Digitala Vetenskapliga Arkivet

Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
MAS-CTI: Machine Learning Assisted System for Cyber Threat Intelligence
RISE Research Institutes of Sweden.ORCID iD: 0000-0002-2772-4661
RISE Research Institutes of Sweden.ORCID iD: 0000-0001-6116-164X
Ericsson AB.
RISE Research Institutes of Sweden.ORCID iD: 0000-0001-8192-0893
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Cyber Threat Intelligence (CTI) is a critical component of modern cybersecurity, providing organizations with essential information to detect, prevent, and respond to cyber threats. However, CTI data is often non-uniform, incomplete, and inconsistent, making it challenging to analyze and manage effectively. Machine Learning (ML) models offer a powerful solution to overcome these challenges, providing advanced tools for data processing, sharing, and analysis. In this paper, we present MAS-CTI, an extended version of the popular CTI platform MISP, leveraging the power of ML for CTI processing. In particular, we address three key challenges in the CTI domain: event type identification, threat ranking, and IoC correlation. Additionally, to address concerns regarding IoC confidentiality, we explore the application of Federated Learning (FL) for event identification. We have conducted extensive testing of the models on three public CTI datasets, and the results obtained demonstrate the potential of ML models to enhance CTI processing and analysis, with only a few exceptions. 

Keywords [en]
Machine Learning, Cyber Threat Intelligence, Federated Learning, Learning to Rank, MISP
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:uu:diva-511773OAI: oai:DiVA.org:uu-511773DiVA, id: diva2:1797503
Available from: 2023-09-15 Created: 2023-09-15 Last updated: 2023-09-15Bibliographically approved
In thesis
1. Robust and Efficient Federated Learning for IoT Security
Open this publication in new window or tab >>Robust and Efficient Federated Learning for IoT Security
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The widespread adoption of Internet of Things (IoT) devices has led to substantial progress across various industrial sectors, including healthcare, transportation, and manufacturing. However, these devices also introduce significant security vulnerabilities because they are often deployed without adequate security measures, making them susceptible to cyber threats. Meanwhile, the rapid evolution of Artificial Intelligence (AI), specifically in the fields of Machine Learning (ML)  and Deep Learning (DL),  brings convenience and advantages to the community of IoT security. AI-driven solutions can process extensive data from IoT devices and networks, facilitating the identification of intricate and dynamic threats that may go unnoticed through conventional security methods. Nevertheless, typical ML models require a substantial volume of centralized datasets for training, which may conflict with the principles outlined in the GDPR. Recently, Federated Learning (FL) has emerged as a promising decentralized learning paradigm that enables participants to collaboratively train models without sharing private data. However, FL also brings new challenges.

The contributions of this dissertation are presented through six research papers, which address identified shortcomings and challenges of FL and ML. Initially, a comprehensive landscape study is conducted to understand available ML technologies thoroughly. A novel approach to device fingerprinting and identification is proposed to fingerprint and identify IoT devices through the application of FL. Through this work, several limitations of FL and research challenges are identified. To begin with, the challenges of non-IID and imbalanced data are addressed by proposing adaptive data rebalancing techniques in a peer-to-peer FL setup. Subsequently, a communication-efficient and robust federated aggregation rule is proposed to secure the learning process in the FL setup. Furthermore, when the Intrusion Detection System (IDS) detects anomaly records, they are shared as vulnerability alerts with the Cyber Threat Intelligence platform, which is enhanced by the proposed ML-based functionalities to automate threat processing. Lastly, an in-vehicle IDS is analyzed in the context of the automotive use case for its resilience against adversarial attacks.

The overall contribution of this dissertation enhances the aggregation methodology within FL, emphasizes its adaptability in addressing diverse critical scenarios to tackle IoT security challenges, and reinforces ML models to confront adversarial AI challenges. Given that FL is still in its early stages, with numerous unresolved challenges in IoT security, these enhancements and contributions are timely in paving the way for future advancements and providing a clearer path forward.

Place, publisher, year, edition, pages
Uppsala: Acta Universitatis Upsaliensis, 2023. p. 59
Series
Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology, ISSN 1651-6214 ; 2306
Keywords
Internet of Things, Federated Learning, Machine Learning, Intrusion Detection System, Communication Efficiency, Robustness, Adversarial AI, Device Fingerprinting, Device Identification, Cyber Threat Intelligence
National Category
Computer Systems
Research subject
Computer Science with specialization in Computer Communication
Identifiers
urn:nbn:se:uu:diva-511774 (URN)978-91-513-1895-0 (ISBN)
Public defence
2023-11-02, 80127, Ångström, Lägerhyddsvägen 1, Uppsala, 13:00 (English)
Opponent
Supervisors
Funder
EU, Horizon 2020, 101020259EU, Horizon 2020, 830927
Available from: 2023-10-11 Created: 2023-09-15 Last updated: 2023-10-11

Open Access in DiVA

No full text in DiVA

Search in DiVA

By author/editor
Wang, HanIacovazzi, AlfonsoRaza, Shahid
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 436 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf