<p>While the incorporation of AI and machine learning techniques in the automation of cyber threat defense holds great promise in the effort to mitigate the increasing frequency and scale of modern-day cyberattacks, issues such as a lack of context awareness, insufficient levels of adaptability, and a high false-positive rate can potentially negate any tangible gains. To offset these potential drawbacks, combining cybersecurity domain knowledge with AI promises to be a viable solution. The objective of this paper is to further investigate the potential of incorporating domain knowledge with AI, while identifying limitations and proposing possible avenues for success. First, we review recent solutions from the literature for representing domain knowledge and define the concept of knowledge graphs. We then describe different sources for cybersecurity domain knowledge, including existing ontologies as well as open source knowledge graphs, and detail methods for extracting knowledge from these sources. We thoroughly review previous research efforts that use domain knowledge in cyber automation, and propose a domain knowledge management framework to improve the integration of knowledge with AI and ML techniques. Lastly, we highlight open challenges and future research directions.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Domain Knowledge Management for Automated Threat Defense: Methods, Challenges, and Opportunities

  • Md Mohaiminul Islam,
  • Euclides Carlos Pinto Neto,
  • Shahrear Iqbal,
  • Scott Buffett,
  • Madeena Sultana,
  • Adrian Taylor

摘要

While the incorporation of AI and machine learning techniques in the automation of cyber threat defense holds great promise in the effort to mitigate the increasing frequency and scale of modern-day cyberattacks, issues such as a lack of context awareness, insufficient levels of adaptability, and a high false-positive rate can potentially negate any tangible gains. To offset these potential drawbacks, combining cybersecurity domain knowledge with AI promises to be a viable solution. The objective of this paper is to further investigate the potential of incorporating domain knowledge with AI, while identifying limitations and proposing possible avenues for success. First, we review recent solutions from the literature for representing domain knowledge and define the concept of knowledge graphs. We then describe different sources for cybersecurity domain knowledge, including existing ontologies as well as open source knowledge graphs, and detail methods for extracting knowledge from these sources. We thoroughly review previous research efforts that use domain knowledge in cyber automation, and propose a domain knowledge management framework to improve the integration of knowledge with AI and ML techniques. Lastly, we highlight open challenges and future research directions.