Friday 6 October 10:00 - 10:30, Red room
Bomin Choi, Juhyuk Kim & Hoseok Ryu (KISA - Korean Internet & Security Agency)
KISA (Korea Internet & Security Agency) is a government organization in South Korea responsible for promoting the internet, information security, and international cooperation in these fields. In particular, it operates a Cyber Security Big Data Center, which mainly collects cyber threat data and shares it with the private sector. It also processes and analyses the collected threat data to build AI datasets, which are made available to promote the intelligence of the response to security breaches.
Since 2021, our Big Data Center has been conducting a large-scale project to build an AI dataset for cybersecurity in collaboration with relevant companies. The project involved the construction of a dataset of more than 1 billion pieces of data (raw data and metadata) related to malware and logs of cyber attack incidents, not simply labelling normal and malicious data but labelling various social issues (such as the Russia-Ukraine war, the COVID-19 pandemic and Bitcoin), malware family, attack groups, and related campaign information.
The aim is to utilize the dataset we have created to enable AI models to learn various real-world problems, and in addition to clearly identify complex cyber attack situations in the real world that were previously difficult for humans to interpret, and generate the necessary information for threat response decision making by security personnel. Therefore, our approach will be to create a more comprehensive AI dataset that can provide more nuanced interpretations of the machine's findings.
KISA plans to publicly share various AI models and training datasets created using the constructed dataset. We also plan to supply the constructed dataset to various IT service companies and institutions in Korea and abroad to verify their effectiveness, collect various case studies of their usage, and distribute them to the private sector to promote the more active use of cybersecurity datasets and contribute to creating a safer digital environment.
Through this presentation, we would like to share our experiences and know-how regarding the challenges we faced while developing a cybersecurity AI dataset. Furthermore, we propose this presentation as an opportunity to establish a safe society through collaboration with global related companies and organizations as data-based solutions, as cybersecurity is closely linked to various social issues in the real world beyond the digital realm.
Bomin Choi is a researcher in the Cyber Security Big Data Center at KISA (Korea Internet & Security Agency). She has studied data science such as artificial intelligence, big data, etc. for effective cyber threat response for the last 10 years, and is also interested in the research and development of malware profiling, and CTI. Since 2021 she has been responsible for the project to build the cybersecurity AI-dataset using malwares, IoCs, etc., and she has the ambitious goal of making it the best global dataset.
Juhyuk Kim has a Master's degree in computer science & engineering and a Bechelor's degree in software from the Gachon University in Korea. He has been working as a researcher at KISA (Korea Internet & Security Agency) for ten years and has gained experience in the field of cybersecurity. Currently, he is conducting research on building datasets in the field of cybersecurity. He is very interested in fields such as malicious code analysis, security monitoring, and attack group profiling.
Hoseok majored in information security at university and computer science in graduate school. He joined KISA (Korea Internet & Security Agency) in 2015, and worked on various security vulnerabilities such as IoT security vulnerabilities, smart cars, and smart cities. He built an AI vulnerability dataset with an interest in AI security.