CyberTracer

General Information

Reference:

Armasuisse S+T (CYD-C-2020003)

Source of funding:

Armasuisse

Project Duration:

1.02.2022- 30.11.2022

Project Overview

The main objective of the CyberTracer project is to research, design, and implement an intelligent and privacy-preserving framework providing secure and trusted resource-constrained sensors used in crowdsensing platforms. To achieve this goal, the following objectives are defined:

 

To create a novel and labeled dataset, suitable for federated learning, modeling operating system system calls executed by several resource-constrained devices acting as spectrum sensors (such as Raspberries Pi) when they are: (1) running in a normal fashion, (2) infected by recent malware families (such as Cryptominers, Backdoors, Rootkits, and others), and (3) affected by Spectrum Sensing Data Falsification (SSDF) attacks. The new dataset will be suitable for scenarios where data privacy is a critical aspect to preserve.

To design, implement, and initially validate a federated learning and behavioral fingerprinting- based module to detect anomalies produced by SSDF attacks and well-known malware (such as Botnets, Backdoors, Ransomware, Rootkits, and Cryptominers) affecting spectrum sensors. Different supervised and unsupervised federated AI-based techniques will be used to detect outliers and classify those previous attacks according to their impact on the internal behavior of spectrum sensors, such as Raspberries Pi.

To design, implement, and validate a trusted AI module able to measure the trustworthiness of AI- based classifiers and anomaly detectors used to detect cyberattacks affecting spectrum sensors. The four main pillars will be considered to calculate the trustworthiness level of AI models: (1) Robustness, (2) Explainability, (3) Fairness, and (4) Transparency. Each pillar will implement a set of metrics considering different data sources, such as (i) algorithms, (ii) data used for training/ evaluation, (iii) methodology followed to train/evaluate models, and (iv) problem to be solved.

To design and implement an adaptive mitigation module to orchestrate and enforce customized countermeasures in resource-constrained devices affected by Botnets, Rootkits, Backdoors, Ransomware, and SSDF attacks. The key goal here is to reduce and mitigate (if possible) the impact of each attack, proposing attack behavior-dependent countermeasures. Particular mitigation actions over the network interface configuration, file systems, and memory will be enforced depending on the attacks impact and behavior.

Publications

  • Alberto Huertas, Pedro M. Sanchez, Gerome Bovet, Gregorio Martinez, Burkhard Stiller: Fingerprinting to Detect Data Leakage Attacks on Spectrum Sensors; ICC 2022 - IEEE International Conference on Communications, Seoul, Korea, May 2022, pp 1–6.
  • Alberto Huertas, Pedro M. Sánchez, Eder J. Scheid, Timucin Besken, Gerome Bovet, Gregorio Martinez, Burkhard Stiller: Policy-based and Behavioral Framework to Detect Ransomware Affecting Resource-constrained Sensors; NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, April 2022, pp 1–6. 
  • Alberto Huertas Celdrán, Pedro M. Sánchez Sánchez, Fabio Sisi, Gérôme Bovet, Gregorio Martínez Pérez, and Burkhard Stiller, "Creation of a Dataset Modeling the Behavior of Malware Affecting the Confidentiality of Data Managed by IoT Devices," Robotics and AI for Cybersecurity and Critical Infrastructure in Smart Cities, Springer, March 2022.
  • Valerian Rey, Pedro Miguel Sánchez Sánchez, Alberto Huertas Celdrán, Gérôme Bovet, Gregorio Martínez Pérez, Burkhard Stiller: A Review of Federated Learning for Malware Detection in IoT Devices; VII Jornadas Nacionales de Investigación en Ciberseguridad, Bilbao, Spain, June 2022, pp. 27–29.
  • Pedro Miguel Sánchez Sánchez, Alberto Huertas Celdrán, Gérôme Bovet, Gregorio Martínez Pérez, Burkhard Stiller: An ML and Behavior Fingerprinting-based Framework for Cyberattack Detection in IoT Crowdsensing Platforms; VII Jornadas Nacionales de Investigación en Ciberseguridad, Bilbao, Spain, June 2022, pp. 1–4.

 

Contact

Inquiries may be directed to the local Swiss project management:

Prof. Dr. Burkhard Stiller,

Dr. Alberto Huertas Celdrán 

University of Zürich, IFI
Binzmühlestrasse 14
CH-8050 Zürich
Switzerland

stiller@ifi.uzh.ch,

huertas@ifi.uzh.ch

Phone: +41 44 635 75 85

Fax: +41 44 635 68 09