Machine Learning, Robust Optimisation, and Verification: Creating Synergistic Capabilities in Cybersecurity Research

机器学习、稳健优化和验证：在网络安全研究中创建协同能力

• 批准号: EP/N020030/1
• 负责人: Michael Huth
• 金额: $ 25.76万
• 依托单位: Imperial College London
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2016
• 资助国家: 英国
• 起止时间: 2016 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FN020030%2F1
• 关键词: Machine; Learning; Robust; Optimisation; Verification

The need for better support to deal with the threats of cybersecurity is undisputed. Organisations are faced with an ever growing number of malware and integrated malware attack tools, attempted attacks on infrastructure and services, an increasing number of insider attacks, and advanced persistent threats for high-priced assets. Dealing with such threats requires that organisations have ICT staff that is at least familiar with cybersecurity issues and preferably has actual skills in cybersecurity regardless of the role of such staff. Likewise, management and decision makers need to be aware of cybersecurity issues and reflect these in their actions. Large organisations often have a Chief Information Security Officer (CISO) who deals with the operational and strategic issues of cybersecurity for his or her organisation. But SMEs typically cannot afford a role with such oversight on cybersecurity, which makes them especially vulnerable.The scale and diversity of cybersecurity issues that an organisation faces means it cannot possibly consider each single vulnerability of its systems against each credible or potential adversary whose presence would turn a vulnerability into an actual threat. A CISO or decision maker, though, needs to have a fairly abstract view of all this complexity where the choice of abstraction is not driven by technical aspects but by modalities such as risk, compliance, availability of service, and strategy. This view often has to take into account the cybersecurity of external or partner organisations, which is problematic as organisations are reluctant to share such sensitive information. Therefore, a CISO or decision maker needs a representation of relevant internal or external systems and services that allows him or her to make decisions of either operational or strategic nature. The uncertainty expressed in such abstractions is typically probabilistic or strict in nature. For example, a bank may have a good idea of the probability that a given teller machine has a corrupted external interface that clones inserted bank cards, based on past history, location of the machine and so forth. Strict uncertainty often relates to threats for which no (or insufficient) historical information is available to estimate probability distributions, or it is used to express the combinatorial nature of a problem, for example the different orderings in which one may schedule critical tasks.This project brings together research leaders in machine learning, robust optimisation, verification and cybersecurity to explore new modelling and analysis capabilities for needs in cybersecurity. The project will investigate new approaches for modelling and optimisation by which cybersecurity of systems, processes, and infrastructures can be more robustly assessed, monitored, and controlled in the face of stochastic and strict uncertainty. Particular attention will be paid to privacy: new forms of privacy-preserving data analytics will be created and approaches to decision support that respect privacy considerations; for corporate confidentiality, we will invent foundations that enable different organisations to model and analyse cross-organisational cybersecurity aspects whilst respecting the type of privacy inherent in organisations' confidential information by establishing appropriate information barriers.

毫无疑问，需要更好地支持应对网络安全威胁。组织面临着越来越多的恶意软件和集成的恶意软件攻击工具、对基础设施和服务的攻击企图、越来越多的内部攻击以及针对高价资产的高级持续威胁。应对这些威胁要求组织拥有至少熟悉网络安全问题的ICT工作人员，并且最好拥有网络安全方面的实际技能，无论这些工作人员的角色如何。同样，管理层和决策者需要意识到网络安全问题，并在行动中反映这些问题。大型组织通常有一个首席信息安全官（CISO），负责处理其组织的网络安全运营和战略问题。但中小企业通常承担不起这种网络安全监督的角色，这使它们特别脆弱。一个组织面临的网络安全问题的规模和多样性意味着，它不可能考虑系统的每一个漏洞，以对抗每一个可信或潜在的对手，这些对手的存在会将漏洞转化为实际威胁。然而，CISO或决策者需要对所有这些复杂性有一个相当抽象的看法，其中抽象的选择不是由技术方面驱动的，而是由风险、合规性、服务可用性和战略等模式驱动的。这种观点通常必须考虑到外部或合作伙伴组织的网络安全，这是有问题的，因为组织不愿意分享这些敏感信息。因此，CISO或决策者需要相关内部或外部系统和服务的代表，以使他或她能够做出运营或战略性质的决策。这种抽象中表达的不确定性通常是概率性的或严格的。例如，银行可以基于过去的历史、机器的位置等，很好地了解给定柜员机具有克隆插入的银行卡的损坏的外部接口的概率。严格的不确定性往往与威胁有关，历史信息（或不充分的）可用于估计概率分布，或用于表达问题的组合性质，例如，可以安排关键任务的不同顺序。该项目汇集了机器学习，鲁棒优化，核查和网络安全，探索新的建模和分析能力，以满足网络安全的需要。该项目将研究建模和优化的新方法，通过这些方法，系统，流程和基础设施的网络安全可以在面对随机和严格的不确定性时进行更有力的评估，监控和控制。将特别关注隐私：将创建新形式的隐私保护数据分析和尊重隐私考虑的决策支持方法;对于企业机密，我们将发明基础，使不同组织能够建模和分析跨组织的网络安全方面，同时通过建立适当的信息屏障来尊重组织机密信息中固有的隐私类型。

项目成果

Manyopt: An Extensible Tool for Mixed, Non-Linear Optimization Through SMT Solving

Manyopt：通过 SMT 求解进行混合非线性优化的可扩展工具

• DOI: 10.48550/arxiv.1702.01332
• 发表时间: 2017
• 期刊: arXiv e-prints
• 作者: Callia D'Iddio Andrea

Scalable Information Flow Analysis of Secure Three-Party Affine Computations

安全三方仿射计算的可扩展信息流分析

• DOI: 10.1109/isit.2019.8849674
• 发表时间: 2019
• 作者: Ah-Fat P

Ontology-based Reasoning about the Trustworthiness of Cyber-physical Systems

基于本体的信息物理系统可信度推理

• DOI: 10.1049/cp.2018.0012
• 发表时间: 2018
• 作者: Balduccini M

Pseudonym Management Through Blockchain: Cost-Efficient Privacy Preservation on Intelligent Transportation Systems

• DOI: 10.1109/access.2019.2921605
• 发表时间: 2019-01-01
• 期刊: IEEE ACCESS
• 影响因子: 3.9
• 作者: Bao, Shihan;Cao, Yue;Huth, Michael
• 通讯作者: Huth, Michael

An in-depth case study: modelling an information barrier with Bayesian Belief Networks

深入的案例研究：使用贝叶斯信念网络对信息障碍进行建模

• 发表时间: 2016
• 作者: Beaumont P.