The Security Services Team (formerly Global Security Analysis Lab, GSAL) at IBM Research explores challenging problems in the areas of cyber security and advanced threat detection, virtualization-based security services, computer forensics, security and penetration testing, and malware and security analysis. Current focus areas include:
- design and development of novel cyber security analytics and methods based on network and device level data,
- creation of high-speed and scalable data collection and management platforms supporting real-time and big data analytics, and
- malware analysis and penetration testing.
Cyber Security Analytics
We explore and develop novel security analytic methods that deliver sustainable cyber security defenses against emerging advanced and persistent threats (e.g., deploying data mining and machine learning techniques to detect benign, suspicious, and malicious behaviors across several heterogeneous data channels).
Big Data Feature Collection and Correlation Engine
Design, architecture, and implementation of a novel analysis engine, called FCCE, which finds correlations across a diverse set of data types spanning over large time periods with very small latency and with minimal access to raw data. Our engine scales well to collecting, extracting, and querying features from geographically distributed large data sets at close-to-real-time or from historical data sets.
Malware Analysis and Penetration Testing
Security Threat and Vulnerability Analysis, Ethical Hacking, Network Forensics, etc.