Concordia and Hitachi Cyber develop AI-powered solution to revolutionize cybersecurity threat investigations

January 20, 2025

|

By Vincent Allaire

The rapid growth of cybersecurity threats is creating new challenges across the cyber infrastructure of industrial corporations and governmental organizations. A collaborative research project between Concordia's Gina Cody School of Engineering and Computer Science and Hitachi Cyber* aims to tackle a critical issue: How can security analysts effectively identify and prioritize threats amid an overwhelming influx of events and alerts in modern Security Operation Centres (SOCs)?

At the core of this research is a generative artificial intelligence (AI) technology designed to assist SOC analysts with automated investigations of security events and incidents. SOC teams are responsible for monitoring and responding to security threats within enterprise units and organizations. Modern computer systems and networks present a vast and vulnerable attack surface, generating unprecedented data to track adversarial activities. This overwhelming influx has already stretched SOC teams to their limits.

Furthermore, cybersecurity operations are becoming more complex and dynamic, while threat actors continuously change their techniques, tactics and procedures to evade existing defences. As a result, distinguishing between benign and malicious behaviours has become more difficult. This leads to a surge in alerts, many of which are false positives - incorrect signals indicating a threat.

This flood of alerts contributes to alert fatigue, where analysts become distracted and exhausted, risking the oversight of real threats.

"Security analysts often spend more than 80 per cent of their time sorting through false positives - the vast majority of all alerts - and gathering information from external sources," says Michel-Ange Zamor, vice president of technology innovation and technical support at Hitachi Cyber.

"Our AI technology, developed in partnership with Gina Cody School researchers, will automate much of this process, reducing the time needed to investigate alerts and improving accuracy," he explains.

"Enhancing SOC efficiency will also drive client satisfaction by enabling faster threat response, improving detection accuracy and delivering more effective investigations that streamline client validation. Additionally, by minimizing time spent searching for information, we'll reduce the risk of service-level agreements (SLA) violations and improve mean-time-to-detect performance."

This AI-based cybersecurity technology draws on extensive security telemetry from various sources and external knowledge bases built by cybersecurity experts to automatically enrich alerts with additional decision support like vulnerability scores, fact checks and context-aware summaries.

This streamlined process can help SOC analysts reduce their workload significantly, allowing them to quickly focus on the most critical threats without being distracted or exhausted by false positives.

From left: Dhiaa Elhak Rebbah, Afshin Ebtia, Basant Singh, Shinichi Sasaki, Michel-Ange Zamor, Mourad Debbabi.

Improved security and business performance

"This research partnership between Concordia and Hitachi Cyber exemplifies the role that academia and industry can play together in advancing cybersecurity solutions," explains Mourad Debbabi, who supervises this research project. Debbabi is the director of Concordia's Security Research Centre (SRC) and holds the Concordia Hydro-Québec Hitachi Partnership Research Chair in Smart Grid Security.

"The goal is to create a more resilient digital infrastructure, where AI can help automate incident response to mitigate threats faster and more effectively."

"By automating cybersecurity operations and improving the accuracy of threat investigations, we're not just enhancing SOC team efficiency - we're also having a positive effect on business performance and client experience," says Shinichi Sasaki, vice president of service strategy at Hitachi Cyber.

"Faster investigation times and fewer false positives mean cost savings and better compliance with SLA, ultimately improving profitability for our clients."

The collaboration between Hitachi Cyber and Concordia also connects to larger research efforts under the Concordia Research Partnership Chair in Smart Grid Security supported by Hydro-Quebec, Hitachi, the Natural Sciences and Engineering Research Council of Canada and PROMPT. The chair focuses on addressing emerging cybersecurity challenges of the smart grid domains, from generation and transmission to distribution systems.

Among other research themes, the chair emphasizes designing and implementing effective AI solutions capable of protecting critical infrastructures and particularly operational technologies against various threat actors. Unlike common AI solutions targeting consumer applications, the chair is developing AI technologies tailored to the requirements and risks in mission-critical systems like power grids.

This partnership also aims to enhance SOC operations through the automated hunting of cyber threats targeting both information- and operational technologies. It will also integrate and invent new technologies like digital twins, which simulate interoperating real-world systems in a high-fidelity synthetic and hardware-in-the-loop environment - like a sandbox - for both systematic testing and proactive defences in various what-if scenarios.

The research team, comprising seven professors from the Gina Cody School and eight doctoral students, is dedicated to developing and transferring cutting-edge technologies to industry. These include generative AI-assisted security monitoring tools; advanced threat-hunting solutions; and verifiable credentials to enhance the authentication and authorization of Industrial Internet of Things (IIoT) devices, also known as intelligent electronic devices.

The innovations aim to bolster the preparedness and resilience of critical infrastructure sectors against cyber threats, ensuring a robust defence during the ongoing digital transformation.

"Looking ahead, this AI technology will evolve to not only prevent, detect and predict cyberattacks but also respond to the underlying incidents," Debbabi adds. "The goal is to integrate feedback from SOC analysts into the technology's learning process, making it increasingly effective at identifying real threats in real-time."

*Hitachi Cyber is the service name for Hitachi Systems Security Inc.

Learn more about cybersecurity at Concordia.