Cyber-All-Intel: An AI for Security related Threat Intelligence
It addresses the challenge of information overload for security analysts, but appears incremental as it combines existing methods like neural networks and knowledge graphs in a domain-specific pipeline.
The paper tackles the problem of managing threat intelligence for security analysts by developing Cyber-All-Intel, an AI system that extracts, represents, and analyzes cybersecurity data using vector spaces and knowledge graphs, resulting in a query engine and alert system for actionable insights.
Keeping up with threat intelligence is a must for a security analyst today. There is a volume of information present in `the wild' that affects an organization. We need to develop an artificial intelligence system that scours the intelligence sources, to keep the analyst updated about various threats that pose a risk to her organization. A security analyst who is better `tapped in' can be more effective. In this paper we present, Cyber-All-Intel an artificial intelligence system to aid a security analyst. It is a system for knowledge extraction, representation and analytics in an end-to-end pipeline grounded in the cybersecurity informatics domain. It uses multiple knowledge representations like, vector spaces and knowledge graphs in a 'VKG structure' to store incoming intelligence. The system also uses neural network models to pro-actively improve its knowledge. We have also created a query engine and an alert system that can be used by an analyst to find actionable cybersecurity insights.