Automated Construction of Threat Knowledge Graph for ICS Security
Principal Investigator:
Peng Gao, assistant professor, computer science, Virginia Tech
Co-Principal Investigator:
Yixin Sun, assistant professor, computer science, University of Virginia
Automated Construction of Threat Knowledge Graph for ICS Security Project Description:
The criticality of industrial control systems (ICS) makes them an attractive tar- get for cybercriminals. Though open-source cyber threat intelligence (OSCTI) shows great potential in providing visibility into the fast-evolving ICS threat landscape and identifying early signs of ICS attacks, existing OSCTI gathering and management approaches have ignored the rich threat knowledge entities and relations that are critical to uncovering the complete, multi-step scenario. In this project, we seek to enable automated, high-quality OSCTI gathering and management for ICS security using AI.
In particular, the project proposes the design of a novel system that uses a combination of AI-based methods to harvest comprehensive ICS threat knowledge entities and relations from various OSCTI sources, constructs an ICS threat knowledge graph containing the entity-relation triplets, and updates the threat knowledge graph by continuously ingesting new data. The proposed project will contribute significantly to advancing the state-of-the-art in ICS threat intelligence research and ICS security.