Security threat intelligence data is scattered, has high volume, and comes in a variety of formats. For feeds to be actionable, and quick, they need to be integrated into security information and event management (SIEM) platforms so that the external information they provide can be correlated with internal telemetries like firewall and DNS logs to facilitate the identification of potential attacks. We propose fundamental work in AI that targets the problem of automated curation of threat intelligence data by:
a. Developing NLP and embedding-based techniques for source validation; information extraction, standardization, and disambiguation; summarization of reports; and providing threat insights
b. Designing graph neural network models for the extraction of actionable information from knowledge graphs of threats where each node is a representation of the ontological mapping of a threat or report.
c. Designing machine learning models for the robust assignment of trustworthiness and confidence scores to resources and reports.
TBD. Current goals - This research incorporates the threat intelligence gathered by the security community worldwide, and available on different online platforms in order to ensure that the SIEM systems stay updated with the latest threat information. The inclusion of this information is ensured in a reliable and scalable manner that allows the expansion and improving the accuracy of alerting SIEM systems across industries and businesses.