Enabling Machine-Learning Intelligence for Network Cybersecurity
Objective
The Enabling Machine-Learning Intelligence for Network Cybersecurity (EMERGENCE) aims at enabling machine-learning-based analysis of high-speed network cybersecurity data. The first part of the project focuses on extracting the relevant fine-grained network metrics directly in the network devices and transforming these collected metrics into summaries that can be easily extracted from the devices. The second part of the project takes these summaries and feeds them into a machine learning system that is tailored to detect security attacks and performance-related issues. A key idea in the project is to leverage programmable network technologies that allow performing ad-hoc operations at the speed of the network before the summaries are sent to the slower machine learning systems.
One of the envisioned contributions of the project is the design and implementation of a framework that reconciles the different speeds at which today’s networks and machine learning systems operate.
Background
During the current global pandemic crisis, the Internet has played an essential role in allowing different parts of our society to continue operating without interruptions to the largest extent possible. However, the recent wave of cyber-attacks targeting the Internet infrastructure has raised concerns about the resilience of the Internet infrastructure. In contrast to general cybersecurity threats, which affect end-host systems, Internet-based network attacks target the core infrastructure of the Internet that is responsible for interconnecting all the billions of users, devices, and services together. Machine learning techniques to detect network-based cyber-attacks have long been limited by two unique aspects of the networking domain. First, network data is inherently volatile as traffic flows through a network without being stored. Second, network technologies are ill-suited for extracting fine-grained network information from high-speed networking devices. Both challenges will be addressed by relying on the emerging high-speed programmable network devices.
Crossdisciplinary collaboration
The researchers in the team represent the School of Electrical Engineering & Computer Science, KTH, and the Connected Intelligence unit at RISE Research Institutes of Sweden.
Watch the recorded presentation at Digitalize in Stockholm 2022 event:
Contacts
Marco Chiesa
Associate Professor, Division of software and computer systems at KTH EECS, Working group Cooperate, Main supervisor: Comprehensive Network Insight for Resilient Infrastructures, Co-PI: Emergence 2.0 - Securing Edge Networks with a Programmable Intelligent Architecture, Former Co-PI: Enabling Machine-Learning Intelligence for Network Cybersecurity (EMERGENCE), Digital Futures Faculty
+46 8 790 44 29mchiesa@kth.se
Nicolas Tsiftes
Senior researcher in the Connected Intelligence unit at RISE, Co-PI of project Emergence 2.0: Securing Edge Networks with a Programmable Intelligent Architecture, Former Co-PI: Enabling Machine-Learning Intelligence for Network Cybersecurity (EMERGENCE), Digital Futures Faculty
+46707349247nicolas.tsiftes@ri.se