Defending our cyberspace: AI-powered search engine for cyber threat intelligence

保卫我们的网络空间：人工智能驱动的网络威胁情报搜索引擎

• 批准号: 561035-2020
• 负责人: Fung, Benjamin
• 金额: $ 27.36万
• 依托单位: McGill University
• 依托单位国家: 加拿大
• 项目类别: Alliance Grants
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=719867
• 关键词: Defending; our; cyberspace; AI; powered

The Internet and many online information systems have become part of the critical infrastructures of Canada. However, statistics show that Canadians - individuals, industry, and government - are not well-prepared for new waves of cyber threats. Malware is the crux of many cyberattacks, especially attacks on critical cyber(-physical) infrastructures such as power grids, financial institutions, healthcare, and transportation systems, etc. Reverse engineering is often the primary step taken to gain an in-depth understanding of a piece of malware before taking appropriate action to secure a critical infrastructure, but the manual process is often very time-consuming. There is a pressing need for effective reverse engineering tools to support large-scale malware analysis in order to provide an efficient and effective response to a cyberattack. The challenge is how to transform the ever-growing volume and complexity of collected software binaries into interpretable knowledge. This collaborative project brings together the expertise of AI, data mining, and cybersecurity from McGill University, Queen's University, Defence Research & Development Canada (DRDC), and a Canadian multinational company specializing in cybersecurity. The proposed project has two goals. The first is to enhance the capability of cybersecurity professionals on deep learning for large-scale malware analysis and to provide them a new generation of AI-powered reverse engineering methods and tools to efficiently understand the inner workings of malware. The second goal is to train a new cohort of cybersecurity professionals equipped with research capability and the latest hands-on AI skill set. The novelty of the proposed project is to turn the petabyte-scale binary files into an opportunity of learning semantic-enriched representations of assembly code via deep learning. The new tools will significantly improve the capability and efficiency of frontline reverse engineers to understand the behaviour of malware.

互联网和许多在线信息系统已成为加拿大重要基础设施的一部分。然而，统计数据显示，加拿大人-个人，行业和政府-并没有为新一波的网络威胁做好准备。恶意软件是许多网络攻击的关键，特别是对关键网络（-物理）基础设施（如电网，金融机构，医疗保健和运输系统等）的攻击。逆向工程通常是在采取适当措施保护关键基础设施之前深入了解恶意软件的主要步骤，但手动过程通常非常耗时。迫切需要有效的逆向工程工具来支持大规模恶意软件分析，以便对网络攻击提供高效和有效的响应。面临的挑战是如何将不断增长的软件二进制文件的数量和复杂性转换为可解释的知识。 这个合作项目汇集了麦吉尔大学，皇后大学，加拿大国防研究与发展（DRDC）和一家专门从事网络安全的加拿大跨国公司的人工智能，数据挖掘和网络安全的专业知识。拟议的项目有两个目标。首先是增强网络安全专业人员进行大规模恶意软件分析的深度学习能力，并为他们提供新一代人工智能驱动的逆向工程方法和工具，以有效了解恶意软件的内部工作原理。第二个目标是培养一批新的网络安全专业人员，他们具备研究能力和最新的人工智能技能。 该项目的新奇在于将PB级的二进制文件转化为通过深度学习学习汇编代码的语义丰富表示的机会。这些新工具将显著提高前线逆向工程师了解恶意软件行为的能力和效率。