Cybersecurity consists of identifying patterns in software systems which are caused by malicious activity. These patterns---also known as malware signatures or more generally, as Indicators of Compromise (IoCs)---are typically identified from experience. I.e., it is only once a malicious actor has caused damage that its associated IoC can be extracted and stored in a repository of intelligence.
Subsequent attacks from that same threat can then be thwarted by looking up the corpus of intelligence for the matching IoCs. This paradigm based on static look-ups can be augmented by heuristics so as to "bootstrap" the intelligence to new, out-of-sample threats. This is however demanding in terms of domain knowledge and prone to obsolescence. To overcome these limitations, machine learning (ML) presents itself as the ultimate improvement in that it generates its own heuristics on the fly.
This talk will present a joint research project---supported by the Innovation Fund---between the CSIS, DTU, and AAU, which aims to lay the groundwork for a unifying approach to applying ML to cybersecurity. The target system to result from this project shall incorporate a way to elicit and relate the various features needed to generate business intelligence. This presents a host of technical, scientific, and organizational challenges that we will discuss.