Direkt zum Inhalt

Anomaly Detection & Cyber Threat Intelligence

Every day organizations are exposed to cyber attacks. Information security teams do their best, but it is very difficult to monitor the current situation, pinpoint leading indicators, respond to issues, and stay informed about latest attack vectors, methods and threats – and it is overwhelming to do all of this at the same time.

AIT works on novel concepts, algorithms and systems that apply machine learning techniques to characterize system behavior and detect deviations from an established baseline. These solutions for adaptive system log stream processing allow to detect, classify and cluster frequently occurring patterns in log files and eventually distinguish the known good from unknown malicious activities specifically in a custom IT infrastructure – self-learning with minimal manual configuration effort.

An effective link to threat intelligence solutions further allows to tune the anomaly detection system and focus on the threatened areas, while vice verse extracting indicators from raw logs is a means to generate threat intelligence with minimal human effort.

 

Challenges/Key Questions

  •  Understand the wide range of potential attack vectors and techniques in modern systems.
  •  Build efficient algorithms to extract, classify and cluster frequently occurring patterns in log files.
  •  Create concepts to automatically build system behavior profiles with pure observation only.
  •  Detect anomalies as a consequence of intrusion attempts in system behavior profiles.
  •  Correlate detected anomalies with threat intelligence and enrich findings with contextual data.
  •  Support the emergence of situational awareness by collecting, aggregating and interpreting the vital information.

 

Further Material


ÆCID

ÆCID stands for "Automatic Event Correlation for Incident Detection" and is an intelligent cyber security tool


ÆCID Infografik

The application of such a system is specifically promising in control networks, as applied in the emerging smart grid, which mostly implement well-specified processes


CÆSAIR

CÆSAIR is a cyber threat intelligence solution designed to provide analytical support for security experts.