The cyber security group conducts practical research that advances the state of the art of cyber security technology and generates practical impacts, in particular on improving the security practice of important stakeholders of the nation, technology transfer and commercialization. Collaborating with government ministries and industrial partners, the cyber security group currently carries on a suite of data-driven projects, including enterprise log analytics for intrusion detection and threat hunting, Internet threat intelligence, blockchain security and AI security and privacy. Starting from 2017, QCRI has been designated as the key organization to establish the National Cyber Security Research Lab (NCSRL), which is a consortium of multiple ministries. NCSRL is tasked to empower the National Committee on Information Security (NCIS) with innovative technology that protects Qatar’s digital borders. The cyber security group thus also undertakes efforts to help the establishment of NCSRL, especially its infrastructure/system design and deployment.
Research Projects
Enterprise Log Security Analytics
Leveraging the enterprise logs shared by one of the key national stakeholders, the cyber security group develops ML solutions that integrate information from multiple logs (application logs, system logs, network logs) to detect compromised user accounts.
Blockchain Security
This project develops techniques and systems to analyze cryptocurrency transactions and smart contracts to identify vulnerabilities and abnormal transaction patterns, with a particular focus on the types of analysis that helps e-crime investigation.
National Cyber Security Research Lab (NCSRL)
NCSRL is the backbone for QCRI’s collaboration with government agencies and stakeholders to build and tailor cyber security solutions for the nation.
Threat Hunting and Threat Knowledge Acquisition
Advancing threat-hunting and threat knowledge acquisition capabilities. Our research currently aims at achieving two specific goals.
Internet Cyber Threat Intelligence
Malicious domains, URLs and IPs are one of the major platforms for attackers to launch cyber attacks. The cyber security group has established a long-lasting effort to accurately and scalably detect and predict malicious Internet entities.
AI Security and Privacy
For AI security, the current focus is on detecting either manipulated machine learning models (e.g., those with Trojan backdoors) or malicious input samples (e.g., those with backdoor triggers or perturbed to mislead classifiers).
Digital Forensics
This project aimed at developing new attribution and data recovery capabilities to advance the knowledge and practice of digital forensics.