1st KDD Workshop on AI-enabled Cybersecurity Analytics

Call for Papers and Submission Guidelines

The irreversible dependence on computing technology has paved the way for cybersecurity’s rapid emergence as one of modern society’s grand challenges. To combat the ever-evolving, highly-dynamic threat landscape numerous academics and industry professionals are systematically searching through billions of log files, social media platforms (e.g., Dark Web), malware files, and other data sources to preemptively identify, mitigate, and remediate emerging threats and key threat actors. Artificial Intelligence (AI)-enabled analytics has started to play a pivotal role in sifting through large quantities of these heterogeneous cybersecurity data to execute fundamental cybersecurity tasks such as asset management, vulnerability prioritization, threat forecasting, and controls allocations. However, the volume, veracity, and variety of cybersecurity data sharply contrasts with conventional data sources. Moreover, industry and academic AI-enabled cybersecurity analytics are often siloed. To this end, this workshop aims to being to gather academic and practitioners to share, disseminate, and communicate completed research papers, work in progress, and review articles pertaining to AI-enabled cybersecurity analytics. Areas of interest include, but are not limited to:

Static and/or dynamic malware analysis and evasion
IP reputation services (e.g., blacklisting)
Anomaly and outlier detection
Phishing detection (e.g., email, website, etc.)
Dark Web analytics (e.g., multi-lingual threat detection, key threat actor identification)
Spam detection
Large-scale and smart vulnerability assessment
Real-time threat detection and categorization
Real-time alert correlation for usable security
Weakly supervised and continual learning for intrusion detection
Adversarial attacks to automated cyber defense
Automated vulnerability remediation
Internet of Things (IoT) analysis (e.g., fingerprinting, measurements, network telescopes)
Misinformation and disinformation
Deep packet inspection
Automated mapping of threats to cybersecurity risk management frameworks

Each manuscript must clearly articulate their data (e.g., key metadata, statistical properties, etc.), analytical procedures (e.g., representations, algorithm details, etc.), and evaluation set up and results (e.g., performance metrics, statistical tests, case studies, etc.). Providing these details will help reviewers better assess the novelty, technical quality, and potential impact. Making data, code, and processes publicly available to facilitate scientific reproducibility is not required. However, it is strongly encouraged, as it can help facilitate a culture of data/code sharing in this quickly developing discipline.

All submissions must be in PDF format and formatted according to the new Standard ACM Conference Proceedings Template. Submissions are limited to a 4-page initial submission, excluding references or supplementary materials. Upon acceptance, the authors are allowed to include an additional page (5-page total) for that camera ready version that accounts for reviewer comments. Authors should use supplementary material only for minor details that do not fit in the 4 pages, but enhance the scientific reproducibility of the work (e.g., model parameters). Since all reviews are double-blind, and author names and affiliations should NOT be listed. For accepted papers, at least one author must attend the workshop to present the work. Based on the reviews received, accepted papers will be designated as a contributed talk (four total, 15 minutes each), or as a poster. All accepted papers will be posted on the workshop website (will not appear in proceedings per ACM KDD Workshop regulations).

Program Agenda

This workshop will be held on 8/15 at 11 PM – 3 AM Singapore time. An agenda for the workshop is as follows (all times Singapore):

11:00 PM – 11:15 PM – Workshop Introduction from Co-Chairs (Workshop Summary)
11:15 PM – 12:15 AM – Keynote Address (Max Lewis, Senior Cybersecurity Engineer at IBM)
12:15 AM – 1:45 AM – Full Paper Sessions (15 minute presentations with five minute Q&A time for each presentation)
1:45 AM – 2:00 AM – Break
2:00 AM – 2:30 AM – Poster Sessions (5 minutes with 2 minutes of Q&A for each poster)
2:30 AM – 3:00 AM – Workshop Discussion and Wrap-Up from Workshop Chairs

Keynote Speaker

Keynote Title (Slides available upon request): QRadar Security Intelligence with AI and ML

Max Lewis is a Cybersecurity Engineer at IBM. In his role, he helps government and public sector clients design and implement robust security systems to detect and manage cyber threats leveraging traditional analytics, machine learning and artificial intelligence. Prior to joining IBM in 2018, Max worked as a SOC Analyst at Syracuse University as he earned his MS in Information Management from SU.

Accepted Full Papers (listed alphabetically based on last name of first authors)

Political News Propagation Headline Matching: A Deep Learning-Based Short Text Matching Approach; Zara Ahmad-Post, Sagar Samtani, Hongyi Zhu and Susan Brown. (Paper, Slides, Video)
Linking Common Vulnerabilities and Exposures to the MITRE ATT&CK Framework: A Self-Distillation Approach; Benjamin Ampel, Sagar Samtani, Steven Ullman and Hsinchun Chen. (Paper, Slides, Video)
CatBERT: Context-Aware Tiny BERT for Detecting Targeted Social Engineering Emails; Younghoo Lee, Joshua Saxe and Richard Harang. (Paper, Slides, Video)
SAGE: Intrusion Alert-driven Attack Graph Extractor; Azqa Nadeem, Sicco Verwer, Stephen Moskal and Shanchieh Jay Yang. (Paper, Slides, Video)
University Data Can Fuel AI/ML Cybersecurity Research: A Vision with an OmniSOC Proofpoint; Von Welch, Ryan Kiser and Brad Wheeler. (Paper, Slides, Video)
Argumentatively Phony? Detecting Misinformation via Argument Mining; Muheng Yan, Yu-Ru Lin and Diane Litman. (Paper, Slides, Video)

Accepted Posters (listed alphabetically based on last name of first authors)

An Anatomy of Tweets Around COVID-19 Conspiracies; Hamad Alsaleh and Lina Zhou. (Slides, Video)
Using a Collated Cybersecurity Dataset for Machine Learning and Artificial Intelligence; Erik Hemberg and Unamay Oreilly. (Slides, Video)
Alert Correlation Mining From Temporal Attack Behaviors; Gordon Werner and Shanchieh Yang. (Slides, Video)

Key Dates

All deadlines are at 11:59PM Pacific Daylight Time.

Workshop paper submissions: May 10, 2021
Workshop paper notification: June 10, 2021
Conference Dates: August 14-18, 2021
Workshop Dates: August 14-18, 2021

Submission Site

Submission Site: Easy Chair Submission

Workshop Co-Chairs

Dr. Sagar Samtani
Indiana University

Dr. Jay Yang
Rochester Institute of Technology

Dr. Hsinchun Chen
University of Arizona

Program Committee

Benjamin Ampel, University of Arizona
Dr. Hyrum Anderson, Microsoft
Dr. Victor Benjamin, Arizona State University
Dr. Elias Bou-Harb, University of Texas, San Antonio
Dr. Yidong Chai, Tsinghua University
Dr. Sriram Chelleppan, University of South Florida
Dr. Sven Krasser, CrowdStrike
Dr. Weifeng Li, University of Georgia
Dr. Yunji Liang, Northwestern Polytechnical University
Dr. Xiaojing Liao, Indiana University Bloomington
Dr. Sudip Mittal, University of North Carolina, Wilmington
Dr. Edward Raff, Booz Allen Hamilton
Dr. Ethan Rudd, FireEye
Dr. Ankit Shah, University of South Florida
Steven Ullman, University of Arizona
Dr. Ziming Zhao, University of Buffalo
Dr. Lina Zhou, University of North Carolina, Charlotte
Dr. Hongyi Zhu, University of Texas, San Antonio

1^st KDD Workshop on
AI-enabled Cybersecurity Analytics

August 14-18, 2021 — Singapore (Virtual)