In period 2, the project has successfully and timely completed all the deliverables due in the reporting period.
The technical and scientific work in the project has progressed as expected and has even outperformed the expected results of the period, since the project has explored and adopted Large Language Models (LLMs) as part of the artificial intelligence solutions that are leveraged in the project, thus modernising the initial approach proposed in the description of the action for some of the components of the AI4CYBER framework.
WP3 was devoted to the research on AI-driven testing solutions and AI use for preparedness of the system against advanced and sophisticated threats. The work led to the final version of AI4FIX and AI4VULN components of the AI4CYBER framework. While final AI4FIX uses AI technologies, like Large Language Models, to automate the correction of errors and weaknesses in software code, AI4VULN final prototype tool uses LLM-enhanced focus of symbolic execution to identify source code vulnerabilities.
In addition, WP3 finalised the AI-powered simulation, and designed and implemented the final AI4SIM component where advanced attack simulation workflows and supporting tools were developed, along with datasets for testing and validation. Finally, the final AI4CTI was designed and implemented, which leverages AI, and particularly LLMs to increase knowledge of advanced threats. The component extracts deep knowledge from open CTI sources such as security advisories and attack flows and extracts tactics, techniques and procedures TTPs and temporal information to propose ordered mitigations.
In WP4, the activities carried out in the second period included the design, implementation and detailed definition of the final versions of both AI4FIDS and AI4TRIAGE components. AI4FIDS is a federated Intrusion Detection System (IDS) which adopts a multimodal architecture where several detectors are combined as a set of collaborative federated IDS. The corresponding DL models were implemented, utilising network flow statistics, system logs, operational data, and binary representations, and federation schemas of these DL models were designed and developed. Furthermore, the AI4FIDS work included research on weights aggregation techniques. AI4TRIAGE leverages AI for prioritization of security events from AI4FIDS.
In WP5, the final models and methods supporting the autonomous response and defence strategy optimization were delivered. Particularly, four software services have been designed and implemented: i) AI4ADAPT that uses reinforcement learning (RL) to offer the needed intelligence to autonomously evolve the needed response measures in the system so as protection efficiency is increased.; ii) AI4SOAR that analyses optimal defence strategies and intelligently orchestrates multiple incident responses at different layers of the system, and provides automation in the orchestration of response playbooks, where LLMs are used to prevent inconsistencies in and across playbooks; iii) AI4DECEIVE which uses Game theory to intelligently deploy and configure networks of honeypots that maximise the time the attackers get lured; and iv) AI4COLLAB that enables incident information sharing for third parties and uses LLMs-enhanced anonymisation techniques to prevent private information disclosure.
WP6 results were delivered in form of the final TRUST4AI component, which considers the ML models as black-box entities and assesses their trustworthiness. The TRUST4AI.XAI subcomponent allows model engineers investigating the AI explainability, while the TRUST4AI.Fairness allows them detecting and mitigating bias in the models. The TRUST4AI.Security service is dedicated to ensuring the security against Adversarial Machine Learning (AML) attacks and integrates with AI4SIM adversarial attack simulation subcomponents to launch adversarial tests.