Formal- and Data-driven Analytics for High-Assurance Decision-Making in Cyber Defense

Speaker:   Prof. Ehab Al-Shaer, University of North Carolina, Charlotte
When:   April 4, 2018, 1:30 pm - 2:30 pm
Where:   Engineering Building, Dean's Conference Room


With the expositional growth of cyber complexity and connectivity, the potential of cyber misconfigurations, and novel/unknown attacks has been tremendously increasing. The operation of cyber and cyber-physical systems depends on thousands of highly inter-dependent configurations (e.g., rules and variables) to execute mission and enforce security policies. Moreover, the amount of vulnerability reports and cyber threat intelligence received every day is overwhelming for any team of experts. These challenges make real-time understanding of the threat space, identifying potential risk, and assessing the cyber security and resiliency capabilities based on its configuration extremely challenging and daunting tasks even for human experts. In the first part, this talk will present automated configuration verification and synthesis to plan and enforce security and resiliency properties for Cyber, Energy Management Systems, and IoT using advanced formal methods based on SMT and bounded model checking. Then, we will present our recent data-driven approach (TTPDrill) using NLP and machine learning to automatically extract attack actions and infer attack patterns from unstructured text of Cyber Threat Intelligence (CTI) with high accuracy and without human assistant. TTPDrill provides great support for threat predictive/proactive analytics, and cyber hunting and investigation in cyber diagnosis and forensics. In the second part, this talk will present future research directions leveraging Mason strengths and capabilities to establish world-class research programs in cyber security and resiliency.

Speaker Bio

Ehab Al-Shaer is a Professor in Computer Science, the Director of the Cyber Defense and Network Assurability (CyberDNA) Center, and the director of NSF IUCRC Center on Configuration Analytics and Automation in the University of North Carolina Charlotte. Prof. Al-Shaer's research area expertise includes formal verification and synthesis of security configuration, data-driven analytics of cyber threat intelligence, automated adaptive cyber defense, cyber agility (deterrence and deception), and resilience of cyber and cyber-physical (smart grids and IoT) systems. He was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on cybersecurity analytics and automation in 2011, and he was awarded the IBM Faculty Award in 2012, and UNC Charlotte Faculty Research Award in 2013. He is a lead researcher in the cyber resilience of NSA Science of Security (SOS) Lablet. Prof. Al-Shaer has edited/co-edited more than 10 books and published more than 200 refereed journals and conference papers in this area. He has a number of patents and he has lead several technology transfer projects. He is also an advisory board member for a leading company in cybersecurity automation. Prof. Al-Shaer received funding from many government agencies including NSF, NSA, ARO, AFRL, and many industry partners including Cisco, Intel, IBM, Bank of America, Duke Energy, BB&T, Depository Trust & Clearing Corporation, RTI International, CIS, and others.