OPEN-CSAM INFORMATION AGGREGATOR AND REPORTING … · Latent Dirichlet Allocation (LDA)...

Georgios ChatzichristosOperational Security Unit - ENISA

6 11 2018

OPEN-CSAM

INFORMATION AGGREGATOR AND

REPORTING TOOL USING AI AND

NATURAL LANGUAGE PROCESSING

THE GOAL

Help Decision Makers

take better decisions !

3

THE TRIGGER

Open Cyber Security Awareness Machine

Technical

Operational

OperationalTechnical

4

Overview


Develop a tool based on latest

technologies that will enhance

situational awareness and help threat

analysts to advise decision makers

5

The process


Monitor (machine) Search (analyst)Report

(machine+analyst)

6

NLP

What is Natural Language Processing?Field of study focused on making sense of language

Using statistics and computers

Basics tasks of NLP:

Topic identification

Text classification

NLP applications include:

Chatbots

Translation, Fake News detection, text summarization

Sentiment analysis -> Social Media, Customer reviews etc.

SPAM

Short name of the powerpoint presentation, maximum length two thirds of the page

7

Information aggregation


• News aggregator, monitors 24/7 a set of news sources and tweets

• Uses NLP to isolate trending terms

• Creates clusters of relevant terms using AI

• Searches ENISA’s own publications

• Searches ENISA’s own recommendations

8

NLP


Continuous monitoringDaily/Weekly/Monthly/Yearly Stats

Trending terms in Tweets Trending terms in News

ENISA’s termsENISA’s topics

9

AI


Continuous monitoringDaily/Weekly/Monthly/Yearly Stats

10 Open Cyber Security Awareness Machine

Hardcoded

Used to drive AI

Knowledge Graph

11

Searching



Searching

13

Reporting



Latent Dirichlet Allocation (LDA)

Non-negative Matrix Factorization (NMF)

Training Data

/ features

User inputs

Spiders

Scrappers

Elastic Search

Kibana

Jenkins

Knowledge Graph

Sources

Done

Done

Done

Done

Done

Done

Done


Latent Dirichlet Allocation (LDA)Non-negative Matrix Factorization (NMF)

Training Data

/ features

Users

Spiders

Scrappers

Update of

Knowledge Graph and sources

Elastic Search

Kibana

Jenkins

Knowledge Graph

Sources

WAY FORWARD

17 Short name of the powerpoint presentation, maximum length two thirds of the page

18

The Vision


Develop a dynamic knowledge graph fed by threat analysts and AI

9,8

8,3

5,6

9,5

9,2

8,1

7,6

8,3

9,1

Hacktivism

3,4

8,1

9,8

9,1

that will keep itself up to date by adding

new terms and delete obsolete ones

19

The Vision


Develop a dynamic pool of sources fed by threat analysts and AI

9,88,3

5,6

9,5

9,2

8,1

7,6 8,39,1

3,49,8

7,6

9,1

9,2

8,1

Originality

Authenticity

Popularity

QualityAlso…new types of sources like DarkWeb, Pastebin and sentiment analysis !

21

The Vision


Make enisa an open source info hub with good training data for AI available for all

Threat analystsAcademiaEssential Services providers

Researchers

Cyber Security professionals

.

.

.

.

Cyber Security

Professionals

CSIRTs Training data for AI

Use services

Contribute to QoS

22

Beta testers welcomed. Let us know if you are interested !

[email protected]

EPILOGUE


https://github.com/enisaeu/OpenCSAM

THANK YOU FOR YOURATTENTION

Vasilissis Sofias Str 1, Maroussi 151 24,

Attiki, Greece

+30 28 14 40 9711

[email protected]

www.enisa.europa.eu

OPEN-CSAM INFORMATION AGGREGATOR AND REPORTING … · Latent Dirichlet Allocation (LDA)...

Documents

Transcript of OPEN-CSAM INFORMATION AGGREGATOR AND REPORTING … · Latent Dirichlet Allocation (LDA)...