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on security analytics and automation in 2011, and he was awarded the IBM Faculty Award in 2012, and UNC Charlotte Faculty Research Award in 2013.  Prof. Al-Shaer received more than 19M of research funding from NSF, NSA, DARPA, ARO, AFRL, ONR, IBM, Cisco, Intel, Bank of America, Wells Fargo, BB&T, DTCC, Duke Energy, and others.