Hagit Grushka-Cohen, a PhD student who investigates advanced methods for data
protection at IBM’s Cyber Security Center of Excellence at BGU under the
supervision of Prof. Bracha Shapira and Prof. Lior Rokach, has been granted the
prestigious IBM PhD Fellowship Award for 2017. The research, in collaboration
with IBM colleagues Dr. Ofer Biller and Oded Sofer, focuses on automatic policy
adjustment for database monitoring using machine learning algorithms.
The vast majority
of cyber attacks are directed towards corporate databases, where the
organization’s “crown jewels” are. To address this threat, database monitoring
is well recognized as a critical capability that underlies many defense strategies.
However, database monitoring is fundamentally challenged by the extremely high
quantities of data involved, which, apart from being a resource management
nightmare, also makes it extremely hard to understand the patterns, trends and
risks associated with the multitude of data transactions.
Despite the growing
investment of global organizations in protecting their data, the availability
of professional human resources to oversee the monitoring activity is very limited.
It is therefore highly desirable to provide the security team with automated
means to prioritize the analysis of database activities.
research by Hagit provides algorithms to continuously improve and tune the
database monitoring policy while assessing the risk level associated with any database
activity. The algorithm uses machine learning techniques to identify critical
decision points where human security experts need to be engaged. Thus, the
algorithm promotes overall system security while assuring optimal usage of
security analysts’ time. The first part
of this research has been described in depth in two papers that were accepted
for publication at high quality scientific conferences.
“This research is important in that is helps
us examine the merit of applying cognitive computing methods to optimize the
trade-off between human effort and automated inspection of suspicious database
activities”, says Oded Sofer, Hagit’s research collaborator and Chief Product
Officer of the Guardium product group which sponsors this research.
The IBM PhD Fellowship Award program is a global and highly competitive one. Hundreds of
nominations from all over the world are reviewed annually by an independent IBM
team, and a handful of outstanding PhD-level researchers are selected and
recognized by IBM, based on the quality of their research.