Endpoint threat analytic: A people-oriented cybersecurity

端点威胁分析：以人为本的网络安全

• 批准号: 515564-2017
• 负责人: Ghorbani, Aliakbar
• 金额: $ 9万
• 依托单位: University of New Brunswick
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2019
• 资助国家: 加拿大
• 起止时间: 2019-01-01 至 2020-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=693349
• 关键词: Endpoint; threat; analytic; people; oriented

In the face of escalating global Cybersecurity threats, it is paramount to have an automated forewarning system that can find suspicious user activities and work as a prevention technique for planned attacks or ultimate security breaches. There is a widespread belief that by collecting large amounts of data, extracting computable features from endpoints, and doing analysis, comparisons, and data mining, we can detect machines infected with malware that are currently undetectable by state of the art security systems. This same data could be used to find eavesdropping software used by a rogue employee, or event data theft. In this project, a standard Endpoint Detection and IBM's QRadar will be used as an agent to collect data from a large number of sources and build users' universal security profiles and analytics to support the detection of malware or rogue employees. The system will leverage graph databases and uses graph visualization techniques to provide the end user evidence supporting the system's analysis. The proposed people-centric cybersecurity framework will be integrated in the IBM QRadar technology and will substantially increase its ability to assess and manage internal and external risks, and detect malicious threats and potential cybercriminal activities before they cause harm

面对不断升级的全球网络安全威胁，拥有一个自动预警系统至关重要，该系统可以发现可疑的用户活动，并作为预防计划攻击或最终安全漏洞的技术。人们普遍认为，通过收集大量数据，从端点提取可计算特征，并进行分析，比较和数据挖掘，我们可以检测到感染恶意软件的机器，这些恶意软件目前无法被最先进的安全系统检测到。同样的数据也可以用来发现流氓员工使用的窃听软件，或者事件数据盗窃。在这个项目中，标准的端点检测和IBM的QRadar将被用作代理，从大量来源收集数据，并构建用户的通用安全配置文件和分析，以支持恶意软件或流氓员工的检测。该系统将利用图形数据库，并使用图形可视化技术，为最终用户提供支持系统分析的证据。拟议的以人为本的网络安全框架将集成到IBM QRadar技术中，并将大幅提高其评估和管理内部和外部风险的能力，并在恶意威胁和潜在的网络犯罪活动造成伤害之前对其进行检测。