Newly Built QCRI Platform to Defend Against Security Threats
HBKU’s Qatar Computing Research Institute collaborates with Qatari and Turkish partners to develop actionable cyber threat intelligence platform
Scientists at Hamad Bin Khalifa University’s Qatar Computing Research Institute (QCRI), in partnership with Qatari stakeholders and Turkish partners, have successfully built a cyber security defense platform named ‘WARNING’ for predicting and detecting security threats against enterprises and critical infrastructures.
The new platform is an outcome of a three-year project between QCRI, Qatar’s Ministry of Interior, the Supreme Committee for Delivery and Legacy, and Turkey’s TOBB University of Economics and Technology, Kadir Has University, and INTERPROBE, a cyber intelligence and cyber defense company. It was jointly funded by a $1.65m grant from Qatar National Research Fund (QNRF) and the Scientific and Technological Research Council of Turkey (TUBITAK).
Dr. Issa Khalil, a principal scientist at QCRI who is leading the project, said: “In today’s cyber landscape, threat intelligence on digital assets is more important than ever as society is increasingly dependent on information technology. Cyberattacks are on the rise, not only to disrupt the daily activities of civilians but also to cause irreparable damage to critical infrastructures and systems. Nations that have cyber threat intelligence capabilities are better positioned to prevent and detect catastrophic attacks on their critical infrastructures and enterprises.
“WARNING is user-friendly and produces high-quality intelligence about existing and novel cyber security threats. The platform is designed to be scalable and to efficiently process and correlate public data feeds and enterprise logs to produce actionable intelligence in an efficient and timely manner.”
The platform is powered by novel artificial intelligence (AI) technologies developed by the team and includes technology that can detect phishing domains as early as possible. Phishing domains are one of the main methods used by attackers to distribute malicious content to users to steal their credentials, data, and assets.
WARNING is also able to detect malware, which is the key means for attackers to compromise user accounts and hijack their systems, and also has the technology for the detection of malicious enterprise network traffic. This technology helps to accurately identify insider attackers by carefully profiling normal versus abnormal traffic patterns.
"WARNING aims to block phishing attacks, detect malicious software as a second security step, and trace malware within network logs as the final resort,” said an INTERPROBE spokesman.
“The project brings together local and international forces from academia and industry to advance state-of-the-art security research and operations. The rich mix of high-quality research and the collaborative efforts of the project team have produced outstanding outcomes including two American patent disclosures and six publications. Our efforts have also produced a unified interface that integrates four backend services that include Internet-facing IP scanning, detection/prediction of malicious domains, malware detection, and domain monitor for brand protection,” said Dr. Khalil.