Infosec Analytics conducts advanced research into the use of graph theory in information security. This research includes uses for Threat Modeling with application to engineering and operations. It also includes incident handling, incident investigation, intelligence sharing, risk analysis, and risk management.
General Artificial Intelligence
Infosec Analytics is conducting exploratory research into the development of general Artificial Intelligence (AI). Such AI provides great potential as well as great risks. Infosec Analytics is taking a unique approach, attempting to build a system capable of general AI and then utilize it to accomplish tasks rather than continuously making a narrow AI more complex.
Economics of Information Security
A computer compromise is fundamentally an economic trade. We are researching the economics of information security to model the cost of compromise versus the cost of security. We are also investigating the application of game theory and graph theory to traditional micro-economics as it applies to information security.
Big Data Analytics
SIEM products are in a transition period from tools designed to visualize risk to tools designed to prioritize actors on the network for investigation and facilitate the identification of relationships in network telemetry data. Infosec Analytics is investigating methods for profiling legitimate access and detecting illegitimate access as well as methods of improving the correlation of related information in large data sets.
Software Defined Networking
In network defense, security always own the field on which the conflict occurs. Software Defined Networking (SDN) offers the potential to allow defense to pitch the field to it's advantage. Information Security Analytics is researching approaches for using SDN to provide increased security and Quality of Disservice to potential malicious actors on the network.
Decision support comes in multiple forms including differential diagnosis and Analysis of Competing Hypotheses. We have developed new machine learning training and query algorithms which implement such decision support and applied them to create a diagnostic medical decision support system. We are currently researching improvements in the system to more fully automate it's implementation.