Description
This talk presents a novel approach to enhancing cyber defence through the automated learning and exploitation of action-based domain models from heterogeneous security event data. It addresses the challenge of identifying and responding to security threats by developing techniques to automatically generate and utilise action-based knowledge models from event-based data sources. This includes a data generator for synthetic event datasets, which are crucial for detecting multi-event attack signatures. However, their security-sensitive nature often limits sharing, making it difficult to benchmark new techniques. In this work, we explore how the capabilities of clustering techniques such as OPTICS and DBSCAN can detect event chains. Following event-chain detection, these chains are translated into action models using the Planning Domain Definition Language (PDDL), enabling automated planning and response. The technology applies to specific use cases such as Security Orchestration, Automation, and Response (SOAR).| Period | 24 May 2025 |
|---|---|
| Event title | 2025 IEEE the 5th International Conference on Computer Communication and Artificial Intelligence |
| Event type | Conference |
| Conference number | 5th |
| Location | Haikou, ChinaShow on map |
| Degree of Recognition | International |