Graph Analysis on Threat Intelligence Graphs
Graphs are ubiquitous tools to represent and encode knowledge. Automatic processing of graphs in order to extract novel knowledge is a challenging task and a fast-moving area of research. Approaches to this problem include statistical methods (e.g., random walks), embedding of graphs in vector spaces (e.g., node2vec), and machine learning solutions (e.g., graph neural networks). These techniques constitute a promising way to analyze graph data not only in the security domain, but in a wide range of domains.
The target of interest for this work is the ACT platform, a platform that exposes a graph API that can be used to query/traverse a threat intelligence graph. The aim of this project is to study, evaluate and apply graph processing algorithms to this real-world threat intelligence graph. This would require to develop a solid understanding of the available methodologies for graph analysis; to assess their potential and their limitations; to use these techniques on the ACT platform in order to generate novel actionable security insights.