Beyah, Liao Place Third at Cyber Security Awareness Week Applied Research Competition

Atlanta, GA
Xiaojing Liao

A study of cloud hosting services has found that as many as 10 percent of the repositories hosted by them have been compromised. Shown is Georgia Tech graduate student Xiaojing Liao, first author of the paper reporting on the research.(Credit: Goergia Tech)

Download Image More Photos

Raheem Beyah and Xiaojing Liao won third place at the Cyber Security Awareness Week (CSAW) Applied Research Competition, a prestigious contest for graduate and doctoral level security researchers who have published papers in the last year.

Held at New York University in New York City, CSAW is the world’s largest student-run security games, which feature six different competitions for students ranging from high school grades through those who are in doctoral programs.

Beyah is the Motorola Foundation Professor in the Georgia Tech School of Electrical and Computer Engineering (ECE) and is the School’s associate chair for Strategic Initiatives and Innovation, and Liao is his Ph.D. student in the Communications Assurance and Performance Group. They were honored for their paper, “Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence,” which they coauthored with Kan Yuan, Xiaofeng Wang, and Luyi Xing, their colleagues at Indiana University-Bloomington, and Zhou Li, their colleague who works at RSA.

To adapt to the rapidly evolving landscape of cyber threats, security professionals are actively exchanging Indicators of Compromise (IOC), such as malware signatures and botnet IPs through public sources like blogs, forums, and tweets. With hundreds of thousands of sources in the wild, the IOC data are produced at a high volume and velocity today, which becomes increasingly hard to manage by humans. This team’s paper describes a solution that they developed which uses natural language processing and machine learning techniques to automate the reading of these threat indicators. This allows: 1) quicker deployment of accurate signatures/rules into defense mechanisms like intrusion detection systems; and 2) discovery of unknown relationships of various attack campaigns.

Last revised November 13, 2017