Navigation auf uzh.ch
Armasuisse S+T (CYD-C-2020003)
|Source of funding:||
The main objective of the CyberTracer project is to research, design, and implement an intelligent and privacy-preserving framework providing secure and trusted resource-constrained sensors used in crowdsensing platforms. To achieve this goal, the following objectives are defined:
To create a novel and labeled dataset, suitable for federated learning, modeling operating system system calls executed by several resource-constrained devices acting as spectrum sensors (such as Raspberries Pi) when they are: (1) running in a normal fashion, (2) infected by recent malware families (such as Cryptominers, Backdoors, Rootkits, and others), and (3) affected by Spectrum Sensing Data Falsification (SSDF) attacks. The new dataset will be suitable for scenarios where data privacy is a critical aspect to preserve.
To design, implement, and initially validate a federated learning and behavioral fingerprinting- based module to detect anomalies produced by SSDF attacks and well-known malware (such as Botnets, Backdoors, Ransomware, Rootkits, and Cryptominers) affecting spectrum sensors. Different supervised and unsupervised federated AI-based techniques will be used to detect outliers and classify those previous attacks according to their impact on the internal behavior of spectrum sensors, such as Raspberries Pi.
To design, implement, and validate a trusted AI module able to measure the trustworthiness of AI- based classifiers and anomaly detectors used to detect cyberattacks affecting spectrum sensors. The four main pillars will be considered to calculate the trustworthiness level of AI models: (1) Robustness, (2) Explainability, (3) Fairness, and (4) Transparency. Each pillar will implement a set of metrics considering different data sources, such as (i) algorithms, (ii) data used for training/ evaluation, (iii) methodology followed to train/evaluate models, and (iv) problem to be solved.
To design and implement an adaptive mitigation module to orchestrate and enforce customized countermeasures in resource-constrained devices affected by Botnets, Rootkits, Backdoors, Ransomware, and SSDF attacks. The key goal here is to reduce and mitigate (if possible) the impact of each attack, proposing attack behavior-dependent countermeasures. Particular mitigation actions over the network interface configuration, file systems, and memory will be enforced depending on the attacks impact and behavior.
Inquiries may be directed to the local Swiss project management:
Prof. Dr. Burkhard Stiller,
Dr. Alberto Huertas Celdrán
|University of Zürich, IFI|
|Phone: +41 44 635 75 85|
Fax: +41 44 635 68 09