Back to all discussions

Manager   •   about 3 years ago

BAE Systems

Prize - 12 months mentorship with 1-on-1 monthly meetings per winners interest.

1. Current State: There are many research articles on cyber threat actors coming from different sources (independent researchers, security vendors, etc.). Oftentimes a single threat actor is described under different names (due to different naming conventions, etc.); as a result, there are often commonalities between reports despite the different names. Sometimes there are also relationships between different threat actors (e.g. A is a subgroup of B; A facilitates B).

Problem Statement: Generate a definitive threat actor database/dossier - sorting out all namings (aliases), relationships, attribution confidence, etc. Are there trends that can help guide further research and effective maintenance of this database/dossier.

Data Source: Public threat research blogs and articles

Here are some websites well known which would routinely report on threat actors:
https://www.microsoft.com/en-us/security/blog/microsoft-security-intelligence/

https://www.crowdstrike.com/blog/category/threat-intel-research/

https://www.trendmicro.com/en_us/research.html?category=trend-micro-research:threats/apt-and-targeted-attacks

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence

Hint: Text analytics (entity extraction), Cosmos DB, knowledge graph

2. Current State: Researchers want to keep track of adversary techniques used by threat actors. There is a knowledge base/catalogue of techniques (MITRE ATT&CK), but the techniques are often discussed in prose form within threat research articles. Sometimes a list of techniques is provided at the end of the article, but these tend to be manually generated by the article’s authors.

Problem Statement: Given a threat research report/article, generate, using AI methods, a list of MITRE ATT&CK techniques described in the article. Make the techniques searchable.

Data Sources:

https://attack.mitre.org/techniques/enterprise/
Public threat research blogs and articles
Hint: Text Analytics, Cognitive Search

Comments are closed.