Project description
Boosting cybersecurity against AI-based attacks
The security of digital systems is under constant threat of attacks. One way to improve cybersecurity is to predict how hackers could manipulate new technologies to break into existing systems. However, little is known about how cybercriminals might take advantage of the emerging field of machine learning. Funded by the European Research Council, the MALFOY project aims to determine how machine learning algorithms can be used to discover security weaknesses and perform computer attacks automatically. By taking the position of the attacker to explore offensive security techniques, the project will be able to construct effective defence mechanisms.
Objective
Despite a long series of research, computer attacks still pose a major threat to the security of digital systems. Different malicious actors, such as cybercriminals and intelligence agencies, continuously develop new offensive techniques to evade and outsmart existing defenses. As a result, security research is in a constant arms race and needs to anticipate novel developments as early as possible. However, one of the key technologies of the last years, machine learning, has received very little attention in offensive security so far. The simple question — ''how would a hacker use machine learning?'' — is largely unexplored and there is a striking gap in current research that hinders the anticipation of forthcoming threats. The project Malfoy closes this gap and systematically explores how machine learning can be applied for offensive computer security. By adopting the position of an adversary, we investigate how learning algorithms can be used to find security flaws, generate exploits, and construct computer attacks. To this end, we combine offensive security techniques with modern concepts for discriminative, generative, and reinforcement learning. Our goal is to assess how these techniques can interface with each other and improve their performance through learning. Based on this analysis, we become able to devise completely novel defenses that account for the presence of machine learning in the toolchain of attackers. Despite its offensive nature, the project thus strengthens computer security: First, it explores an uncharted area of research and hence will substantially expand our knowledge about modern computer attacks. Second, the project gives rise to novel and disruptive protection mechanisms, which enable us to move one step ahead of attack development. Finally, the project links two disconnected areas (offensive security and machine learning) and thereby establishes a new branch of joint research.
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.1.1 - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-ERC - HORIZON ERC Grants
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2021-COG
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
10623 Berlin
Germany
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.