Cognitive Cybersecurity Intelligence (CCSI) Group - Cognitive Security Intelligence

We are researching and developing techniques and methodologies to apply cognitive analytics and IBM Watson technologies to challenging security problems.

Cognitive Security Analytics

Security analysts in a security operations center (SOC) investigate many cyber security incidents every day.  Many of them may be originating from false positives of a detection system, whereas for others, they spend significant amounts of time on identifying relevant information and data mining surrounding events or incidents to understand the bigger picture.

We are researching on how we can support SOC analysts in providing them a companion (or co-pilot) assisting them with recommendations and suggestions based on cognitive reasoning, i.e., to reduce the analysts' workload and provide them with insights about a given incident that they would not be able to produce under existing time and complexity constraints.  The methods and tools we research on perform activities such as understanding, learning, and reasoning over on-going and past security incidents and events in a SIEM system (IBM QRadar) and combining them with insights obtained from the Security Knowledge Graph (Watson for Cyber Security).

Key challenges and technologies: AI, machine learning, natural language processing (NLP), reasoning, deep security knowledge.



Our chair, president, and CEO Ginni Rometty shares the statistics of Watson for Cybersecurity.  Our initial vision and direction became her keynote speech at the 2017 IBM Security Summit.


Security Knowledge Graph

A tremendous amount of security knowledge resides siloed in different repositories, such as threat intelligence databases, malware sandbox reports, threat reports released by security vendors, or blogs.  Security analysts are required to search these systems manually, keep track of the findings, and correlate over them to identify actionable insight.

We are researching on methods to consolidate, correlate, and reason over vast amounts of security intelligence data extracted from hundrets of millions security documents (unstructured and structured) leading to billions of facts.

Key challenges and technologies: Graph mining, NLP, signal flow, belief propagation, machine learning, ontologies, scalable graph computing.




Jiyong Jang

DeepLocker: How AI Can Power a Stealthy New Breed of Malware

Exploring the Security Knowledge Graph

Security Knowledge Graph

Identify and Understand threats with Watson for Cyber Security