Frontiers of Data and Domputing ›› 2021, Vol. 3 ›› Issue (3): 32-47.doi: 10.11871/jfdc.issn.2096-742X.2021.03.004

• Special Issue: Communication and Security of Network • Previous Articles     Next Articles

An Intelligent Security Operation Technology System Framework AISecOps

ZHANG Runzi1,2,*(),LIU Wenmao1,*()   

  1. 1. NSFOCUS Information Technology Co., Ltd., Beijing 100089, China
    2. Department of Automation, Tsinghua University, Beijing 100084, China
  • Received:2021-03-08 Online:2021-06-20 Published:2021-07-09
  • Contact: ZHANG Runzi,LIU Wenmao E-mail:runzi_zhang@163.com;liuwenmao@nsfocus.com

Abstract:

[Objective] Based on the practice of AI-driven security and data-driven threat hunting technologies and targeting at the automation and intelligence pursuing for security operations (SecOps), this paper summarizes the evolution of SecOps processes and aims at offering a systematic methodology for technology development in this domain.[Methods] We propose the system framework for AISecOps (AI-driven Security operations) technologies from multi-level perspectives, such as core concepts, evaluation metrics, data categories, system architectures, maturity levels, classification for advanced technologies and so on. [Results] AISecOps fits to the adversarial environment in cyberspace and is responsible for key indicators and critical procedures in SecOps. Behavioral, environmental, intelligence, and knowledge data are fused with human-machine intelligent interfaces, contributing to the promotion of SecOps automation levels.[Conclusions] AISecOps technologies are far from mature at present. Trustworthy security intelligence with outstanding prediction performance, interpretability, robust and compliance properties is the ultimate goal to seek in the SecOps automation process.

Key words: AISecOps, AI-driven security, explainable artificial intelligence, threat hunting