AI-driven Attack Graphs for Threat Modelling (ANTHEM)
Funded by DCMS, managed by Innovate UK
Project summary: The vision for this project is to alleviate cyber threat analysts from the arduous tasks of prioritising cyber threats. Promptly prioritising cyber threats by defining critical cyber-assets and mitigation actions would save firms millions of pounds over time.
The main area of focus is the development of an autonomous threat modelling tool that facilitates key stakeholders to identify and address threats rooted in software applications and the underlying network infrastructure. Current industry approaches for threat modelling are heavily dependent on manual processes.
Our project will leverage a novel A.I. driven approach to automate the process of threat modelling, thus alleviating threat analysts from such arduous processes.
The technical objective would be to augment state-of-the-art reinforcement learning approaches by incorporating in the model multiple contextual sources describing the:
i) asset susceptibility
ii) efficacy of mitigation actions and
iii) impact of threat on the environment’s business operation.
Intelligent Asset Parameterisation for Risk-based Moving Target Defence
Funded by: DASA programme Autonomous Resilient Cyber Defence – Intelligent Agents
Project summary: The project will build on the asymmetry between offensive and defensive operations, the complexity of threat sources in cyber-physical systems, and multistage segmental intrusions. Moving Target Defence (MTD) techniques have been recently proposed to reduce the limitations related to the stationarity of security controls and the cost of defence configuration.
We propose a security risk-oriented asset re-parameterisation system that leverages machine intelligence to optimise MTD at runtime and address these limitations. The system utilises distributed intelligent agents to capture cyber observables and measure threat exposure and the efficacy of deployed controls coupled with Machine Learning techniques in the assets’ re-parameterisation process.
The project will involve a mixture of research, design, security engineering, and software development. The technical work will need to be effectively discussed with and communicated to our University of Warwick partners.
Digital technologies for enabling predictive analytics in Smart Cities
Industry research project funded by Ectivise
Project summary: The project aims to transform the current reactive maintenance Business Management Systems (BMSs) to a new type that is oriented towards predictive maintenance. The research output will predict the behaviour of Internet of Things end-devices that are controlled and managed by the BMS and in that respect, assure the desired service levels with minimal costs. The research is challenging as it requires real-time analysis of large amounts of distributed data, in order to generate profiles of ‘normal’ or expected behaviour and identify outliers.
BusMONITOR: Monitoring Operationally Needed Information Through Onboard Resources
Funded by Innovate UK (KTP)
Project summary: In partnership with Vectare, the project aims to create a sophisticated data monitoring, aggregation and analysis solution for the bus market, able to operate at large scales. The value is that operators will now know exactly what journeys each passenger makes and have a real-time appreciation of everything; from the exact numbers of sitting and standing passengers, to indoor temperature, dwell times at stops, and delays due to congestion based on credible, measurable evidence. Our vision is for Bus MONITOR to play a key role in reversing the trend of patronage decline by providing accurate and detailed data to support decision making.
Cyber Security Challenges for Internet of Things and Core Networks
Funded by British Council, Institutional Links
Project summary: As the threat of data breaches increases, detecting wireless/wired network and malware attacks becomes increasingly important. The project leverages data fusion, stochastic sequence learning, classification and clustering machine learning techniques and statistical approaches to address cyber security challenges in wireless and wired networks. To this end, specialised software is used to collect and store data in our high-performance servers, which we access locally or remotely to evaluate the performance of our developed algorithms.
Our Aim
Cybersecurity is an integral element of computer communication networks. Since the explosion of Internet of Things and the adoption of contemporary computer communication protocols into emerging technological domains (e.g. autonomous vehicles, Industry 4.0), there is an expectation that built-in security is present throughout the whole system, architecture and design. In collaboration with the King Saud University in Saudi Arabia, this project aims to:
1. develop lightweight unsupervised machine learning algorithms for network traffic anomaly detection
2. use stochastic processes to model the sequential occurrence of individual stages of complex, multi-stage attack campaigns
3. use signal processing techniques, exploiting network traffic dynamics manifested within the control and data planes, to identify network faults and anomalies
4. address the issue of imbalanced ratios between benign and malicious software by using convolutional neural network (CNN) classification
Governmental bodies, organisations and individuals are all invested in secure and resilient communication devices and networks. Therefore, efforts for a more secure cyber environment will further support and
enhance the global digital economy.
Our Outcomes:
We have developed lightweight Intrusion Detection Systems that identify anomalies in the network traffic such as: Rogue Access Points, Port scanning, Man-in-the-Middle attacks in WiFi. In addition, our signal processing techniques identify Denial-of-Service attacks, which we have demonstrated using network traffic datasets from a real University campus. Finally, our work with CNN will provide better techniques on training against skewed datasets to successfully identify mutating malware software.
Our publications can be publicly accessed from Loughborough University’s repository.