Posts

[TALK30] Trusted Graph for explainable detection of cyberattacks – Pierre PARREND (EPITA / iCube, Unistra)

On Wed, April 19th, 2023, 2pm CET, Pierre PARREND (Laboratoire de Recherche de l’EPITA / Laboratoire ICube – Unistra), will talk about “Trusted Graph for explainable detection of cyberattacks“. You are cordially invited to come or join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/30 with your interested friends!

Trailer: https://youtu.be/eiRdUH8yMHk
LinkedIN Event: https://www.linkedin.com/events/7052340159396139008/
Facebook Event: https://www.facebook.com/events/1698222957276297/
Youtube: https://www.youtube.com/watch?v=Ud1SieWVq10?list=PLdftPKA9mTfaDJxqwexil2mPhUFIA9ITd
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Help us spreading the news

The best talks are those with an interested diverse audience! Therefore, please use the following media to spread the news in your networks: 

Thank you!

Abstract

Machine Learning (ML) is now a key asset in security operations for the classification of malware or malicious web sites through combinations of network, system or software properties, anomaly detection by identification of deviating behaviours. Challenges for efficient and scalable use remain wide open, as the issue of training future professionals in a domain that requires high level of proficiency both in system and network technologies and in machine learning models and theory. Nonetheless, the technologies are sufficiently mature to be pervasive in security devices like supervision (Splunk), EDR/XDR (Thetris, DarkTrace) or SOAR (), as well as in security teams focusing in SOC or forensics.

However, while ML is a powerful tool for analyzing dominant behaviours and deviations thereof, it falls short in detecting weak signals, complex attacks like APTs, and more generally taking the relationships between messages, machines or network into account. Specific models have emerged to address these issues, which need to radically switch the analysis approach: the individual packets are no longer significant, their sequence is. Individual machines are not working stand alone, their interactions build the capability – and the threats – to the network. Security analysis therefore needs to leave the now common Euclidian, multi-dimensional ML models to face the complex interactions of machines and communications, nodes and their binding vertices, that is to say: the non-Euclidian domain of graph analytics.

In this talk, we present how the combination of attack graphs, graph theoretical metrics and graph learning enhance the well-mastered ML models for detection of attacks and address two critical phases for attack detection and mitigation: supervision and forensics. The graphs can take several forms: interaction graphs, considering IP or IP+Mac addresses as node definition, or scenario graphs, focusing on short-range time-windows to isolate related sessions. We illustrate their versatile capability through a wide range of cyberattacks from broadscale ransomware, scanning or denial of service attacks, to targeted attacks like spoofing, up to complex advanced persistence threat (APT) multi-step attacks.

The non-aggregative characteristics of graph models supports extended properties for explainability of attacks throughout the analytics lifecycle: data, model, output and interface. These approaches are evaluated both for information system network traces and for cyberphysical systems in industrial and medical environments.

Watch the trailer here.

Pierre PARREND

Pierre Parrend is HDR Professor at EPITA and head of Security & Systems team ar LRE – Laboratoire de Recherche de l’EPITA. As a member of the ICube laboratory of the University of Strasbourg, he leads a joint project between the CSTB team (Complex Systems and Translational Bio-Informatics) of ICube and the EPITA Research Laboratory (LRE) on the use of graphs for explainable detection of cyberattacks. He is particularly interested in attack detection in medical and industrial sensor systems, in particular in the context of the ANR Correau project – Resilience through the design and security of water networks – of which ICube is a partner, and of the ANR THIA-ArtIC on connected medical objects. Pierre is also responsible for the Security & System Team, and deputy director, of the LRE. In this context, he coordinates the contribution of EPITA’s regional sites in Strasbourg, Rennes, Lyon and Toulouse to the school’s partner research laboratories. Pierre was responsible for the BICS (Biostatistics, Informatics, and Complex Systems) research platform at the ICube laboratory, and responsible for the teaching department in computer science and mathematics at ECAM Strasbourg-Europe between 2012 and 2021. He is graduated with a Habilitation to Direct Research from the University of Strasbourg (2017) and a PhD in Computer Science from INSA Lyon (2008).

About Laboratoire de Recherche de l’EPITA / Laboratoire ICube – Unistra

EPITA is a private engineering school located in France, specialized in computer science and information technology. It was founded in 1984. EPITA offers a five-year program leading to the “Ingénieur EPITA” degree recognized by the Commission des Titres d’Ingénieurs. The school provides a curriculum focused on Computer Science and Computer Engineering

that covers various fields such as computer programming, artificial intelligence, cybersecurity, software engineering, and more. 

The LRE, Laboratoire de Recherche de l’EPITA, is the research lab of EPITA. It entails five teams: Security and Systems, Artificial Intelligence, Image, Automata, and Digital Methods for Humanities, as well as three transversal axes: robotics, software performance, and machine learning applications.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[TALK23] Aaron Ding (TU Delft, Netherlands) – Trustworthy and Sustainable Edge AI 

On Wed, Oct 26th, 2022, 2pm CET, Aaron Ding (TU Delft, Netherlands), will talk about “Trustworthy and Sustainable Edge AI“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/23 with your interested friends!

Trailer: https://youtu.be/H4kImH__DpY
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:6990061761919868928/
Facebook Event: https://fb.me/e/24L973TCJ
Youtube: https://youtu.be/qzBS2dNN-yc
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Abstract

Despite of promising impact, Edge AI is facing two major challenges for its large scale deployment: trustworthiness and sustainability.

On trustworthiness, Edge AI benefits from its close proximity to the end-devices and user generated data. However, due to the distributed deployment and deep penetration into personal context, the safety and perceived trustworthiness for Edge AI services raise concerns among several stakeholders (e.g., end users, public sectors, ISP). To achieve trustworthy Edge AI, critical building blocks are needed for ensuring transparency, fairness and robustness, especially for its training and deployment in decentralized, uncontrolled environments. The trustworthiness of Edge AI is a stepping stone, on which the promise of Edge AI can be built.

Meanwhile, being a critical goal of sustainability, the energy consumption of Edge AI needs to be optimized. The energy efficiency is crucial for embedding Edge AI to our infrastructures (e.g., road side units, micro base stations) in order to sustainably support advanced autonomous driving and Extended Reality (XR) services in the years to come. Across the pipeline of data acquisition, transfer, computation, and storage, there exists the possibility for Edge AI to trade off accuracy to less power and less time consumed. For instance, noisy inputs from numerous sensors can be selectively processed and transferred in order to save energy. This new dimension to the optimization design can pave the way towards a sustainable deployment of Edge AI.

Watch the trailer here.

Aaron Ding

Aaron Ding is leading the Cyber-Physical Intelligence (CPI) Lab as tenured Associate Professor of Edge AI at TU Delft. He has been awarded EU research grants (€5M+) as Consortium Director and PI. With over 15 years of R&D experience across EU, UK and USA, he has worked at TU Munich with Jörg Ott, at Columbia University with Henning Schulzrinne, at University of Cambridge with Jon Crowcroft. His research focuses on edge computing, edge AI, and data-driven IoT services. Being an active member of ACM, IEEE and IETF, he is the founder of ACM EdgeSys, Associate Editor for ACM TIOT and IEEE OJ-ITS. For contributions to mobile edge computing, his research has received best paper awards and recognition from ACM SIGCOMM, ACM EdgeSys, ACM SenSys CCIoT, and IEEE INFOCOM. Details of his projects and publications can be found on site: https://homepage.tudelft.nl/8e79t/

TU Delft, Netherlands

Founded in 1842, Delft University of Technology (TU Delft) is the oldest, largest, and most comprehensive university of technology in the Netherlands and globally ranked top 10 on the 2022 QS World University Rankings of Engineering & Technology. TU Delft collaborates with a wide network of educational, industrial, and governmental partners. It is a member of university federations including the IDEA League, CESAER, UNITECH International and 4TU.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[Update] Call for participation to the Summer School “Trustful AI for Industry”