Talk 1: Diversity in Network Intrusion Detection Systems for Mitigating Adversarial Attacks
Abstract: Mission-critical Cyber-Physical Systems (MC-CPSs) such as public transportation, radar, and autonomous aircraft have been frequent targets of sophisticated cyber-attacks. Some systems are responsible for meeting the demand of a city or even an entire country. A failure in a MC-CPS can have serious consequences, causing financial or environmental damage or even fatal accidents. This work proposes a distributed network intrusion detection system (NIDS) architecture based on machine learning (ML) to contribute to MC-CPSs’security. The architecture explores the possibility of using multiple forms of diversity to mitigate adversarial attacks, including traditional cyber-attacks targeting the system and adversarial machine learning (AML) attacks targeting the NIDS itself. The work will be evaluated empirically using data sets from representative CPS applications. Experiments will be designed to validate the different forms of diversity that will be developed and implemented. The idea is to quantify their impact on mitigating adversarial, in contrast with baseline approaches that do not exploit diversity.
Short Bio: Allan Espindola is a Ph.D. candidate in Computer science under the supervision of professors António Casimiro and Pedro Ferreira. He attends to the ADMORPH project, working with dependable network monitoring.
Talk 2: ML-based Open Source Cyber Threat Intelligence(CTI)
Abstract: Cybersecurity specialists have the goal of publicly sharing their knowledge about cyber threats and the risks they generate for their organizations. This kind of information is referred to as Cyber Threat Intelligence (CTI). Researchers have contributed to the development of models for extracting cyber threat information from text sources. Almost all existing models have been built for specific combinations of data sources and problems, so they do not work properly for other tasks. This research study is firstly focused on proposing a classification model that can be used in general to recognize cybersecurity-related text. Texts and documents are unstructured data, so they need to be converted into a structured feature space using language models known as word embedding models. Pre-trained models have proven effective for a variety of general-purpose Natural Language Processing (NLP) applications. However, when it comes to domain-specific tasks such as cybersecurity, there are inherent limitations. So, Secondly, we will concentrate on improving the performance of current embedding models, when applied in the cybersecurity context, to achieve better results. Furthermore, adversarial attacks on neural networks have recently been developed and become more aggressive and dangerous. Our classification model is expected to be robust against adversarial attacks. Thus, the final stage of the work is to investigate text-based attacks and defenses to improve the robustness and resilience against adversarial attacks in CTI applications.
Short Bio: Samaneh Shafee is a PhD student at the Department of Informatics of the Faculty of Sciences of the University of Lisbon. Her interests are cybersecurity in general and cybersecurity language models to support machine learning-based cyberthreat intelligence. She is working under supervision of Professors Pedro M.Ferreira and Alysson Bessani.