MENU

Resilient Computing Lab

Flegrea - Federated Learning for Generative Emulation of Advanced Persistent Threats

Cyber-attacks have become a severe threat for critical services in several domains, such as healthcare, manufacturing, telecom, energy, transportation, where the impact can be exceedingly high (e.g., in terms of service outages, private data breaches, intellectual property theft). Modern attacks are today very challenging, as they evolved into "Advanced Persistent Threats" (APTs). APT actors are typically cybercriminal or state-sponsored groups, which perform carefully-planned, stealthy attacks that span over a long period of time. A well-known example is the Stuxnet attack, which has been sabotaging Iran's nuclear centrifuges since 2005, and was uncovered in 2010.

Unfortunately, the APT threat landscape is continuously evolving, as attackers develop new tactics and techniques. This trend puts both researchers and organizations at disadvantage, since it is difficult for them  to stay up-to-date with emerging APT attacks. Moreover, most organizations are unwilling to share data about attacks they have experienced, because of concerns about disclosing sensitive data. This is a huge opportunity loss, both for the scientific community and for the organizations themselves: scientists are unable to assess new countermeasures on real-world attacks, which hinders scientific progress;  organizations are unable to timely update their attack detectors against emerging APT campaigns.

To address this problem, FLEGREA aims to develop a new approach for automatically generating new representative datasets of APT attacks, without forcing organizations to disclose their sensitive information. Specifically, the approach will apply a Federated Learning paradigm, making attacked organizations pro-active contributors of a global Generative ML model, without sharing any private raw data. This paradigm will be applied to train a Generative ML model, which will generate new traces of network and host events representative of real APT attacks. Moreover, a blockchain-based approach will be applied for Federated Learning, in order to overcome the typical shortcomings of a centralized approach, such as single-point-failure, malicious clients, and false data. Finally, the generated datasets will be leveraged for (i) training and assessing APT detectors based on AI, and (ii) emulating attacks in live cybersecurity exercises ("cyber ranges"). The research will be guided by a case study on an Industrial Control System, in order to investigate APT attacks in the context of a complex, highly-critical cyber-infrastructure, and will engage with companies to demonstrate the federated learning scheme.

Cookie

I cookie di questo sito servono al suo corretto funzionamento e non raccolgono alcuna tua informazione personale. Se navighi su di esso accetti la loro presenza.  Maggiori informazioni