Adaptive ML-Based Techniques for Vulnerability Assessment, Threat Modeling and Risk Mitigation in Cyber Security

基于自适应机器学习的网络安全漏洞评估、威胁建模和风险缓解技术

• 批准号: RGPIN-2020-06450
• 负责人: Vlajic, Natalija
• 金额: $ 2.11万
• 依托单位: York University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=718333
• 关键词: Adaptive; ML; Based; Techniques; Vulnerability

In order to deal with the growing number and sophistication of attacks on Internet-based systems, cyber security researchers have increasingly been turning to the use of advanced analytics techniques, including the use of machine learning (ML). One common disadvantage of most research works on practical use of ML in cyber security is that they assume stationary processes and datasets. However, in modern-day cyber security systems - where regular operating conditions as well as the nature and/or manifestation of outside threats are subject to continuous change - traditional approaches to defence based on stationary' methods (including stationary' ML) are no longer appropriate. To attain and sustain a desired performance, modern ML-based cyber security systems need to operate within the framework of dynamic/adaptive decision making. They also need to be built on the concepts of cyber risk management in order to ensure the right balance between security, feasibility and usability three objectives that are often conflicting with one other but ultimately equally important in all real-world cyber systems. The long-term goal of this program is to advance the state of the art in ML-based cyber security research. Specifically, the aim is to develop adaptive ML-based techniques capable of dealing with the inherent dynamicity of cyber security systems, and to do so within the context of cyber risk management, while also considering the possibility of deliberate adversarial attack/influence on the system's decision-making logic. The program will focus on two main application areas: security of Web systems and security of IoT systems. The specific problems addressed within the program will include: detection and mitigation of advanced (human-mimicking) bad bots in dynamic Web systems, detection and mitigation of rouge/misbehaving devices in IoT systems, and protection of user privacy in IoT systems. The program will provide state-of-the-art contributions to cyber security as well as applied machine learning research. The program is also of great practical significance due to its focus on the development of attack-resilient real-world cyber systems. Finally, the program will provide opportunity for training of HQP in both cyber security and machine learning - two areas that are identified as critically important for Canadian IT industry and its overall economy.

为了应对对基于互联网的系统的攻击数量和复杂性的不断增加，网络安全研究人员越来越多地转向使用先进的分析技术，包括使用机器学习（ML）。大多数关于ML在网络安全中的实际应用的研究工作的一个共同缺点是它们假设静态过程和数据集。然而，在现代网络安全系统中，常规操作条件以及外部威胁的性质和/或表现形式不断变化，基于静态方法（包括静态ML）的传统防御方法不再适用。为了达到和维持期望的性能，现代基于ML的网络安全系统需要在动态/自适应决策的框架内运行。它们还需要建立在网络风险管理的概念之上，以确保安全性、可行性和可用性这三个目标之间的正确平衡，这三个目标往往相互冲突，但最终在所有现实世界的网络系统中同等重要。 该计划的长期目标是推进基于ML的网络安全研究的最新水平。具体而言，其目的是开发自适应ML为基础的技术，能够处理网络安全系统的固有动态性，并在网络风险管理的背景下这样做，同时也考虑故意对抗攻击/影响系统的决策逻辑的可能性。该计划将专注于两个主要应用领域：Web系统安全和物联网系统安全。该计划中解决的具体问题将包括：检测和缓解动态Web系统中的高级（模仿人类）不良机器人，检测和缓解物联网系统中的Rouge/行为不端设备，以及保护物联网系统中的用户隐私。 该计划将为网络安全以及应用机器学习研究提供最先进的贡献。该计划还具有重要的实际意义，因为它专注于开发具有攻击弹性的现实世界网络系统。最后，该计划将为HQP提供网络安全和机器学习方面的培训机会-这两个领域被认为对加拿大IT行业及其整体经济至关重要。