OPEN-CSAM INFORMATION AGGREGATOR AND REPORTING TOOL USING AI AND NATURAL LANGUAGE PROCESSING

Transcription

1 OPEN-CSAM INFORMATION AGGREGATOR AND REPORTING TOOL USING AI AND NATURAL LANGUAGE PROCESSING Georgios Chatzichristos Operational Security Unit - ENISA

2 THE GOAL Help Decision Makers take better decisions!

3 THE TRIGGER Technical Operational Operational Technical 3

4 Overview Develop a tool based on latest technologies that will enhance situational awareness and help threat analysts to advise decision makers 4

5 The process Monitor (machine) Search (analyst) Report (machine+analyst) 5

6 NLP What is Natural Language Processing? Field of study focused on making sense of language Using statistics and computers Basics tasks of NLP: Topic identification Text classification NLP applications include: Chatbots Translation, Fake News detection, text summarization Sentiment analysis -> Social Media, Customer reviews etc. SPAM 6 Short name of the powerpoint presentation, maximum length two thirds of the page

7 Information aggregation News aggregator, monitors 24/7 a set of news sources and tweets Uses NLP to isolate trending terms Creates clusters of relevant terms using AI Searches ENISA s own publications Searches ENISA s own recommendations 7

8 NLP Trending terms in Tweets Continuous monitoring Daily/Weekly/Monthly/Yearly Stats Trending terms in News ENISA s topics ENISA s terms 8

9 AI Continuous monitoring Daily/Weekly/Monthly/Yearly Stats 9

10 Knowledge Graph Hardcoded Used to drive AI 10

11 Searching 11

12 12 Searching

13 Reporting 13

14 Elastic Search Kibana Jenkins Knowledge Graph Sources Done Done Done Done Done Latent Dirichlet Allocation (LDA) Non-negative Matrix Factorization (NMF) Done Done User inputs Spiders Scrappers Training Data / features 14

15 Update of Knowledge Graph and sources Latent Dirichlet Allocation (LDA) Non-negative Matrix Factorization (NMF) Elastic Search Kibana Jenkins Knowledge Graph Sources Users Spiders Scrappers Training Data / features 15

16 WAY FORWARD

17 17 Short name of the powerpoint presentation, maximum length two thirds of the page

18 The Vision Develop a dynamic knowledge graph fed by threat analysts and AI that will keep itself up to date by adding 3,4 Hacktivism new terms and delete obsolete ones 9,8 8,3 5,6 9,5 9,2 8,1 8,1 7,6 8,3 9,8 9,1 9,1 18

19 The Vision Develop a dynamic pool of sources fed by threat analysts and AI 3,4 9,8 7,6 9,8 8,3 9,1 5,6 8,1 9,5 7,6 8,3 9,1 9,2 8,1 9,2 Originality Authenticity Popularity Quality Also new types of sources like DarkWeb, Pastebin and sentiment analysis! 19

20 The Vision Make enisa an open source info hub with good training data for AI available for all Use services Contribute to QoS Threat analysts CSIRTs Cyber Security Professionals Training data for AI Academia Essential Services providers Researchers Cyber Security professionals

21 EPILOGUE Beta testers welcomed. Let us know if you are interested! 22

22 THANK YOU FOR YOUR ATTENTION Vasilissis Sofias Str 1, Maroussi , Attiki, Greece