[TALK30] Trusted Graph for explainable detection of cyberattacks – Pierre PARREND (EPITA / iCube, Unistra)

On Wed, April 19th, 2023, 2pm CET, Pierre PARREND (Laboratoire de Recherche de l’EPITA / Laboratoire ICube – Unistra), will talk about “Trusted Graph for explainable detection of cyberattacks“. You are cordially invited to come or join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/30 with your interested friends!

Trailer: https://youtu.be/eiRdUH8yMHk
LinkedIN Event: https://www.linkedin.com/events/7052340159396139008/
Facebook Event: https://www.facebook.com/events/1698222957276297/
Youtube: https://www.youtube.com/watch?v=Ud1SieWVq10?list=PLdftPKA9mTfaDJxqwexil2mPhUFIA9ITd
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Help us spreading the news

The best talks are those with an interested diverse audience! Therefore, please use the following media to spread the news in your networks: 

Thank you!

Abstract

Machine Learning (ML) is now a key asset in security operations for the classification of malware or malicious web sites through combinations of network, system or software properties, anomaly detection by identification of deviating behaviours. Challenges for efficient and scalable use remain wide open, as the issue of training future professionals in a domain that requires high level of proficiency both in system and network technologies and in machine learning models and theory. Nonetheless, the technologies are sufficiently mature to be pervasive in security devices like supervision (Splunk), EDR/XDR (Thetris, DarkTrace) or SOAR (), as well as in security teams focusing in SOC or forensics.

However, while ML is a powerful tool for analyzing dominant behaviours and deviations thereof, it falls short in detecting weak signals, complex attacks like APTs, and more generally taking the relationships between messages, machines or network into account. Specific models have emerged to address these issues, which need to radically switch the analysis approach: the individual packets are no longer significant, their sequence is. Individual machines are not working stand alone, their interactions build the capability – and the threats – to the network. Security analysis therefore needs to leave the now common Euclidian, multi-dimensional ML models to face the complex interactions of machines and communications, nodes and their binding vertices, that is to say: the non-Euclidian domain of graph analytics.

In this talk, we present how the combination of attack graphs, graph theoretical metrics and graph learning enhance the well-mastered ML models for detection of attacks and address two critical phases for attack detection and mitigation: supervision and forensics. The graphs can take several forms: interaction graphs, considering IP or IP+Mac addresses as node definition, or scenario graphs, focusing on short-range time-windows to isolate related sessions. We illustrate their versatile capability through a wide range of cyberattacks from broadscale ransomware, scanning or denial of service attacks, to targeted attacks like spoofing, up to complex advanced persistence threat (APT) multi-step attacks.

The non-aggregative characteristics of graph models supports extended properties for explainability of attacks throughout the analytics lifecycle: data, model, output and interface. These approaches are evaluated both for information system network traces and for cyberphysical systems in industrial and medical environments.

Watch the trailer here.

Pierre PARREND

Pierre Parrend is HDR Professor at EPITA and head of Security & Systems team ar LRE – Laboratoire de Recherche de l’EPITA. As a member of the ICube laboratory of the University of Strasbourg, he leads a joint project between the CSTB team (Complex Systems and Translational Bio-Informatics) of ICube and the EPITA Research Laboratory (LRE) on the use of graphs for explainable detection of cyberattacks. He is particularly interested in attack detection in medical and industrial sensor systems, in particular in the context of the ANR Correau project – Resilience through the design and security of water networks – of which ICube is a partner, and of the ANR THIA-ArtIC on connected medical objects. Pierre is also responsible for the Security & System Team, and deputy director, of the LRE. In this context, he coordinates the contribution of EPITA’s regional sites in Strasbourg, Rennes, Lyon and Toulouse to the school’s partner research laboratories. Pierre was responsible for the BICS (Biostatistics, Informatics, and Complex Systems) research platform at the ICube laboratory, and responsible for the teaching department in computer science and mathematics at ECAM Strasbourg-Europe between 2012 and 2021. He is graduated with a Habilitation to Direct Research from the University of Strasbourg (2017) and a PhD in Computer Science from INSA Lyon (2008).

About Laboratoire de Recherche de l’EPITA / Laboratoire ICube – Unistra

EPITA is a private engineering school located in France, specialized in computer science and information technology. It was founded in 1984. EPITA offers a five-year program leading to the “Ingénieur EPITA” degree recognized by the Commission des Titres d’Ingénieurs. The school provides a curriculum focused on Computer Science and Computer Engineering

that covers various fields such as computer programming, artificial intelligence, cybersecurity, software engineering, and more. 

The LRE, Laboratoire de Recherche de l’EPITA, is the research lab of EPITA. It entails five teams: Security and Systems, Artificial Intelligence, Image, Automata, and Digital Methods for Humanities, as well as three transversal axes: robotics, software performance, and machine learning applications.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[#WisdomWednesday] Keynote “Strengthening Europe’s digital sovereignty – the Fraunhofer perspective” from Alexander Malaer & Reimund Neugebauer (Fraunhofer Gesellschaft) at GFA conference: Smart World! Smart Europe? 2022

You are cordially invited to watch the keynote by Alexander Malaer and Reimund Neugebauer from the Fraunhofer Geselschaft on Youtube. Follow this link!

The conference Smart World! Smart Europe? – Conference on European Digital Sovereignty took part in Munich on May 11-12, 2022.

The conference focussed on ideas that seek to advance Digital European Sovereignty. For this purpose we brought together relevant experts from society, academia and industry. Overall the conference seeks to raise awareness on the topic of European Digital Sovereignty, and generate concrete solutions on future education, research, governance.

On the first day, we showed ideas for solutions to advance European Digital Sovereignty. On the second day, we integrated politics’, academia’s and industry’s challenges with these ideas.

Moderation: Barbara Kostolnik (Former correspondent for German Public Radio ARD in France, Political Correspondent for Bayerischer Rundfunk in Berlin)

About Alexander Malaer

Alexander Malaer is Scientific Advisor in the Presidential Staff at Fraunhofer-Gesellschaft.

About the GFA Video Series and the #WisdomWednesday

Education is one of the core missions of the GFA. Therefore we have wonderful education projects in the field of industry 4.0, such as summer schools, hackathons and online courses that we organise together with leading universities in Europe. To present our education efforts to a bigger audience and share it with people all over the world, we created the GFA Video Series. Under the hashtag #WisdomWednesday we present interesting talks and keynotes every Wednesday on our website and in our social media. Stay tuned and check also our YouTube Channel.

About the German-French Academy for the Industry of the Future (GFA)

The German-French Academy for the Industry of the Future is a strategic vehicle to promote close collaboration between leading European research institutions and industrial companies. It was founded by the French Institut Mines-Télécom (IMT) and the German Technical University of Munich (TUM). Focused on joint research, education and innovation, the Academy’s mission is to master the challenges accompanying the increasing digitalization of industry processes. Read more…

GreenHack~IT 2022 – A great first edition with IMT, TUM and ArianeGroup


That was our hackathon GreenHack~IT last December in Munich. Around 50 French and German students accepted the challenge of ArianeGroup to find ways to decrease the energy consumption in their productions sites. Check our News Article for more info & pictures.

[TALK28] Immersive crisis management, risk management and decision support – Frédérick Benaben (IMT Mines Albi, Georgia Institute of Technology)

On Wed, Feb 22nd, 2023, 2pm CET, Frédérick Benaben (IMT Albi, Georgia Institute of Technology), will talk about “Immersive crisis management, risk management and decision support“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/28 with your interested friends!

Trailer: https://youtu.be/yBvXi66s4Ek
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:7024139695294947328/
Facebook Event: https://www.facebook.com/events/1100517861345963/
Youtube: https://www.youtube.com/watch?v=ZvfdO_T2-ro&list=PLdftPKA9mTfaDJxqwexil2mPhUFIA9ITd
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Help us spreading the news

The best talks are those with an interested diverse audience! Therefore, please use the following media to spread the news in your networks: 

Thank you!

Abstract

This talk explores the groundbreaking perspectives opened by the original specificities of immersive technologies in the fields of crisis management, risk management and decision support: The interest and the potential of virtual reality for training in crisis situations (of responders and citizens) will first be presented. Then, the contributions of immersive technologies, in particular in terms of facilitating interactions with artificial intelligence tools, will be illustrated through virtual and immersive cells dedicated to crisis management. Finally, the power of immersive approaches for decision support in uncertain and unstable contexts will be addressed through a third and last demonstration. In the end, different application contexts, different modes of immersion, and different users will be presented in order to cover the broadest possible perspective of the maturity of the research activities and contributions of the SIReN Lab (Sentient Immersive Response Network) between the Centre Genie Industriel of IMT Mines Albi and the Physical Internet Center of Georgia Tech.

Watch the trailer here.

Frédérick BENABEN

Frederick BENABEN is Professor at the Industrial Engineering Center of IMT Mines Albi in charge of the research axis “Security and Crisis Management”. He is the director of the IOMEGA VR lab on immersive technology for system management. He is adjunct Professor at the School of Industrial and Systems Engineering of the Georgia Institute of Technology (USA) and co-director with Professor Benoit Montreuil of the international associated laboratory “Sentient Immersive Response Network” (SIReN Lab) between IMT Mines Albi CGI and Georgia Tech ISyE. He is affiliated professor at the 3C informatics research center of the College of Information Sciences and Technology of the Pennsylvania State University (USA).

He is adjunct professor at the School of Economics and Management, Beijing Jiaotong University (China).

Centre Génie Industriel IMT Mines-Albi / SIReN Lab Georgia Tech

The Centre Génie Industriel involves 70 people and is interested in the kinetics of organizations and the development of decision support solutions in heterogeneous, collaborative and uncertain contexts. The Centre Génie Industriel conducts applied research activities through collaborative projects based on public funding (regional, national and international) but more mainly on private funding in the form of joint industrial research laboratories in direct partnership with industrial players.

The SIReN Lab is an international shared reserach Lab between IMT Mines Albi and Georgia Tech. It is focused on the design of management and decision making environments (control tower, immersive dashboard) to deal with networks and systems immersed in unstablme and uncertain environment. The SIReN lab involves a dozen of researchers including shared PhD students, faculties and engineers.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

60th anniversary of the Élysée Treaty – GFA celebrates 60 years of German-French relations

Exactly 60 years ago, German Chancellor Konrad Adenauer and French President Charles De Gaulle signed the Treaty of Friendship in the Élysée Palace. With this agreement, the two neighbors paved the way for a prosperous common future in the heart of Europe after long enmity and wars.

Today, the current German Chancellor Olaf Scholz and President Emmanuel Macron, as well as other politicians and invited guests, met at the Sorbonne University to celebrate this anniversary.

The GFA also celebrates this day, which makes its mission possible, namely to promote and actively shape bilateral research, higher education and industrial relations in the Industry of the Future.

Macron stressed today that Germany and France “cleared the path to reconciliation,” and must therefore “become pioneers to relaunch Europe.” (According to: https://www.dw.com/en/scholz-and-macron-celebrate-60-years-of-elysee-treaty/a-64480184)

It was the same spirit that helped founding the GFA in 2015, when Institut Mines-Télécom (IMT) and the Technical University of Munich (TUM) reacted to the idea of President Macron and former Chancellor Angela Merkel to create a French-German research and innovation network accompanying the digitalization of industry processes focusing on AI, cybersecurity, advanced manufacturing and network cooperation. Since then, the GFA helped develop a total of 30 French-German research projects, directly involving more than 175 researchers, PhD students and engineers as well as more than 30 industrial partners.

The GFA is at the forefront of innovation and will continue it’s mission with a year full of bilateral events, calls-for-projects and other networking activities to support bringing Germany, France and Europe to the cutting edge in the Industry of the Future.

We thank all researchers, companies, network partners and the many people who have helped us in our mission so far and will continue to support us in the future!

[TALK27] A Semantic Investigation System – François Khourbiga (Defants, FR)

On Wed, Jan 25th, 2023, 2pm CET, François Khourbiga (Defants, FR), will talk about “A Semantic Investigation System“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/27 with your interested friends!

Trailer: https://youtu.be/7FW6SwGN3tk
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:7020742646042087424/
Facebook Event: https://www.facebook.com/events/719867933140681/
Youtube: https://www.youtube.com/watch?v=LdA_doZdlhw&list=PLdftPKA9mTfaDJxqwexil2mPhUFIA9ITd&index=1
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Help us spreading the news

The best talks are those with an interested diverse audience! Therefore, please use the following media to spread the news in your networks: 

Thank you!

Abstract

We provide an overview of how we built a semantic forensic cyber security system based on the Notional SemaFor system proposed by DARPA. We will provide a quick look at the context of digital forensics and incident response, as well as the challenges posed by the state of the art. Then, we will present the four major topics we address to build a forensic semantic system: mutlimodal representations, reasoning ensembles, explanation & integration, and semantic models.

The talk will conclude with a concrete result on how it is used in cybersecurity and provide next steps for future work.

Watch the trailer here.

François Khourbiga

François Khourbiga is the CEO and co-founder of Defants. He spent 20 years working in Cybersecurity for the ANSSI attached to French Prime Minister services as Incident Responder and has helped many organization to face cyberattacks during 10 years. Then, he joined the French Ministry of Armed Forces as an Cyberdefense Engineerer in a reverse-engineering team for security research and development. After 15 years in public services, he was in charge of a research and development team at Orange Cyberdefense in charge of building the next generation of product for the company, before joining Mandant, one leader in Incident Response Services, as Incident Responder to help large companies facing the most advanced persistent threats.

in 2019, he went back to school at l’Ecole Polytechnique to follow an Executive Master program to develop its skills in entreupreneurship in the design, deployment and management with a strong technological and innovation dimension, in an international context.

Defants

Defants is a cybersecurity software development company, based in Rennes (France), and our mission is to redefine digital forensic and incident response (DFIR). The DFIR requires higly-skilled expert in a shortage of talent context, an excessive number of non-interoperable tools, and consumes a tremendous amount of time. We provide an eXtended DFIR Platform that brings together the automation of tools, the collaboration between junior and senior experts and make the DFIR simpler, faster and straigthforward. Our unique platform uses our semantic investigation engine to uncover the tactics and techniques used by attackers, because habits die hard.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/