[TALK30] Trusted Graph for explainable detection of cyberattacks – Pierre PARREND (EPITA / iCube, Unistra)

On Wed, April 19th, 2023, 2pm CET, Pierre PARREND (Laboratoire de Recherche de l’EPITA / Laboratoire ICube – Unistra), will talk about “Trusted Graph for explainable detection of cyberattacks“. You are cordially invited to come or join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/30 with your interested friends!

Trailer: https://youtu.be/eiRdUH8yMHk
LinkedIN Event: https://www.linkedin.com/events/7052340159396139008/
Facebook Event: https://www.facebook.com/events/1698222957276297/
Youtube: https://www.youtube.com/watch?v=Ud1SieWVq10?list=PLdftPKA9mTfaDJxqwexil2mPhUFIA9ITd
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Help us spreading the news

The best talks are those with an interested diverse audience! Therefore, please use the following media to spread the news in your networks: 

Thank you!

Abstract

Machine Learning (ML) is now a key asset in security operations for the classification of malware or malicious web sites through combinations of network, system or software properties, anomaly detection by identification of deviating behaviours. Challenges for efficient and scalable use remain wide open, as the issue of training future professionals in a domain that requires high level of proficiency both in system and network technologies and in machine learning models and theory. Nonetheless, the technologies are sufficiently mature to be pervasive in security devices like supervision (Splunk), EDR/XDR (Thetris, DarkTrace) or SOAR (), as well as in security teams focusing in SOC or forensics.

However, while ML is a powerful tool for analyzing dominant behaviours and deviations thereof, it falls short in detecting weak signals, complex attacks like APTs, and more generally taking the relationships between messages, machines or network into account. Specific models have emerged to address these issues, which need to radically switch the analysis approach: the individual packets are no longer significant, their sequence is. Individual machines are not working stand alone, their interactions build the capability – and the threats – to the network. Security analysis therefore needs to leave the now common Euclidian, multi-dimensional ML models to face the complex interactions of machines and communications, nodes and their binding vertices, that is to say: the non-Euclidian domain of graph analytics.

In this talk, we present how the combination of attack graphs, graph theoretical metrics and graph learning enhance the well-mastered ML models for detection of attacks and address two critical phases for attack detection and mitigation: supervision and forensics. The graphs can take several forms: interaction graphs, considering IP or IP+Mac addresses as node definition, or scenario graphs, focusing on short-range time-windows to isolate related sessions. We illustrate their versatile capability through a wide range of cyberattacks from broadscale ransomware, scanning or denial of service attacks, to targeted attacks like spoofing, up to complex advanced persistence threat (APT) multi-step attacks.

The non-aggregative characteristics of graph models supports extended properties for explainability of attacks throughout the analytics lifecycle: data, model, output and interface. These approaches are evaluated both for information system network traces and for cyberphysical systems in industrial and medical environments.

Watch the trailer here.

Pierre PARREND

Pierre Parrend is HDR Professor at EPITA and head of Security & Systems team ar LRE – Laboratoire de Recherche de l’EPITA. As a member of the ICube laboratory of the University of Strasbourg, he leads a joint project between the CSTB team (Complex Systems and Translational Bio-Informatics) of ICube and the EPITA Research Laboratory (LRE) on the use of graphs for explainable detection of cyberattacks. He is particularly interested in attack detection in medical and industrial sensor systems, in particular in the context of the ANR Correau project – Resilience through the design and security of water networks – of which ICube is a partner, and of the ANR THIA-ArtIC on connected medical objects. Pierre is also responsible for the Security & System Team, and deputy director, of the LRE. In this context, he coordinates the contribution of EPITA’s regional sites in Strasbourg, Rennes, Lyon and Toulouse to the school’s partner research laboratories. Pierre was responsible for the BICS (Biostatistics, Informatics, and Complex Systems) research platform at the ICube laboratory, and responsible for the teaching department in computer science and mathematics at ECAM Strasbourg-Europe between 2012 and 2021. He is graduated with a Habilitation to Direct Research from the University of Strasbourg (2017) and a PhD in Computer Science from INSA Lyon (2008).

About Laboratoire de Recherche de l’EPITA / Laboratoire ICube – Unistra

EPITA is a private engineering school located in France, specialized in computer science and information technology. It was founded in 1984. EPITA offers a five-year program leading to the “Ingénieur EPITA” degree recognized by the Commission des Titres d’Ingénieurs. The school provides a curriculum focused on Computer Science and Computer Engineering

that covers various fields such as computer programming, artificial intelligence, cybersecurity, software engineering, and more. 

The LRE, Laboratoire de Recherche de l’EPITA, is the research lab of EPITA. It entails five teams: Security and Systems, Artificial Intelligence, Image, Automata, and Digital Methods for Humanities, as well as three transversal axes: robotics, software performance, and machine learning applications.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[TALK28] Immersive crisis management, risk management and decision support – Frédérick Benaben (IMT Mines Albi, Georgia Institute of Technology)

On Wed, Feb 22nd, 2023, 2pm CET, Frédérick Benaben (IMT Albi, Georgia Institute of Technology), will talk about “Immersive crisis management, risk management and decision support“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/28 with your interested friends!

Trailer: https://youtu.be/yBvXi66s4Ek
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:7024139695294947328/
Facebook Event: https://www.facebook.com/events/1100517861345963/
Youtube: https://www.youtube.com/watch?v=ZvfdO_T2-ro&list=PLdftPKA9mTfaDJxqwexil2mPhUFIA9ITd
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Help us spreading the news

The best talks are those with an interested diverse audience! Therefore, please use the following media to spread the news in your networks: 

Thank you!

Abstract

This talk explores the groundbreaking perspectives opened by the original specificities of immersive technologies in the fields of crisis management, risk management and decision support: The interest and the potential of virtual reality for training in crisis situations (of responders and citizens) will first be presented. Then, the contributions of immersive technologies, in particular in terms of facilitating interactions with artificial intelligence tools, will be illustrated through virtual and immersive cells dedicated to crisis management. Finally, the power of immersive approaches for decision support in uncertain and unstable contexts will be addressed through a third and last demonstration. In the end, different application contexts, different modes of immersion, and different users will be presented in order to cover the broadest possible perspective of the maturity of the research activities and contributions of the SIReN Lab (Sentient Immersive Response Network) between the Centre Genie Industriel of IMT Mines Albi and the Physical Internet Center of Georgia Tech.

Watch the trailer here.

Frédérick BENABEN

Frederick BENABEN is Professor at the Industrial Engineering Center of IMT Mines Albi in charge of the research axis “Security and Crisis Management”. He is the director of the IOMEGA VR lab on immersive technology for system management. He is adjunct Professor at the School of Industrial and Systems Engineering of the Georgia Institute of Technology (USA) and co-director with Professor Benoit Montreuil of the international associated laboratory “Sentient Immersive Response Network” (SIReN Lab) between IMT Mines Albi CGI and Georgia Tech ISyE. He is affiliated professor at the 3C informatics research center of the College of Information Sciences and Technology of the Pennsylvania State University (USA).

He is adjunct professor at the School of Economics and Management, Beijing Jiaotong University (China).

Centre Génie Industriel IMT Mines-Albi / SIReN Lab Georgia Tech

The Centre Génie Industriel involves 70 people and is interested in the kinetics of organizations and the development of decision support solutions in heterogeneous, collaborative and uncertain contexts. The Centre Génie Industriel conducts applied research activities through collaborative projects based on public funding (regional, national and international) but more mainly on private funding in the form of joint industrial research laboratories in direct partnership with industrial players.

The SIReN Lab is an international shared reserach Lab between IMT Mines Albi and Georgia Tech. It is focused on the design of management and decision making environments (control tower, immersive dashboard) to deal with networks and systems immersed in unstablme and uncertain environment. The SIReN lab involves a dozen of researchers including shared PhD students, faculties and engineers.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[TALK24] Roland van Rijswijk-Deij (University of Twente, NLnet Labs) – Quantum Prooving the Internet

On Wed, Nov 23th, 2022, 2pm CET, Roland van Rijswijk-Deij (University of Twente, NLnet Labs), will talk about “Quantum Prooving the Internet“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/24 with your interested friends!

Trailer: https://youtu.be/9v-iljMiTa8
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:6995358479146221569/
Facebook Event: https://www.facebook.com/events/450936563794090/
Youtube: https://www.youtube.com/watch?v=xAs2Rt58iEg
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Abstract

Today’s Internet cannot do without confidentiality and online identification. The cryptography typically used to achieve this, however, is under threat from quantum computers. While a practical quantum computer is years away, it also takes years to standardise and deploy alternative cryptography. Worse, applications that store data long‐term (e.g., captured encrypted Internet traffic) require action now, since if current cryptography is broken, stored data is immediately compromised.

Cryptographers are developing post‐quantum cryptography (PQC) that is secure against attacks with quantum computers. While much progress has been made developing and trialling algorithms, we lack a complete view of the problem space. More boldly: we cannot answer the question “what if the whole Internet had to switch to PQC?”. Nobody “owns the Internet” so who will tackle this challenge? Sure, the tech giants should take action, but the Internet is much broader than that. In my view, this challenge can only be solved with an independent holistic approach that considers all aspects of the Internet.

In this talk I will explore the research challenges for quantum-proofing the whole Internet and will propose a research agenda to tackle these challenges. I will show how we need to examine all parts of the Internet that rely on public-key cryptography and how we need to decide if we can simply replace algorithms, if we maybe have to re-engineer protocols and applications, or if the costs are simply too high and we should retire protocols or applications.

Watch the trailer here.

Roland van Rijswijk-Deij

After two decades in the industry, working on applied cryptography and network security, Roland is professor of measurement-based Internet security at the University of Twente since 2021. His research interests are in the application of global-scale Internet measurements to support empirically-backed securityanalysis and improvements of Internet protocols and the transition of the Internet to post-quantum cryptography.

University of Twente, NLnet Labs, Netherlands

Roland is a member of the Design and Analysis of Communications Systems group at the University of Twente, and a researcher in the Twente University Centre for Cybersecurity Research (TUCCR). Roland also advises NLnet Labs, a not-for-profit that develops open source software for core Internet protocols, on scientific research.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[TALK22] Gabi Dreo (Universität der Bundeswehr München, Germany) – Paradigm shift from cybersecurity to cyber resilience

On Mon, Nov 7th, 2022, 10ham CET, Gabi Dreo (Universität der Bundeswehr München, Germany), will talk about “Paradigm shift from cybersecurity to cyber resilience“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/22 with your interested friends!

Trailer: https://youtu.be/wjXyV3RwLic
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:6990051159256223744/
Facebook Event: https://fb.me/e/1VsjqM9VW
Youtube: https://youtu.be/QgA1idXyHqo
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Abstract

My talk will be about the paradigm shift from security to resilience, and especially the ways, the steps, the obstacles, chances, and risks. What to do to get a cyber resilient system?
Cybersecurity is necessary to think in another way; and certainly in terms of cyber resilience. Since we cannot build 100% secure systems, the question is, how we can build robust systems where the overall functionality is provided – also in case some parts are failing.

Watch the trailer here.

Gabi Dreo

Prof. Dreo studied computer science at the University of Maribor, Slovenia and received her doctorate and habilitation at the Ludwig-Maximilians-University of Munich (LMU) with “summa cum laude”.
In 1997, she received the LMU’s doctoral sponsorship award.
2016 she was awarded the Europe Medal by the Minister of State Dr. Merk
In 2019, she was selected as one of the 50 most influential women in Europe in the field of cybersecurity
In 2020, she was awarded the silver medal of the city of Neubiberg, Germany

Her research focuses, among others, on detection and mitigation of cyber attacks, in particular so-called Advanced Persistent Threats, development of novel cyber defense approaches in the environment of network-based moving target defense, use of ML-based approaches in security event analysis, 5G and IoT, situational awareness and social analytics, software defined networks and quantum communication.

Universität der Bundeswehr München, Germany

As an exceptional campus university, we have a lot to offer our members: excellent conditions for bachelor’s and master’s studies in small groups with residential facilities directly on campus, a modern infrastructure – which promotes a lively and innovative research culture – as well as numerous opportunities for further education, leisure activities and sports facilities.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/

[TALK23] Aaron Ding (TU Delft, Netherlands) – Trustworthy and Sustainable Edge AI 

On Wed, Oct 26th, 2022, 2pm CET, Aaron Ding (TU Delft, Netherlands), will talk about “Trustworthy and Sustainable Edge AI“. You are cordially invited to join the free live stream on youtube and LinkedIn! Please share the link https://talk.cybercni.fr/23 with your interested friends!

Trailer: https://youtu.be/H4kImH__DpY
LinkedIN Event: https://www.linkedin.com/video/event/urn:li:ugcPost:6990061761919868928/
Facebook Event: https://fb.me/e/24L973TCJ
Youtube: https://youtu.be/qzBS2dNN-yc
Stream redirect (for every edition): https://TALK.cyberCNI.fr/stream

Newsletter with invitations: Subscription on https://TALK.cyberCNI.fr

Abstract

Despite of promising impact, Edge AI is facing two major challenges for its large scale deployment: trustworthiness and sustainability.

On trustworthiness, Edge AI benefits from its close proximity to the end-devices and user generated data. However, due to the distributed deployment and deep penetration into personal context, the safety and perceived trustworthiness for Edge AI services raise concerns among several stakeholders (e.g., end users, public sectors, ISP). To achieve trustworthy Edge AI, critical building blocks are needed for ensuring transparency, fairness and robustness, especially for its training and deployment in decentralized, uncontrolled environments. The trustworthiness of Edge AI is a stepping stone, on which the promise of Edge AI can be built.

Meanwhile, being a critical goal of sustainability, the energy consumption of Edge AI needs to be optimized. The energy efficiency is crucial for embedding Edge AI to our infrastructures (e.g., road side units, micro base stations) in order to sustainably support advanced autonomous driving and Extended Reality (XR) services in the years to come. Across the pipeline of data acquisition, transfer, computation, and storage, there exists the possibility for Edge AI to trade off accuracy to less power and less time consumed. For instance, noisy inputs from numerous sensors can be selectively processed and transferred in order to save energy. This new dimension to the optimization design can pave the way towards a sustainable deployment of Edge AI.

Watch the trailer here.

Aaron Ding

Aaron Ding is leading the Cyber-Physical Intelligence (CPI) Lab as tenured Associate Professor of Edge AI at TU Delft. He has been awarded EU research grants (€5M+) as Consortium Director and PI. With over 15 years of R&D experience across EU, UK and USA, he has worked at TU Munich with Jörg Ott, at Columbia University with Henning Schulzrinne, at University of Cambridge with Jon Crowcroft. His research focuses on edge computing, edge AI, and data-driven IoT services. Being an active member of ACM, IEEE and IETF, he is the founder of ACM EdgeSys, Associate Editor for ACM TIOT and IEEE OJ-ITS. For contributions to mobile edge computing, his research has received best paper awards and recognition from ACM SIGCOMM, ACM EdgeSys, ACM SenSys CCIoT, and IEEE INFOCOM. Details of his projects and publications can be found on site: https://homepage.tudelft.nl/8e79t/

TU Delft, Netherlands

Founded in 1842, Delft University of Technology (TU Delft) is the oldest, largest, and most comprehensive university of technology in the Netherlands and globally ranked top 10 on the 2022 QS World University Rankings of Engineering & Technology. TU Delft collaborates with a wide network of educational, industrial, and governmental partners. It is a member of university federations including the IDEA League, CESAER, UNITECH International and 4TU.

Talk.cybercni.fr

The Cyber CNI Lecture Series is a free monthly event that typically takes place on the last Wednesday of the month from 2pm to 3h30pm CET.

The event consists of a 45-minute expert presentation followed by a 45-minute discussion.

The Cyber CNI Speaker series aims to raise awareness and understanding of cyber security issues among all audiences. It aims to enable an ongoing dialogue between experts from industry and academia and the general public (citizens, families, small and large businesses, public organizations, etc.). All of us are concerned.

The events are broadcast live on Youtube (https://talk.cybercni.fr/) and LinkedIn, allowing worldwide remote participation – including a tool to participate in the discussion.

You can add the event calendar via ICSwebcalHTML.

How the digital transformation is changing our lives

The COVID-19 pandemic has shown all of us the benefits of information technology. It allows us to work at a distance, to live at a distance, and most importantly, to keep in touch at a distance – with younger and older people, those closest to us, and even make new contacts.

Our society relies more and more on information and operational technologies. Examples include water, energy, heat and cooling supply, communications, healthcare, production and processing of goods, transportation, national security, banking, research and education, and food production.

What all these areas have in common is that they make intensive use of networked distributed computer systems. These systems can be attacked in many ways. This is no longer just a problem for computer “pros” because computer systems are essential to all of us. The effects of “cyber-attacks” range from power outages to the collapse of the health care or banking sectors.

Program and registration: https://talk.cybercni.fr/