CK Chen is a senior cybersecurity researcher at CyCraft Technology and is currently focused on machine learning, software vulnerabilities, malware analysis, cyberattack campaigns, attack techniques, and defense methods. CK received his Ph.D. from the National Chiao Tung University Cybernetics and Network Security Laboratory and is an active member of the international cybersecurity community. He has published technical articles in academic journals and seminars as well as participated in numerous large-scale security research projects in digital forensics, incident response, and malware analysis. He has also spoken at various domestic and international cybersecurity conferences, including Black Hat, HITCON, CHITB, RootCon, Code Blue, FIRST, and VXCON. In addition to his work at CyCraft, he also serves as an adjunct assistant professor at Soochow University, the chairman of the HITCON Review Committee, and is an active member of the cybersecurity community CHROOT.
Security incidents and the false-positive alerts generated by SEIM solutions have grown considerably over the last decade. In this talk, we take a deep dive into the technical aspects of designing and creating an effective AI-driven threat hunting system from the ground up. Automated threat hunting systems, such as our Fuchikoma, alleviate alert fatigue by automating the investigation process, alert triage, and auto-generating attack storylines, allowing SOC analysts to rapidly identify and focus on the more severe incidents, their root cause, auto-enriched contextual information of each step of the attack, and ultimately, eradication and remediation. Each step of our design process on Fuchikoma’s automated ML-driven threat hunting system will be broken down step-by-step and explained thoroughly in detail.