Home

Despite the increasing investments in cyber-defense research, cybersecurity remains a huge and growing challenge. With the advent of the darkweb, the offensive community has been quietly and covertly industrializing itself at a pace that defenders cannot keep track of. Now, highly secure sites allow anonymous communities of malicious hackers to exchange ideas, techniques, and buy/sell malware and exploits worldwide, exposing organizations to an unprecedented number of threats. Without visibility into this new offensive industrial base, defenders do not know what is in the production pipeline and cannot properly prepare. As usual, they only react, trying to mitigate damages that range from unavailability of services until loss in reputation, revenue, or data. This dominant viewpoint of cyber-defense that solely focuses on defenders' environment does not consider the other side of this security battle: the attackers. Current research has been demonstrating how the hackers' digital traces existing in malicious hacker communities yield valuable insights into evolving cyber-threats. They can signal a pending offensive well before malicious activity is detected on a target system. To mine this intel for cyber defense, CALSys lab explores techniques from artificial intelligence, machine learning, and social network analysis to scrutinize not only the pieces of malware shared on hacker environments but also the hackers creating and distributing malicious code online. Directed by Dr. Ericsson Marin and coordinated by Wesley Kwan, this research team works to advance the current threat intelligence methods and models as well as propose new ones that will help organizations to shift their perspective from reactive to proactive cybersecurity. Check our current projects to know more about this research.