CINTEL for Cybersecurity

Current approaches to AI integration in Security Operations Centres (SOCs) rely heavily on automation and augmentation, approaches with limitations hindering their effectiveness.  We move automation and augmentation towards human-AI teaming, fostering active collaboration that unlocks the true synergy between human expertise and AI capabilities.

The Challenge

Working in cybersecurity can be a stressful job for human workers as automated monitoring systems generate large numbers of alerts which require attention. Distinguishing and prioritising the most significant threats from large volumes of warnings can be an overwhelming task, and, in practice, human analysts often ignore much of what is presented to them by the artificially intelligent cybersecurity systems they work with. Even when humans use automated systems, human knowledge and intelligence is still required given the constantly changing nature of cybersecurity threats. There is, therefore, a need to better design these systems to improve the collaboration between human experts and artificially intelligent algorithms in order to identify novel threats and better prioritise responses to the various alerts that are constantly being generated.

Our Response

This project looks at how to make cybersecurity operations more effective by leveraging the strengths of both human security experts and AI systems. Instead of taking a human-in-the-loop approach to decision-making, it focusses on AI-in-the-loop to augment and improve human performance.

Impact

Cybersecurity is a vital issue for governments, organisations and individuals. So finding better ways to combine human and AI expertise will improve our ability to respond effectively to new and existing threats. The type of human-AI collaborative surveillance systems developed in this project can also inform many other domains which face similar problems, with human operators dealing with alerts from automated systems. Examples include the maritime surveillance https://research.csiro.au/cintel/projects/building-trust-and-adaptability-in-marine-surveillance-systems/ and astronomy anomaly detection https://research.csiro.au/cintel/projects/collaborative-data-cleaning-and-anomaly-detection-in-complex-control-systems/ projects within the CINTEL Future Science Platform.