Research database

ACRE (AI-Based Causality and Reasoning for Deceptive Assets) will reinforce the resilience of cybersecurity defence mechanisms against advanced persistent threats. The goal is to provide cyber threat analysts with actionable intelligence to understand and investigate malicious activities targeting complex environments such as complex network infrastructures and distributed systems that support services essential to our society. The current threat landscape, adversarial ecosystem, and expansion of the attack surface link to an environment of staggering complexity where cyber threats affect the entire fabric of our interconnected world. Optimising for the known threats only is not enough: we need to build resilient systems that adapt to new types of complex attacks quickly. Machine Learning and Artificial Intelligence (AI) algorithms enable new methodologies to extract knowledge and actionable intelligence from large streams of services and networking devices logs (TECHINT). ACRE will advance the state-of-the-art in cyber threat intelligence analysis—from data collection to causal hypotheses generation—to provide active defence against novel—yet unknown—threats, in order to reinforce the resilience of cybersecurity active defence mechanisms in Italy and Europe. Our aims are: 1. to understand how to gather contextual evidence for supporting security analysts in their cyber threat situational understanding; 2. to advance robust and trustworthy capabilities for cyber threat situational understanding; 3. to assist security analysts in uncovering novel threats quickly. The concrete objectives of ACRE are: 1. to mature the representation of heterogeneous data collected by security sensors distributed across the network for identifying groups of attacks with similar patterns in order to understand how to gather contextual evidence for supporting security analysts in their cyber threat situational understanding; 2. to investigate efficient uncertainty-aware causal learning and reasoning over large bandwidth data streams in order to advance robust and trustworthy capabilities for cyber threat situational understanding; 3. to enable state-of-the-art security monitoring infrastructures to evolve autonomously for maximising data collections of unknown attack patterns in order to assist security analysts in uncovering novel threats quickly. ACRE will advance the state-of-the-art in representation learning and reasoning over complex streams of TECHINT. Moreover, it will also improve current active defence solutions by proposing the concept of autonomous defence that employs both smart honeypots and reinforcement learning.