Semantic Monitoring of Cyberspace

Internet is evolving rapidly, being present in every aspect of our lives. Today’s society except from using Internet for fun or work, has also to handle multiple cyber threats. The major objective of the SMC project, that is financed by the National Centre for Research and Development (NCBiR), is to integrate data from heterogeneous sources and enable for automatic detection of cyber threats. The project therefore faces the following challenges related to automated detection of Internet threats:

  • handling large amount of structured and unstructured data,
  • integrating data from diverse sources,
  • evaluating if particular activity or data indicate a cyber threat.

Information from chosen Internet sources, like social network sites or on-line auction services, will be filtered applying a threat profile to find a particular threat. Experts’ role will be limited to definition of the detection process and a profile of a cyber threat.

Project aims
SMC aims to create a prototype enabling for monitoring of various Internet sources in order to detect cyber threats. Monitoring process should be executed automatically and result in a message about threats found.

SMC integrates expertise from areas of information retrieval, information extraction, information filters and data mining. Results are to overcome problems with automatic monitoring of heterogeneous Internet sources, both deep and visible Web. Information from structured internal repositories will be integrated with information from chosen Web unstructured and structured sources. Since a profile of cyber threat is too complex to build it manually, experts will focus on definition of methods of construction of the profile. Then, using information from predefined sources, profile will be automatically developed and will evolve to follow changes of a potential threat. Therefore, threat profile as complex information filter can be used to detect cyber threats and the role of specialists is determined only to definition of monitoring process.

The main outcomes include:

  • Identification of classes of threats. Construction of rules and methods for creation (and update) of a threat profile.
  • Mechanism for monitoring of sources from the visible and hidden Web as well as integration of data from structured and unstructured sources.
  • Demonstration of a working scenario for detecting cyber threats.