Ehab Al-Shaer will be presenting a Hatfield Distinguished Lecture as part of the TCP Seminar Series on February 19th. Cyber Threat Intelligence (CTI) reports are widely used for early-notification and mitigation of emerging future cyber threats. However, the current practice of manually analyzing these reports makes threat mitigation is slow, inaccurate, and labor-intensive. In this talk, Al-Shaer will present our on-going research effort to full automate cybersecurity sense-making and decision-making processes for analyzing unstructured CTI reports for predictive analytics and constructing effective and safe threat hunting controls. First, for sensing-making, data-driven analytics approach of CTI and CVEs reports are presented using text mining, machine learning, natural language understanding to extract the "actionable" cyber threat information, characterize the TTP (tactics techniques an procedure) chain, and identify the potential attack pattern to detect and predict attacks in real-time. Second, for decision-making, automated proactive threat hunting playbooks for threat investigation and prediction are presented using evidential reasoning. Third, on-going research on formal composition and verification of playbooks for soundness and safety guarantees will be briefly described. Overall, the goal of this research is to offer automated cyber threat analysis and response to make cybersecurity effective, fast, and economical.
This event will also include a networking hour with Professor Al-Shaer at 3:30pm! Stop by the Gravity Cafe (outside of ECCR 105) for snacks and refreshments prior to Professor Al-Shaer's seminar.
About the Speaker
Dr. Al-Shaer is a Professor and the Director of CyberDNA and NSF Cybersecurity Analytics and Automation (CCAA) in the University of North Carolina Charlotte. Dr. Al-Shaer's research area of interest includes data-driven analytics for cybersecurity, security configuration verification and synthesis, cyber deterrence and deception, and resilience of smart grid and IoT. He was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on security analytics and automation in 2011, and he was awarded the IBM Faculty Award in 2012, and UNC Charlotte Faculty Research Award in 2013. Prof. Al-Shaer received research funding from NSF, NSA, DARPA, ARO, AFRL, ONR, IBM, Cisco, Intel, Bank of America, Wells Fargo, BB&T, DTCC, Duke Energy, and others.