Apr. 03, 2017
 

 

Hagit Grushka-Cohen, a PhD student who investigates advanced methods for data protection at IBM’s Cyber Security Center of Excellence at BGU under the supervision of Prof. Bracha Shapira and Prof. Lior Rokach, has been granted the prestigious IBM PhD Fellowship Award for 2017. The research, in collaboration with IBM colleagues Dr. Ofer Biller and Oded Sofer, focuses on automatic policy adjustment for database monitoring using machine learning algorithms. 

The vast majority of cyber attacks are directed towards corporate databases, where the organization’s “crown jewels” are. To address this threat, database monitoring is well recognized as a critical capability that underlies many defense strategies. However, database monitoring is fundamentally challenged by the extremely high quantities of data involved, which, apart from being a resource management nightmare, also makes it extremely hard to understand the patterns, trends and risks associated with the multitude of data transactions.  

Despite the growing investment of global organizations in protecting their data, the availability of professional human resources to oversee the monitoring activity is very limited. It is therefore highly desirable to provide the security team with automated means to prioritize the analysis of database activities. 

The innovative research by Hagit provides algorithms to continuously improve and tune the database monitoring policy while assessing the risk level associated with any database activity. The algorithm uses machine learning techniques to identify critical decision points where human security experts need to be engaged. Thus, the algorithm promotes overall system security while assuring optimal usage of security analysts’ time.  The first part of this research has been described in depth in two papers that were accepted for publication at high quality scientific conferences. 

 “This research is important in that is helps us examine the merit of applying cognitive computing methods to optimize the trade-off between human effort and automated inspection of suspicious database activities”, says Oded Sofer, Hagit’s research collaborator and Chief Product Officer of the Guardium product group which sponsors this research. 

The IBM PhD Fellowship Award program is a global and highly competitive one. Hundreds of nominations from all over the world are reviewed annually by an independent IBM team, and a handful of outstanding PhD-level researchers are selected and recognized by IBM, based on the quality of their research.​​