Towards automatically evaluating security risks and providing cyber intelligence

Abstract

The cyber threat landscape is quickly changing, and it is of vital importance to stay abreast of emerging threats and to proactively work to improve security. At the same time, piecing together a complete landscape of attacks by identifying the strategies and capabilities of the adversaries requires establishing semantic links among individual observations. Also, defending against these attacks requires automatically generated semantics-aware policies to complement manual analysis. While using semantic-aware techniques to address security problems is a promising approach to evaluate security risks and to provide cyber intelligence, there exists a gap between the security ontology and generic NLP primitives needed for such an approach. This gap tends to be domain-sensitive, language-specific, and computationally intensive which further complicates the use of such an approach. In this dissertation, a cyber-threat gathering framework is presented which takes advantage of semantic-aware inspection to extract cyber intelligence of newly-appearing online crime from online blogs. I'll then discuss how to model emerging and previously imperceptible online crimes from the extracted cyber intelligence via large-scale data analytics. Finally, I will present an efficient and accurate security system based on a large-scale semantic processing of text content to defend against these online crimes.