Cybersecurity

Lead Researcher
Marcos Simplicio
EPUSP

Associate Researchers
Cíntia Borges Margi
POLI/USP
Daniel de Oliveira Mota
POLI/USP
Eduardo Takeo Ueda
IPT
Graça Bressan
POLI/USP
Leandro Avanço
IPT
Marcos Antonio Simplicio Junior
POLI/USP
Sergio Takeo Kofuji
POLI/USP
Wilson Vicente Ruggiero
POLI/USP

Lines of Research
Cybersecurity

Technological advancements are improving lives and economies, but the risk of exposure to cyber-attacks is also growing drastically. Failures in protecting systems that control homes, hospitals, factories, and virtually all infrastructures can have devastating consequences. The security of confidential information of citizens, businesses, industrial networks (IIoT), supply chains, with their associated economic values, needs to be preserved against these cyber threats.

Cybersecurity is a crucial factor for the success of the digital economy and, as such, should be considered essential, not optional. People and organizations need to believe that digital technologies are secure and reliable; otherwise, this insecurity can become an obstacle to digital transformation. Digitization and cybersecurity must evolve hand in hand.

This line has two main pillars: (1) initiatives aimed at applying security techniques and methods to assist the field of AI applied in IIoT, and (2) initiatives focused on applying AI techniques and methods to assist the area of cybersecurity for industrial networks.

In the first pillar, the goal is to support the other lines already presented. Thus, the plan is to build robust security architectures to protect the transmission, processing, and storage of data that enable the secure operation of the entire industrial innovation ecosystem proposed in this document, according to the specific needs of each of its components.

The second pillar aims to use AI as a tool for complex problems in the cybersecurity domain, which do not solely rely on mechanisms whose robustness can be mathematically verified. In particular, it envisions the use of AI to assist in the construction and improvement of security mechanisms commonly based on statistical data, such as intrusion prevention, detection, and recovery systems, as well as network load balancing solutions to prevent attacks on system availability (also known as denial-of-service attacks). For example, AI tools can be used to correlate data captured from IoT systems in power and industrial plants, enabling more efficient and accurate diagnosis of intrusion attempts and cybersecurity incidents, providing a higher level of protection and response to monitored plants. Another example involves developing machine learning techniques based on the expertise and data collected from analysts to enable the system to learn and evolve over time, keeping up or even anticipating the evolution of cyber attacks.

The importance of these mechanisms comes from the fact that Information Security is itself one of the pillars of Industry 4.0 and supports any systems that need to handle data considering requirements such as confidentiality, integrity, authenticity, non-repudiation, availability, and auditability. Thus, this line potentially encompasses initiatives in all the other pillars to a greater or lesser extent. In some cases, the feasibility of these initiatives may depend on a robust security system, either because they deal with data covered by specific legislation (e.g., medical or personal data) or because failures caused by attackers can lead to catastrophic consequences in terms of financial, environmental, and/or human lives. Preventing or mitigating such threats, considering the specificities of each system (e.g., computational resource constraints in IIoT systems), is the main challenge of this research line in the "Security Applied to AI" pillar.

Although this challenge is quite general, precisely because it depends on the target application, an approach considered promising in the Industry 4.0 scenario is the so-called "zero-trust model" (GILMAN; BARTH, 2017; ROSE et al., 2020). Basically, this approach consists of building architectures in which trust in one or more entities is avoided. Some examples of technologies that support this principle and can be integrated into AI applications when relevant include: digital signatures, which allow verifying data integrity, authenticity, and authorship; Blockchain, used to define and verify the relative order of various events in a system (BECK, 2018; MIERS et al., 2019); and zero-knowledge proofs and homomorphic encryption (MALLER et al., 2019), through which it is possible to prove characteristics or perform calculations on encrypted data without revealing its value in plain text.

In the second pillar of this line ("AI applied to Security"), the main challenge is to improve the effectiveness of security solutions based on statistics and heuristics. One of the key expected contributions with the use of computational intelligence mechanisms is to enhance the accuracy of intrusion detection and prevention systems (AHMED; MAHMOOD; HU, 2016; BUCZAK; GUVEN, 2016). Specifically, there is an interest in mitigating the so-called "silent threats," where the attack profile is subtle, with irregularly spaced actions over time, searching for vulnerabilities that are exploited judiciously to make their identification and subsequent blocking more difficult (AHMED; MAHMOOD; HU, 2016; SIADATI; SAKET; MEMON, 2016). Detecting this type of attack needs to be based on the behavioral profile of the attack rather than just a statistical profile. Another relevant example is the development of mechanisms that can allocate and deallocate resources independently of human intervention, through intelligent systems, according to demand and at a speed compatible with fluctuations in resource consumption (AFOLABI et al., 2018). The expected outcome is a more robust communication system against accidental failures and more resilient to denial-of-service attacks, considering both traditional networks and sensor networks that are part of Internet of Things (IoT) systems.

The expected impact of this proposed combination of Cybersecurity and AI is the creation of more resilient computational architectures that can: (I) avoid single points of failure; (II) engage system entities to collaborate in their security; (III) prevent breaches even in case of collusion among one or several participating nodes in the network; and (IV) enable a quick and effective response from the system against attempted attacks. Such architectures, or their individual components, can then be used in critical systems of Industry 4.0, particularly those that involve the collection, processing, and storage of confidential data; rely heavily on the integrity and authenticity of the information used; and are preferred targets of attacks, either by external or internal agents.

 

References