Research Project Proposals

Cybersecurity & Reliable AI

Title: Cybersecurity & Critical Infrastructure Protection

Proposer(s): Alessandro Armando

Curriculum: Cybersecurity and Reliable AI

Description:

Critical infrastructures, e.g. transportation, utilities, healthcare, financial market infrastructures, digital infrastructures, have become a primary target of malicious cyber actors whose goal ranges from money theft or extortion to crippling one or more critical functions of a target nation state. As the problem cannot be properly tackled individually by companies and organizations, states are putting forward actions to mitigate the threat. The Directive on security of network and information systems (the NIS Directive), provides legal measures to boost the overall level of cybersecurity in the EU by promoting the Member States’ preparedness, their cooperation and a culture of security across critical sectors. The EU Regulation 2019/881 (the Cyber Security Act) defines a European cybersecurity certification framework. Italy has undertaken an ambitious program to define “the national cybersecurity perimeter” which sets criteria for the identification of organizations to be included in the perimeter and a high standard of security for critical infrastructures and services operating within the national territory. Achieving compliance with these regulations implies a cost for companies and organizations, but it will also provide significant advantages in the long term. An interesting research objective is to define a methodology that allows for the quantitative evaluation of the costs and the advantages of meeting the cybersecurity regulations.

Link to the group or personal webpage

References:

  1. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.

  2. ENISA. Cybersecurity Certification Market Study, April 2021.

  3. Luisa Franchina. Perimetro di sicurezza cibernetica e Agenzia dedicata: così la cyber italiana cerca il salto di qualità. Agenda Digitale, 2021.

Title: Design and Implementation of Next Generation Cyber Ranges

Proposer(s): Alessio Merlo & Enrico Russo

Curriculum: Cybersecurity and Reliable AI

Description:

Cyber ranges are rapidly rising in importance within the security domain, emerging as the most realistic environment for cybersecurity training and security assessments. They are usually based on virtualization technologies and are used to set up real-world IT/OT infrastructures, simulate events, and observe phenomena in a controlled environment. These capabilities allow cyber ranges to host one of the highest value classes of exercises, namely Cyber Defense Exercises (CDX). A prominent example is the Locked Shields cyber exercise, which NATO conducts yearly since 2010. In Locked Shields, professional attackers (red team) launch live cyberattacks against an infrastructure consisting of around four thousand virtualized systems that a group of trainees (blue teams) must defend.

Setting up such exercises in a cyber range is often complex, expensive, and error-prone. It requires many experts in various fields who typically execute several tasks manually and using a trial-and-error approach. There are many technical (e.g., the hosting infrastructure or the design and deployment of the training scenario) and management (e.g., collecting meaningful data during an exercise or the scoring system) issues that should be solved or improved. Moreover, supported training scenarios need to be steadily updated to include the growing attack surface and new threat vectors.

This Ph.D. project proposal targets the study and development of solutions, methodologies, and architectures for addressing the presented issues in constructing large events hosted by cyber range systems.

Link to the group or personal webpage


References:

  1. Russo, E., Costa, G., & Armando, A. (2020). Building next generation Cyber Ranges with CRACK. Computers & Security, 95, 101837.

  2. Yamin, M. M., Katt, B., & Gkioulos, V. (2020). Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security, 88, 101636.

  3. Russo, E., Verderame, L., & Merlo, A. (2020, December). Enabling Next-Generation Cyber Ranges with Mobile Security Components. In IFIP International Conference on Testing Software and Systems (pp. 150-165). Springer, Cham.

Title: Secure Software Ecosystems

Proposer(s): Alessio Merlo & Luca Verderame

Curriculum: Cybersecurity and Reliable AI

Description:

Over the years, pervasive computing and communication technologies have enabled the emergence of new computing paradigms that have gained momentum across a broad spectrum of domains, ranging from automotive to smart home and industrial environments. In particular, emerging computing paradigms like Mobile, IoT, and Cloud Computing are becoming even more interconnected, thereby moving from single, isolated paradigms to complex ecosystems built by the fruitful interactions among several computing paradigms. Applications are the key component in virtually all emerging ecosystems and play a primary role in the interaction with the user (Mobile), with things (IoT), with data (fog), and with business processes (cloud). However, from a security standpoint, the interaction among the different software components, i.e., apps, belonging to heterogeneous domains leads to novel and unprecedented attack threats. Although several solutions exist for evaluating security in web, mobile, cloud, and IoT apps, the security assessment at an ecosystem level is still a mostly unexplored area. Indeed, to deal with such threats, applying state-of-the-art security analysis techniques on single paradigms can be insufficient. Thus, novel analysis methodologies that systematically analyze the entire ecosystem life cycle must be put forward, with a particular focus on new ecosystem modeling techniques and hybrid techniques (i.e., combining static and dynamic security testing) for the vulnerability assessment.

This Ph.D. project proposal targets the study and development of solutions, methodologies, and architectures for the security evaluation of software ecosystems.

Link to the group or personal webpage


References:

  1. Sequeiros, J. B., Chimuco, F. T., Samaila, M. G., Freire, M. M., & Inácio, P. R. (2020). Attack and system modeling applied to IoT, cloud, and mobile ecosystems: embedding security by design. ACM Computing Surveys (CSUR), 53(2), 1-32.

  2. Zhou, W., Jia, Y., Yao, Y., Zhu, L., Guan, L., Mao, Y., ... & Zhang, Y. (2019). Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms. In 28th {USENIX} Security Symposium (USENIX Security 19) (pp. 1133-1150).

  3. Verderame, L., Caputo, D., Migliardi, M., & Merlo, A. (2020, April). AppIoTTE: an architecture for the security assessment of mobile-IoT ecosystems. In Workshops of the International Conference on Advanced Information Networking and Applications (pp. 867-876). Springer, Cham.

Title: Adversarial AI for Cybersecurity

Proposer(s): Luca Oneto & Alessio Merlo

Curriculum: Cybersecurity and Reliable AI

Description:

In the last decades, Artificial Intelligence, and in particular Machine Learning, has become pervasive in all aspects of our lives experiencing a fast process of commodification and reaching the society at large. From self-driving cars to smart IoT devices, almost every consumer application now leverages such technologies to make sense of the vast amount of data collected. In some tasks (e.g., vision and games) recent deep-learning algorithms have shown super-human performance. For this reason, it has been extremely surprising to discover that such algorithms can be easily fooled by an adversary who carefully crafts imperceptible, at least from the human perspective, or plausible modifications of the input data forcing models to perceive things that are not there. Intrigued by this discovery and worried about its potential impact on the field a large number of researchers and stakeholders started to study, understand, and address this problem developing proper mitigation strategies. Especially in the field of cybersecurity (e.g., malware detection on Android), where the use of machine learning is becoming ubiquitous, taking care of problems related to adversaries is mandatory. Despite such large interest, this challenging problem is still far from being solved. In fact new methods of attacks (i.e., adversarial attacks) and defence (i.e., adversarial defence) to machine learning-based cybersecurity systems are developed continuously requiring the use of more and more advance Artificial Intelligence tools to keep up with the increasing cognitively and computational complexity of the problem.

This PhD project proposal targets the study and development of solutions, methodologies, and architectures for adversarial AI for cybersecurity.

Link to the group or personal webpage

References:

  1. B. Biggio and F. Roli - Wild patterns: Ten years after the rise of adversarial machine learning - Pattern Recognition - 2018

  2. L. Oneto, S. Ridella, and D. Anguita - The Benefits of Adversarial Defence in Generalisation - ESANN - 2021

  3. S. Aonzo, A. Merlo, M. Migliardi, L. Oneto, and F. Palmieri - Low-Resource Footprint, Data-Driven Malware Detection on Android - IEEE Transactions on Sustainable Computing - 2017

Title: Safety analysis for space and avionics systems and software

Proposer(s): Marco Bozzano & Stefano Tonetta

Curriculum: Cybersecurity and Reliable AI

Description:

Space and avionics systems are reaching an unprecedented degree of complexity. The process of safety analysis attempts to characterize the likelihood of faults and failures, and to assess the effectiveness of the adopted mitigation measures. Unfortunately, traditional techniques are becoming ineffective, unable to deal with large-scale systems. This thesis will investigate novel methods for safety analysis, based on the adoption of formal models of system and software (nominal and faulty) behaviors. Particularly interesting are the analysis of timing aspects in the propagation of multiple faults to failures and errors, the ability to explain the causality of propagation, and the definition of techniques for on-the-fly fault detection, isolation and recovery policies.

Link to the group or personal webpage

References:

  1. M. Bozzano, A. Cimatti, A.F. Pires, A. Griggio, M. Jonas, G. Kimberly. Efficient SMT-based Analysis of Failure Propagation. To appear in Proc. CAV 2021.

  2. M. Bozzano, A. Cimatti, M. Gario, D. Jones, C. Mattarei. Model-based Safety Assessment of a Triple Modular Generator with xSAP. In Formal Aspects of Computing 33(2):251 295, 2021.

  3. M. Bozzano, P. Munk, M. Schweizer, S. Tonetta, V. Vozárová. Model-Based Safety Analysis of Mode Transitions. In Proc. SAFECOMP 2020.

  4. M. Bozzano, A. Cimatti and C. Mattarei. Formal reliability analysis of redundant architectures. Formal Aspects of Computing 31(1):59-94, 2019.

  5. M. Bozzano, A. Cimatti, A.F. Pires, D. Jones, G. Kimberly, T. Petri, R. Robinson and S. Tonetta. Formal Design and Safety Analysis of AIR6110 Wheel Brake System. In Proc. CAV 2015.

  6. M. Bozzano, A. Cimatti, M. Gario and S. Tonetta. Formal Design of Asynchronous FDI Components using Temporal Epistemic Logic. Logical Methods in Computer Science, volume 11, 2015.

Title: Explainable Machine Learning in Network Security

Proposer(s): Domenico Siracusa & Roberto Doriguzzi Corin

Curriculum: Cybersecurity and Reliable AI

Description:

Machine Learning (ML) is nowadays a consolidated technology embedded in various domains of computer science and information technology. In the recent past years, ML has revolutionised cybersecurity applications, with excellent results in various application areas such as: encrypted traffic classification, intrusion detection and prevention, anomaly detection in industrial control systems, identification of malicious software (or malware), among others.

One important research subfield of ML is called Explainable Machine Learning, which relates to understanding the ML model behaviour by means of various techniques such as feature importance scores, influential training data, etc,. Given the complexity of some black-box ML models, it is inherently difficult to understand why they behave the way they do. Understanding how a ML model works and how it takes its decisions is paramount in network security. Indeed, the ability to understand why an event is classified as benign or malicious by an ML-based intrusion detection system allows the ML practitioner to take the necessary counteractions to reduce false positive and false negatives rates, and to make the system more robust to Adversarial Machine Learning attacks.

The objective of this PhD project is to perform fundamental research in the field of ML explainability (understanding how ML algorithms reason their outputs) and to propose novel tools and methodologies for ensuring good performance of ML-based security systems under various working conditions.

Link to the group or personal webpage

References:

  1. G. Xian, "Cyber Intrusion Prevention for Large-Scale Semi-Supervised Deep Learning Based on Local and Non-Local Regularization", IEEE Access, 2020.

  2. R. Doriguzzi-Corin, S. Millar, S. Scott-Hayward, J. Martinez-del-Rincon, and D. Siracusa, "LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection", IEEE Transactions on Network and Service Management, 2020.

  3. M. Wang, K. Zheng, Y. Yang and X. Wang, "An Explainable Machine Learning Framework for Intrusion Detection Systems", IEEE Access, 2020.

  4. A. Hartl, M. Bachl, J. Fabini and T. Zseby, "Explainability and Adversarial Robustness for RNNs," IEEE Sixth International Conference on Big Data Computing Service and Applications (BigDataService), 2020.

  5. M. Abdelaty, R. Doriguzzi-Corin, and D.Siracusa, "DAICS: A Deep Learning Solution for Anomaly Detection in Industrial Control Systems", IEEE Transactions on Emerging Topics in Computing, 2021.

Title: Programmable Network-wide Robustness and Security

Proposer(s): Domenico Siracusa & Federico Pederzolli

Curriculum: Cybersecurity and Reliable AI

Description:

As demonstrated by recent events, telecommunications networks’ importance for economic activity and simple human communication cannot be understated. However, while networks held up remarkably well despite a near-doubling of their expected load, their resiliency is not infinite, and their role as information carriers makes them useful targets for malicious actors, from crooks to state-sponsored agents. The advent of programmable ASICs offers a unique opportunity for researchers to observe and customize network device behaviors at a level of detail and time resolution unthinkable with traditional approaches. These, in turn, enable the development and application of new or previously unsuitable strategies for on-the-fly fault detection, isolation and recovery policies, including aspects such as detailed timing and direction of error propagation and intrusion detection and isolation.

This thesis combines the topics of programmable networks and advanced fault and intrusion detections and recovery/isolation, with the aim of improving the resiliency of large-scale telecommunications networks against both failures and targeted attacks.

Link to the group or personal webpage

References:

  1. F. Hauser, M. Häberle, D. Merling, S. Lindner, V. Gurevich, F. Zeiger, R. Frank, M. Menth, “A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research”, IEEE Communications Surveys and Tutorials (COMS), 2021.

  2. D. Ding, M. Savi, F. Pederzolli, M. Campanella, D. Siracusa, “In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches”, to appear on IEEE Transactions on Network and Service Management, 2021. Currently retrievable at: https://arxiv.org/abs/2104.06277

  3. D. Ding, M. Savi, F. Pederzolli, D. Siracusa. “INVEST: Flow-Based Traffic Volume Estimation in Data-Plane Programmable Networks,” accepted at IFIP Networking 2021.

  4. R. Ben Basat, S. Ramanathan, Y. Li, G. Antichi, M. Yu, M. Mitzenmacher, "PINT: Probabilistic In-band Network Telemetry", ACM SIGCOMM, 2020.

  5. D. Ding, M. Savi, G. Antichi, D. Siracusa, "An Incrementally-Deployable P4-Enabled Architecture for Network-Wide Heavy-Hitter Detection", IEEE Transactions on Network and Service Management, 2020.