School of Computing, Engineering and Technology

Use of Knowledge Graphs in Cybersecurity Operations Management

This project will focus on enhancing threat correlation, response, and mitigation workflows in Security Operations Management by introducing a novel knowledge graph-based solution aimed at optimizing decision-making processes.

Award

MRes | MPhil | PhD | MSc by Research

Start Date

Usually February and October - at individual School's discretion

Research Opportunities

Summary

Knowledge graphs offer a transformative approach to Security Operations Management (SOM) in cybersecurity, enabling the modelling of complex relationships between entities such as users, devices, networks, and security incidents. By capturing associations among systems, products, threats, and vulnerabilities, knowledge graphs facilitate predictive insights and enhanced situational awareness. For example, they can map known attack patterns, helping security teams quickly identify and respond to suspicious behaviours. During incidents, these graphs reveal connections between affected systems and malicious actors, enabling prioritized, data-driven responses. Furthermore, by mapping software dependencies, security teams can pinpoint critical nodes to prevent vulnerabilities from cascading across systems.

Aims

Model Complex Attack Paths for Enhanced Decision-Making: Use knowledge graphs to represent intricate attack paths, facilitating quicker identification of critical relationships between entities (e.g., devices, users, IP addresses) and supporting faster, more accurate threat detection. This approach aims to minimize manual correlation of alerts, accelerating response times and improving overall security posture.

Automate Threat Correlation and Vulnerability Identification: Leverage the graph structure to automatically identify high-risk entities and dependencies, streamlining the process of threat response and mitigation and enabling proactive vulnerability management.

Methods

Our method leverages existing threat databases to construct a threat knowledge graph and applies a machine learning and advanced graph mining technique to predict unseen or potential associations between entities within the graph. These predictions will provide valuable input for defensive security management tasks, enhancing the identification of emerging threats and vulnerabilities.

Expected candidate

The ideal candidate should possess strong research skills and have experience and expertise in Machine Learning and Cybersecurity. Experience in ontology engineering and Software Engineering is also preferred.