PRIN 2022
Cyber-attacks have become a severe threat for critical services in several domains, such as healthcare, manufacturing, telecom, energy, transportation, where the impact can be exceedingly high (e.g., in terms of service outages, private data breaches, intellectual property theft). Modern attacks are today very challenging, as they evolved into “Advanced Persistent Threats” (APTs). APT actors are typically cybercriminal or state-sponsored groups, which perform carefully-planned, stealthy attacks that span over a long period of time. A well-known example is the Stuxnet attack, which has been sabotaging Iran’s nuclear centrifuges since 2005, and was uncovered in 2010.
Unfortunately, the APT threat landscape is continuously evolving, as attackers develop new tactics and techniques. This trend puts both researchers and organizations at disadvantage, since it is difficult for them to stay up-to-date with emerging APT attacks. Moreover, most organizations are unwilling to share data about attacks they have experienced, because of concerns about disclosing sensitive data. This is a huge opportunity loss, both for the scientific community and for the organizations themselves: scientists are unable to assess new countermeasures on real-world attacks, which hinders scientific progress; organizations are unable to timely update their attack detectors against emerging APT campaigns.
To address this problem, FLEGREA aims to develop a new approach for automatically generating new representative datasets of APT attacks, without forcing organizations to disclose their sensitive information. Specifically, the approach will apply a Federated Learning paradigm, making attacked organizations pro-active contributors of a global Generative ML model, without sharing any private raw data. This paradigm will be applied to train a Generative ML model, which will generate new traces of network and host events representative of real APT attacks. Moreover, a blockchain-based approach will be applied for Federated Learning, in order to overcome the typical shortcomings of a centralized approach, such as single-point-failure, malicious clients, and false data. The generated datasets can be leveraged for training and assessing APT detectors based on AI, and for emulating attacks in live cybersecurity exercises (“cyber ranges”).
Start date: 28/09/2023 End date: 28/09/2025
Università di Firenze Università di Salerno