An Intelligent Security Assistant for Cyber Security Operations

Our research is initially motivated by a conversation we had with a group of cyber security analysts that are responsible for monitoring enterprise security at a large corporation who were experiencing day-to-day operational burdens. As a result, this paper focuses on the design and implementation of an Intelligent Cyber Security Assistant (ICSA) architecture that would provide intelligent assistance to a human security specialist. The ability to focus on rapidly developing malicious events which have the most impact on the normal operations of cyber resources and services is both critical and challenging. Effectively responding to cyberattacks, which have been expanding at alarming rates, will require advanced machine learning to automatically detect attacks and intelligently recommend the mechanisms to render attackers incapable of re-launching new attacks. To effectively address these challenges, we present the design and implementation of an intelligent cyber assistant that will assist security analysts and ease the day to day operational burdens by efficiently and promptly defending cyberspace resources and services against both existing and novel attacks.