Martin Husák

Masaryk University, Czech Republic
Man in a brown tshirt
© Martin Husak
Theory and Practice of Cybersecurity Knowledge Graphs and Further Steps

Martin Husák 01/01

RNDr. Martin Husák, Ph.D. is a researcher at the Institute of Computer Science at Masaryk University, a member of the university's security team (CSIRT-MU). He was also a visiting researcher at The University of Texas at San Antonio, USA and Florida Atlantic University, USA. His research interests are related to cyber situational awareness and incident response with a special focus on the incident triage and application of graph-based data analytics and recommender systems. He was leading the development of the CRUSOE toolset that aims at supporting cyber situational awareness in computer networks by collecting and aggregating data on the hosts and using them for decision support in incident handling. He is now enhancing the CRUSOE toolset in follow-up research projects and exploring its capability as a knowledge graph of a computer network.

Theory and Practice of Cybersecurity Knowledge Graphs and Further Steps

The keynote surveys the growing adoption of knowledge graphs in cybersecurity and explores their potential in cybersecurity research and practice. By structuring and interlinking vast amounts of cybersecurity data, knowledge graphs offer increasing capabilities for incident response and cyber situational awareness. They enable a holistic view of the protected cyber infrastructures and threat landscapes, facilitating advanced analytics, automated reasoning, vulnerability management, and attack mitigation. We expect the cybersecurity knowledge graphs to assist incident handlers in day-to-day cybersecurity operations as well as strategic network security management. We may see emerging tools for decision support based on knowledge graphs that will leverage continuous data collection. A knowledge graph filled with the right data at the right time can significantly reduce the workload of incident handlers. We may even see rapid changes in incident handling tools and workflows leveraging the knowledge graphs, especially when combined with emerging technologies of generative AI and large language models that will facilitate interactions with the knowledge bases or generate reports of security situations. However, the implementation of cybersecurity knowledge graphs is challenging. Ensuring the quality of the underlying data is a serious concern for researchers and practitioners. Only accurate, complete, and updated data can ensure the reliability of the knowledge graph, leading to good insights and decisions. Additionally, the dynamic nature of cyber threats necessitates continuous data updates and rigorous validation processes.


The 5th International Workshop on Graph-based Approaches for CyberSecurity
Submit your paper here!
Your academic contribution for ARES 2024.