Cyber-All-Intel: An AI for Security related Threat Intelligence

TL;DR

Cyber-All-Intel is an AI system designed to assist security analysts by automatically extracting, representing, and analyzing threat intelligence from diverse sources using knowledge graphs and neural networks.

Contribution

The paper introduces a comprehensive AI pipeline that integrates knowledge extraction, multi-representation storage, and proactive learning for cybersecurity threat intelligence.

Findings

Effective knowledge representation using VKG structure.

Proactive knowledge improvement via neural networks.

Query and alert system for actionable insights.

Abstract

Keeping up with threat intelligence is a must for a security analyst today. There is a volume of information present in `the wild' that affects an organization. We need to develop an artificial intelligence system that scours the intelligence sources, to keep the analyst updated about various threats that pose a risk to her organization. A security analyst who is better `tapped in' can be more effective. In this paper we present, Cyber-All-Intel an artificial intelligence system to aid a security analyst. It is a system for knowledge extraction, representation and analytics in an end-to-end pipeline grounded in the cybersecurity informatics domain. It uses multiple knowledge representations like, vector spaces and knowledge graphs in a 'VKG structure' to store incoming intelligence. The system also uses neural network models to pro-actively improve its knowledge. We have also created a query engine and an alert system that can be used by an analyst to find actionable cybersecurity insights.