Objective
One of the key responsibilities of the service/software/network maintenance professionals is to ensure safety and security of the product or service from cyber threat. Now at each organization, there are dedicated people to prevent, identify, recover and predict potential cyber attacks. With rapidly changing technology and its building composition, attack surface is getting larger each day with large number of ways to exploit vulnerabilities. And it is getting harder and harder for even domain knowledge experts to be aware of all the details of exploitation events and prepare for large number of intrusion possibilities. Moreover, the underlying system gets updated and upgraded frequently to fulfil the demand from the organizations or customers. Changes – either in system or policy – is another point of attention for both attackers and defenders. As the services are now interacting with each other to facilitate more and more features to the customers, it is almost humanly impossible for security professionals to have threat information ready and usable across various service layers and protect it from exploitation. As a result, the awareness spectrum of safety/security engineer/analysts gets exponentially larger and more difficult to be able to catch up manually, resulting in possibilities of error-prone defense strategies costing huge revenue loss or in some cases human lives. A curated cyber knowledge base with automated knowledge retrieving framework is required to efficiently analyze and investigate information and convert them into actionable operations.
Summary of the Project
A solution/framework is needed that not only serves security or maintenance professionals providing cyber threat information in usable form or as action items, but also supports integration with diverse information paradigm like system logs or environment, policies, other frameworks etc.
The framework is based on-
- A consolidated knowledge base
- An automatic integration module
A unified knowledge base will contain
- Structured knowledge : Information from all the knowledge sources will be abstracted and decomposed at different levels according to stakeholders’ needs.
- Static/dynamic analysis: Diverse set of analysis on structured security properties/attributes will be run according to analyst’s need.
- New intelligence: New threat knowledge (that is not directly in the sources) will be created leveraging AI/ML/LLM techniques via identifying relationships between security attributes from diverse sources.
Automatic Integration Module will provide
- System Integration Service: This service provides integration capability with system’s logging module or SIEM or SOAR component to provide automatic knowledge transfer with minimal human intervention.
- Integration capability to Other knowledge sources: This capability would offer extensibility of knowledge via integrating with other knowledge sources (business policies etc. not included in GlUKB).
- Human-In-Loop Interaction: This would provide an interface for experts to interact with GlUKB. The interaction can be SQL like, feedback query like or chat based with multi-modal knowledge sharing capabilities.
- Agent Based Interaction: This would provide capabilities to run a procedure on the whole or sub-area of knowledge base at events triggered from outside of the GlUKB.
Our Team
Faculty Member
Students
Publications
- Talukder,M.R.H, Podder, R., Ray, I.,”VKG2AG : Generating Automated Knowledge-Enriched Attack Graph (AG) from Vulnerability Knowledge Graph (VKG)”, In Proceedings of the 22nd International Conference on Security and Cryptography (SECRYPT 2025)