Cognitive Cybersecurity Intelligence (CCSI) Group - overview
The Cognitive Cybersecurity Intelligence (CCSI) group (formerly Global Security Analysis Lab or GSAL) researches on methodologies and technologies to help organizations detecting, understanding, and deflecting advanced cyber security threats and attacks on their network and in the cloud. It explores challenging research problems posed by building and combining AI and cognitive methods (e.g., contextual and behavioral analysis, machine learning, reasoning), scalable big data security analytics (e.g., graph mining, deep correlation and provenance analysis), and next-generation defense mechanisms (e.g., transparent malware analysis, active defense and cyber deception layers) to gain deep intelligence and insights about cyber security threats and attacks as well as threat actors.
Current focus areas
- Cognitive security offense analytics and threat intelligence consolidation, using AI and machine learning
- Cross-stack cyber deception and active defense techniques
- Cyber security analytics, event correlation, and provenance tracking on the network and device-level
- Next-generation malware analysis
- Design of high-speed and scalable data collection platforms for real-time and historical security analytics
- Security data visualization and penetration testing
- 11/2017: Decoy and deception-based file system at CCS '17: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality
- 05/2017: IBM Research features our work with a blog post
- 02/2017: IBM launches IBM QRadar Advisor with Watson based on our research ongoing project
- 02/2017: IBM press release: IBM Delivers Watson for Cyber Security to Power Cognitive Security Operations Centers
- 12/2016: Press coverage of the beta release of our research: IBM Watson for Cybersecurity Inches from Research to Reality
- 05/2016: IBM Security turns our research into an offering: IBM Cognitive Security (Watson for Cyber Security)
- 05/2016: Ginni Rometty, CEO, Chairwoman, and President of IBM, announcing Watson for Cyber Security at the IBM Security Summit 2016: Outthink Threats - Ginni Rometty
- 05/2016: Sandy Bird, IBM Fellow and CTO Security Systems Division presenting the results of our research and the offering at the IBM Security Summit 2016: Cognition and the Future of Security - Sandy Bird
On-going Projects and Efforts
Cognitive Security Analytics and Threat Intelligence
We are researching and developing techniques and methodologies to apply cognitive analytics and IBM Watson technologies to challenging security problems. Our research is the foundation of Watson for Cyber Security by IBM Security in 2016 and IBM QRadar Advisor with Watson in 2017.
Big Data Cyber Security Analytics
We explore and develop novel security analytic methods that deliver sustainable cyber security defenses against emerging advanced and persistent threats (e.g., deploying data mining and machine learning techniques to detect benign, suspicious, and malicious behaviors across several heterogeneous data channels).
Active Defense and Cyber Deception
We research on methodologies, techniques, and technologies to build cyber deceptive systems on multiple layers of an organizations' IT stack with the goal of detecting and deflecting adversarial activities and thereby make adversaries reveal inadvertently their presence, capabilities, and intentions.
Feature Collection and Correlation Engine
Design, architecture, and implementation of a novel analysis engine, called FCCE, which finds correlations across a diverse set of data types spanning over large time periods with very small latency and with minimal access to raw data. Our engine scales well to collecting, extracting, and querying features from geographically distributed large data sets at close-to-real-time or from historical data sets.
Malware Analysis, Ethical Hacking, and Penetration Testing
Next-generation malware analysis technologies, Security Threat and Vulnerability Analysis, Ethical Hacking, Network Forensics, etc.