Scroll Top

Cyber intelligence

The integration of intelligence in cybersecurity, such as using machine learning algorithms for detection, prevention, response, recovery, and active defense, is considered as one of the essential pillars in all Information and Communications Technology (ICT) Research and Development strategies developed in Spain, Europe, and the rest of the world. In addition, such strategies also highlight the importance of protecting this new ecosystem, as artificial intelligence processes can be targeted by malicious adversaries or even used as malicious tools themselves.

Given the importance of this conceptual duality of “AI for Cybersecurity” and “Cybersecurity for AI”, our research lab is studying its associated challenges from a holistic perspective in various research projects. For example, CIBERIA is focused on the integration of AI-based solutions in the context of Cyber Defence Centres and its associated technologies (e.g., IDS, SIEM, SOAR), while SecAI aims to analyse how certain paradigms like Edge computing and Digital Twins can facilitate the deployment and maintenance of such AI security services. Finally, AIAS aims to lead research actions on attacks against AI models through adversarial Artificial Intelligence.

One of the most traditional uses of machine learning in cybersecurity is the integration of detection mechanisms. While various advances have been done in this field, there are still various avenues that can be further explored. Precisely, we have investigated how machine learning algorithms can be integrated more deeply with anomaly detection frameworks to improve aspects such as the traceability of attacks in collaborative systems [1] [2]. Moreover, we are exploring how novel paradigms, such as Digital Twins, can be used to solve other challenges (e.g., concept drift), by continuously monitoring and evaluating of the quality of the detection mechanisms [3].

Beyond detection, our research group is also studying the application of machine learning in other areas. Regarding the integration of AI in existing security solutions, we have studied how we can take advantage of Large Language Models (LLMs) as tools for refining security solutions such as Trust Management Systems [4]. In addition, we are also exploring the application of AI in privacy preserving systems, including the generation of synthetic data that guarantees the privacy of the original information source while maintaining their utility [5].

Research lines

References

  1. Jesus Cumplido and Cristina Alcaraz and Javier Lopez (2022): Collaborative anomaly detection system for charging stations. In: The 27th European Symposium on Research in Computer Security (ESORICS 2022), pp. 716–736, Springer, Cham Springer, Cham, 2022.
  2. Alberto Garcia and Cristina Alcaraz and Javier Lopez (2023): MAS para la convergencia de opiniones y detección de anomalías en sistemas ciberfísicos distribuidos. In: VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC), Vigo, 2023.
  3. Cristina Alcaraz and Javier Lopez (2024): Digital Twin-assisted anomaly detection for industrial scenarios. In: International Journal of Critical Infrastructure Protection, vol. 47, pp. 100721, 2024, ISSN: 1874-5482.
  4. Davide Ferraris and Konstantinos Kotis and Christos Kalloniatis (2024): Enhancing TrUStAPIS Methodology in the Web of Things with LLM-generated IoT Trust Semantics. In: 26th International Conference on Information and Communications Security (ICICS 2024), Springer, Mytilene, Lesvos, Greece, Forthcoming.
  5. Pablo Sánchez-Serrano and Ruben Rios and Isaac Agudo (2024): Privacy-preserving tabular data generation: Systematic Literature Review. In: 19th DPM International Workshop on Data Privacy Management (DPM 2024), Springer, Bydgoszcz, Poland, Forthcoming.