Periodic Reporting for period 2 - AI4CYBER (Trustworthy Artificial Intelligence for Cybersecurity Reinforcement and System Resilience)
Okres sprawozdawczy: 2024-03-01 do 2025-08-31
In the period 2, the AI4CYBER project has successfully delivered the AI4CYBER framework of next generation cybersecurity services leveraging Artificial Intelligence (AI), aimed at increasing cyber resilience in critical infrastructures, while adhering to relevant EU policy, legal and ethical requirements of the AI developed.
During the second half of the action duration, the project has successfully achieved all its technical and outreach objectives. The project has developed methods and tools of AI-driven software robustness and security testing to facilitate the testing experts work, through smarter flaw identification and code fixing automation; Cybersecurity services for comprehension, detection and analysis of advanced and AI-powered attacks; And response automation services to optimize the orchestration of the most appropriate combination of security protections.
During the second half of the action duration, the project has successfully achieved all its technical and outreach objectives. The project has developed methods and tools of AI-driven software robustness and security testing to facilitate the testing experts work, through smarter flaw identification and code fixing automation; Cybersecurity services for comprehension, detection and analysis of advanced and AI-powered attacks; And response automation services to optimize the orchestration of the most appropriate combination of security protections.
In period 2, the project has successfully and timely completed all the deliverables due in the reporting period.
The technical and scientific work in the project has progressed as expected and has even outperformed the expected results of the period, since the project has explored and adopted Large Language Models (LLMs) as part of the artificial intelligence solutions that are leveraged in the project, thus modernising the initial approach proposed in the description of the action for some of the components of the AI4CYBER framework.
WP3 was devoted to the research on AI-driven testing solutions and AI use for preparedness of the system against advanced and sophisticated threats. The work led to the final version of AI4FIX and AI4VULN components of the AI4CYBER framework. While final AI4FIX uses AI technologies, like Large Language Models, to automate the correction of errors and weaknesses in software code, AI4VULN final prototype tool uses LLM-enhanced focus of symbolic execution to identify source code vulnerabilities.
In addition, WP3 finalised the AI-powered simulation, and designed and implemented the final AI4SIM component where advanced attack simulation workflows and supporting tools were developed, along with datasets for testing and validation. Finally, the final AI4CTI was designed and implemented, which leverages AI, and particularly LLMs to increase knowledge of advanced threats. The component extracts deep knowledge from open CTI sources such as security advisories and attack flows and extracts tactics, techniques and procedures TTPs and temporal information to propose ordered mitigations.
In WP4, the activities carried out in the second period included the design, implementation and detailed definition of the final versions of both AI4FIDS and AI4TRIAGE components. AI4FIDS is a federated Intrusion Detection System (IDS) which adopts a multimodal architecture where several detectors are combined as a set of collaborative federated IDS. The corresponding DL models were implemented, utilising network flow statistics, system logs, operational data, and binary representations, and federation schemas of these DL models were designed and developed. Furthermore, the AI4FIDS work included research on weights aggregation techniques. AI4TRIAGE leverages AI for prioritization of security events from AI4FIDS.
In WP5, the final models and methods supporting the autonomous response and defence strategy optimization were delivered. Particularly, four software services have been designed and implemented: i) AI4ADAPT that uses reinforcement learning (RL) to offer the needed intelligence to autonomously evolve the needed response measures in the system so as protection efficiency is increased.; ii) AI4SOAR that analyses optimal defence strategies and intelligently orchestrates multiple incident responses at different layers of the system, and provides automation in the orchestration of response playbooks, where LLMs are used to prevent inconsistencies in and across playbooks; iii) AI4DECEIVE which uses Game theory to intelligently deploy and configure networks of honeypots that maximise the time the attackers get lured; and iv) AI4COLLAB that enables incident information sharing for third parties and uses LLMs-enhanced anonymisation techniques to prevent private information disclosure.
WP6 results were delivered in form of the final TRUST4AI component, which considers the ML models as black-box entities and assesses their trustworthiness. The TRUST4AI.XAI subcomponent allows model engineers investigating the AI explainability, while the TRUST4AI.Fairness allows them detecting and mitigating bias in the models. The TRUST4AI.Security service is dedicated to ensuring the security against Adversarial Machine Learning (AML) attacks and integrates with AI4SIM adversarial attack simulation subcomponents to launch adversarial tests.
The technical and scientific work in the project has progressed as expected and has even outperformed the expected results of the period, since the project has explored and adopted Large Language Models (LLMs) as part of the artificial intelligence solutions that are leveraged in the project, thus modernising the initial approach proposed in the description of the action for some of the components of the AI4CYBER framework.
WP3 was devoted to the research on AI-driven testing solutions and AI use for preparedness of the system against advanced and sophisticated threats. The work led to the final version of AI4FIX and AI4VULN components of the AI4CYBER framework. While final AI4FIX uses AI technologies, like Large Language Models, to automate the correction of errors and weaknesses in software code, AI4VULN final prototype tool uses LLM-enhanced focus of symbolic execution to identify source code vulnerabilities.
In addition, WP3 finalised the AI-powered simulation, and designed and implemented the final AI4SIM component where advanced attack simulation workflows and supporting tools were developed, along with datasets for testing and validation. Finally, the final AI4CTI was designed and implemented, which leverages AI, and particularly LLMs to increase knowledge of advanced threats. The component extracts deep knowledge from open CTI sources such as security advisories and attack flows and extracts tactics, techniques and procedures TTPs and temporal information to propose ordered mitigations.
In WP4, the activities carried out in the second period included the design, implementation and detailed definition of the final versions of both AI4FIDS and AI4TRIAGE components. AI4FIDS is a federated Intrusion Detection System (IDS) which adopts a multimodal architecture where several detectors are combined as a set of collaborative federated IDS. The corresponding DL models were implemented, utilising network flow statistics, system logs, operational data, and binary representations, and federation schemas of these DL models were designed and developed. Furthermore, the AI4FIDS work included research on weights aggregation techniques. AI4TRIAGE leverages AI for prioritization of security events from AI4FIDS.
In WP5, the final models and methods supporting the autonomous response and defence strategy optimization were delivered. Particularly, four software services have been designed and implemented: i) AI4ADAPT that uses reinforcement learning (RL) to offer the needed intelligence to autonomously evolve the needed response measures in the system so as protection efficiency is increased.; ii) AI4SOAR that analyses optimal defence strategies and intelligently orchestrates multiple incident responses at different layers of the system, and provides automation in the orchestration of response playbooks, where LLMs are used to prevent inconsistencies in and across playbooks; iii) AI4DECEIVE which uses Game theory to intelligently deploy and configure networks of honeypots that maximise the time the attackers get lured; and iv) AI4COLLAB that enables incident information sharing for third parties and uses LLMs-enhanced anonymisation techniques to prevent private information disclosure.
WP6 results were delivered in form of the final TRUST4AI component, which considers the ML models as black-box entities and assesses their trustworthiness. The TRUST4AI.XAI subcomponent allows model engineers investigating the AI explainability, while the TRUST4AI.Fairness allows them detecting and mitigating bias in the models. The TRUST4AI.Security service is dedicated to ensuring the security against Adversarial Machine Learning (AML) attacks and integrates with AI4SIM adversarial attack simulation subcomponents to launch adversarial tests.
The components of the framework can be summarised as follows:
• AI4VULN – Code testing: A solution to automatic identification and verification of vulnerabilities and weaknesses in the code thanks to applying symbolic execution and the use of AI to support scalability.
• AI4FIX – Code vulnerability fixing: A fully open-source end-to-end vulnerability fixing solution supporting Java, bringing automatic unit testing of proposed fixes, which enables to shift the fixing of the vulnerability much earlier in the software development flow, saving time and reworks.
• AI4CTI - Cyber Threat Intelligence improvement: An advanced solution that offers latest AI-powered CTI to detection and threat simulation tools for raising their efficiency.
• AI4SIM - Threat Simulation: An advanced simulation solution capable to simulate advanced and AI-powered attacks against IT, OT and IoT systems.
• AI4FIDS – Federated Detection of threats: A high-performance and accuracy detection solution for Advanced and AI-powered attacks detection in distributed environments where privacy of data needs to be kept.
• AI4TRIAGE – Incident triage: AI-based root cause analysis and alert triage to prioritize events to focus the response on.
• AI4SOAR – Security Orchestration, Automation Response: AI-powered SOAR capable to deploy multiple security controls at different layers of the system to better react against cyber attacks.
• AI4DECEIVE – Deception and honeypots: The intelligent deception mechanisms that will enrich the response of AI4SOAR.
• AI4ADAPT – Long term adaptation: The service that enhances AI4SOAR with long-term response based on self-learning the system status and the efficiency of the security controls deployed.
• AI4COLLAB –Information sharing and collaboration: Automatic privacy-aware sharing of incident information.
• TRUST4AI - Trustworthiness of AI: A set of highly innovative methods and models ensuring trustworthiness of AI systems.
D8.4 describes the IPR and exploitation models of all of them.
• AI4VULN – Code testing: A solution to automatic identification and verification of vulnerabilities and weaknesses in the code thanks to applying symbolic execution and the use of AI to support scalability.
• AI4FIX – Code vulnerability fixing: A fully open-source end-to-end vulnerability fixing solution supporting Java, bringing automatic unit testing of proposed fixes, which enables to shift the fixing of the vulnerability much earlier in the software development flow, saving time and reworks.
• AI4CTI - Cyber Threat Intelligence improvement: An advanced solution that offers latest AI-powered CTI to detection and threat simulation tools for raising their efficiency.
• AI4SIM - Threat Simulation: An advanced simulation solution capable to simulate advanced and AI-powered attacks against IT, OT and IoT systems.
• AI4FIDS – Federated Detection of threats: A high-performance and accuracy detection solution for Advanced and AI-powered attacks detection in distributed environments where privacy of data needs to be kept.
• AI4TRIAGE – Incident triage: AI-based root cause analysis and alert triage to prioritize events to focus the response on.
• AI4SOAR – Security Orchestration, Automation Response: AI-powered SOAR capable to deploy multiple security controls at different layers of the system to better react against cyber attacks.
• AI4DECEIVE – Deception and honeypots: The intelligent deception mechanisms that will enrich the response of AI4SOAR.
• AI4ADAPT – Long term adaptation: The service that enhances AI4SOAR with long-term response based on self-learning the system status and the efficiency of the security controls deployed.
• AI4COLLAB –Information sharing and collaboration: Automatic privacy-aware sharing of incident information.
• TRUST4AI - Trustworthiness of AI: A set of highly innovative methods and models ensuring trustworthiness of AI systems.
D8.4 describes the IPR and exploitation models of all of them.