Cyberattacks have reached a tipping point in terms of volume, velocity and variety. They have become a monumental and expensive security problem, with malicious software (malware) quickly becoming a weapon of choice for attackers.
As Canada Research Chair in Cybersecurity, Dr. Ali A. Ghorbani is responding to these challenges by helping to build intelligence-driven cybersecurity tools and techniques. Ghorbani and his team are exploring how security data analytics affect our understanding of new and emerging cyber threats and people’s behaviour in cyberspace. Among other priorities, they are interested in how these analytics can support the development of an advanced cyber threat intelligence platform to derive, characterize, model and evaluate cyber threats.
Identifying potential outsider and insider attackers is an essential step in understanding and stopping any threat. To this end, Ghorbani and his team are focusing on methods for identifying outsider attackers or rogue employees based on evidence. They are investigating stylistic “clues” to characterize and distinguish malware; developing tools to extract these characteristics from malware source code; and coming up with approaches that attribute malware samples to potential authors based on style.
Ghorbani’s research also involves developing an intelligence-driven, people-centric cybersecurity solution that depends on big data analytics, user profiling, and internal and external intelligence gathering networks that allow both insiders acting maliciously and real outside threats to be identified proactively. In addition, he is developing an advanced threat protection system that uses big data analytics to produce intelligence and detect the variations of malware that may reside in a network.
Ultimately, Ghorbani’s research will help us to be more secure in cyberspace.