Cyber Security Intelligence (CSI) team

Cyber Security Intelligence (CSI) team - overview

The Cyber Security Intelligence (CSI) team (formerly GSAL and CCSI) investigates methodologies and technologies to help organizations detect, understand, and deflect advanced cybersecurity threats and attacks on their infrastructure and in the cloud. It explores challenging research problems posed by building and combining AI and cognitive methods (e.g., contextual and behavioral analysis, machine learning, reasoning), scalable big data security analytics (e.g., graph mining, deep correlation and provenance analysis), and next-generation defense mechanisms (e.g., transparent malware analysis, active defense and cyber deception layers) to gain deep intelligence and insights about cybersecurity threats and attacks as well as threat actors; and protecting AI models against model theft, poisoning and evasion attacks by adaptive adversaries.

Focus areas and projects

Cyber threat hunting and threat intelligence consolidation
Program behavior analytics and next-generation malware analysis
Application security and vulnerability discovery
Security and robustness of AI models and adversarial machine learning
Cross-stack cyber deception and active defense techniques
Scalable data collection platforms for real-time and historical security analytics
Ethical hacking and penetration testing
Security data visualization

News

[08/2021] Our talk on an open stack for cloud-native threat hunting was accepted at Arsenal at Black Hat Europe 2021.
[06/2021] We contributed our Kestrel Threat Hunting Language to OASIS Open Cybersecurity Alliance (OCA) for broader community engagement.
[05/2021] We released our open-source project Kestrel Threat Hunting Language at RSAC 2021.
[04/2021] Our paper on evidential cyber threat hunting was accepted at AI/ML for Cybersecurity 2021.
[03/2021] Our talk on new cyber threat hunting methodology was accepted at RSAC 2021.
[01/2021] Our paper on adaptive verifiable training work was accepted at AAAI 2021.
[11/2020] Our team worked with IBM's CISO organization and Cisco to secure remote working environments (CVE-2020-3441, CVE-2020-3471, CVE-2020-3419).
[10/2020] Our paper on a new open and compact data format for system telemetry has been accepted at IEEE BigData 2020.
[10/2020] Our paper on software deception steering was accepted at HICSS 2021.
[09/2020] Our talk on a pluggable edge analytics pipeline for SysFlow was accepted at FloCon 2021.
[09/2020] Our paper on leveraging past (mis-)behavior to discover new bugs was accepted at ACSAC 2020.
[08/2020] Our paper on JIT security patching was accepted at FSE 2020.
[03/2020] Our paper on deactivating evasive malware via its own evasive logic was accepted at DSN 2020.
[03/2020] IBM Research features our team member, Dhilung Kirat.
[01/2020] IBM Research features our work on SysFlow.
[12/2019] Our team member, Xiaokui Shu, has been selected as ACM Future of Computing Academy (FCA).
[12/2019] Our briefing on SysFlow, scalable system telemetry for improved security analytics, was accepted at FloCon 2020.
[11/2019] We open-sourced our cloud-native system telemetry pipeline, SysFlow.
[08/2019] Our paper on improving intrusion detectors by crook-sourcing was accepted at ACSAC 2019.
[08/2019] Our paper on using machine learning to automate the evaluation of cyber deceptive IDSes was accepted at HICSS 2019.
[07/2019] Our paper on topology-aware hashing for effective CFG similarity analysis was accepted at SecureComm 2019.
[02/2019] Our research for IBM Cloud Security Advisor has been showcased at IBM THINK 2019.
[10/2018] ACM highlighted our paper Threat Intelligence Computing in the press release for CCS 2018: Leading Cybersecurity Conference Plans Blockbuster Program for 25th Anniversary.
[07/2018] Our paper Threat Intelligence Computing was accepted at CCS 2018.
[05/2018] Our briefing on DeepLocker, the next generation of malware using AI locksmithing, was accepted at Black Hat USA 2018.
[05/2018] Our paper on mining information from HTTP error traffic for malware intelligence was accepted at RAID 2018.
[05/2018] Our paper on cross-stack threat sensing for cyber security and resilience was accepted at DSN 2018.
[04/2018] Our paper on filesystem view separation for data integrity and deception was accepted to appear at DIMVA 2018.
[03/2018] Our paper on protecting the intellectual property of deep neural networks with watermarking was accepted at AsiaCCS 2018.
[03/2018] Nataraj Nagaratnam (CTO, IBM Cloud Security) announces IBM Cloud Security Advisor, to which the CSI team contributed.
[01/2018] Our paper on endpoint service projection and deception was accepted at SDN/NFV '18 (at CODASPY '18).
[11/2017] IBM announces the Quad 9 DNS Service, which is based on DNS analytics developed by the CSI team.
[11/2017] Decoy and deception-based file system at CCS '17: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality
[05/2017] IBM Research features our work on cognitive security in a blog post.
[02/2017] IBM launches IBM QRadar Advisor with Watson based on our research ongoing project.
[02/2017] IBM press release: IBM Delivers Watson for Cyber Security to Power Cognitive Security Operations Centers
[12/2016] Press coverage of the beta release of our research: IBM Watson for Cybersecurity Inches from Research to Reality
[05/2016] IBM Security turns our research into an offering: IBM Cognitive Security (Watson for Cyber Security)
[05/2016] Ginni Rometty (CEO, Chairwoman, and President of IBM) announces Watson for Cyber Security at the IBM Security Summit 2016: Outthink Threats - Ginni Rometty
[05/2016] Sandy Bird (IBM Fellow and CTO, IBM Security) presenting the results of our research and the offering at the IBM Security Summit 2016: Cognition and the Future of Security - Sandy Bird