Cyberattack triage is among most complicated and time-consuming tasks of security analysts. These triage activities are mainly focused on analyzing malware, exploit-kits and other attack payloads for timely identification of attack payloads (i.e. the malware). AI has a lot to offer to cyber threat triage and may significantly reduce the required time and resources to respond to an incident. Cyber Science Lab built several unique datasets for AI-Aided cyber threat triage as lack of suitable security datasets for AI tasks is among most important barriers in advancing research in this field. CSL has contributed to several researches for AI-aided Malware Analysis, Ransomware Analysis, AI-aided threat attribution and Cyber Threat Analytics. (for more information please see our latest publications[AD2] ):
o Intuitionistic Cyber Threat Triage: The Cyber Science Lab at the University of Guelph, is developing an intuitionistic cyber threat triage and incident response system that enables national defence agencies to differentiate between targeted malicious versus broad and opportunistic cyber-attacks. This system includes a cutting-edge deep learning engine for cyber threat hunting; a risk assessment module; and two systems for cyber threat triage (CTT) and cyber threat intelligence (CTI).
o Cyber Threat Attribution: The Cyber Science Lab at the University of Guelph has developed a system that enhances cyber attribution for national defense agencies by automatically detecting, or making decisions about, the source of cyberattacks. This system is trained using multiple AI learning sources, enabling it to take into account multiple technical, non-technical, and even regulatory and political viewpoints, to “intelligently” estimate cyber attack sources. Moreover, this system is using an integrated intuitionistic fuzzy decision-making module to automate decision-making processes and reduce incident response times.
o Prevent Seen and Unseen Ransomware Attacks: Ransomware is identified as one of the most serious cyberattacks targeting the healthcare sector. In spite of attempts to detect such attacks, ransomware developers have been capable of modifying the face of their attacks and bypass most detection mechanism. The Cyber Science Lab at the University of Guelph has developed a deep-neural network-based system that is capable of detecting ransomware attacks from multiple different views. This system not only detects previously known (seen) ransomware but it achieved more than 99% accuracy in detecting previously unseen (totally new) ransomware samples. The system supports multiple platforms ranging from Windows and macOS to Android-based devices and offers backward compatibility to older operating systems such as Windows XP. Once ransomware is identified, the system automatically suggests actions for containment, eradication and recovery.