Periodic Reporting for period 1 - CyberSecDome (An innovative Virtual Reality based intrusion detection, incident investigation and response approach for enhancing the resilience, security, privacy and accountability of complex and heterogeneous digital systems and infrastructures)
Reporting period: 2023-09-01 to 2025-02-28
CyberSecDome addresses the growing threat of cybersecurity attacks that disrupt digital infrastructures, which are now critical to economic stability, public safety, and the functioning of democratic societies. The project seeks to build a comprehensive “dome” of protection around digital infrastructures by delivering an integrated set of innovative solutions. These include AI-powered systems capable of detecting and predicting cyberattacks, supporting in-depth incident investigation, enabling dynamic risk assessment, and executing adaptive and automated incident responses.
A key innovation of CyberSecDome is the development of a Virtual Reality (VR) interface designed to enhance the situational awareness of Security Operations Center (SOC) analysts. Through immersive visualization, the VR interface provides analysts with a clearer understanding of complex infrastructure states and the reasoning behind AI-driven decisions, utilizing explainable AI (XAI) techniques. Additionally, CyberSecDome fosters collaboration among different SOC teams across infrastructures through privacy-aware threat information sharing mechanisms. To further support cooperation without compromising sensitive data, the project introduces AI-knowledge sharing frameworks, allowing organizations to exchange AI model parameters rather than raw training data.
The expected impact of CyberSecDome is significant. By enabling faster and more effective SOC responses, the project aims to ensure the quick recovery of digital infrastructures following cyber incidents. It also strengthens the collaboration between different infrastructure operators, thus improving the collective resilience against large-scale attacks. Furthermore, the enhanced situational awareness provided by the VR tools equips SOC analysts with superior capabilities to detect, interpret, and respond to emerging threats.
Addressing this challenge is urgent. Today, digital infrastructures underpin almost every aspect of modern life, from financial systems to healthcare, transportation, and governance. Disruptions not only cause severe financial losses but also degrade citizens’ quality of life and threaten the integrity of democratic institutions. CyberSecDome is therefore a timely and vital initiative to strengthen the defenses of digital infrastructures and safeguard societal well-being.
A key innovation of CyberSecDome is the development of a Virtual Reality (VR) interface designed to enhance the situational awareness of Security Operations Center (SOC) analysts. Through immersive visualization, the VR interface provides analysts with a clearer understanding of complex infrastructure states and the reasoning behind AI-driven decisions, utilizing explainable AI (XAI) techniques. Additionally, CyberSecDome fosters collaboration among different SOC teams across infrastructures through privacy-aware threat information sharing mechanisms. To further support cooperation without compromising sensitive data, the project introduces AI-knowledge sharing frameworks, allowing organizations to exchange AI model parameters rather than raw training data.
The expected impact of CyberSecDome is significant. By enabling faster and more effective SOC responses, the project aims to ensure the quick recovery of digital infrastructures following cyber incidents. It also strengthens the collaboration between different infrastructure operators, thus improving the collective resilience against large-scale attacks. Furthermore, the enhanced situational awareness provided by the VR tools equips SOC analysts with superior capabilities to detect, interpret, and respond to emerging threats.
Addressing this challenge is urgent. Today, digital infrastructures underpin almost every aspect of modern life, from financial systems to healthcare, transportation, and governance. Disruptions not only cause severe financial losses but also degrade citizens’ quality of life and threaten the integrity of democratic institutions. CyberSecDome is therefore a timely and vital initiative to strengthen the defenses of digital infrastructures and safeguard societal well-being.
The project has made substantial progress in both its technical and scientific aspects. The architecture of the CyberSecDome system was carefully designed, providing the foundation for a comprehensive solution. Several AI models were developed, each focusing on key aspects of cybersecurity: intrusion prediction, incident investigation (processing alerts and generating smart responses), penetration testing, dynamic risk analysis, and adaptive incident response. These models were not developed in isolation but were designed to interact and collaborate, offering an end-to-end solution for cybersecurity incident handling. Additionally, the project successfully created a cutting-edge Virtual Reality (VR) interface, which was integrated with the various AI models. This VR interface enhances situational awareness for SOC analysts, allowing them to visualize and interpret complex data in real-time, significantly improving their decision-making capabilities.
The project also developed a privacy-aware information-sharing framework, which supports both threat information sharing and AI-knowledge sharing. The latter enables the secure exchange of AI model parameters across different CyberSecDome instances (or “domes”) without exposing sensitive training data, promoting collaboration while maintaining privacy and security. One of the project’s major achievements was successfully integrating these different AI models and the VR interface into a unified system, which allows for seamless incident detection, analysis, response, and recovery. This integration empowers SOC analysts to respond to attacks more effectively and quickly.
As a result of these efforts, the first integrated version of CyberSecDome has been developed and successfully tested internally. It is now prepared for real-world testing through both internal and external pilot projects. The outcomes so far demonstrate the potential of CyberSecDome to enhance the security and resilience of digital infrastructures, and the next phase of testing will help further refine and validate the system’s capabilities.
The project also developed a privacy-aware information-sharing framework, which supports both threat information sharing and AI-knowledge sharing. The latter enables the secure exchange of AI model parameters across different CyberSecDome instances (or “domes”) without exposing sensitive training data, promoting collaboration while maintaining privacy and security. One of the project’s major achievements was successfully integrating these different AI models and the VR interface into a unified system, which allows for seamless incident detection, analysis, response, and recovery. This integration empowers SOC analysts to respond to attacks more effectively and quickly.
As a result of these efforts, the first integrated version of CyberSecDome has been developed and successfully tested internally. It is now prepared for real-world testing through both internal and external pilot projects. The outcomes so far demonstrate the potential of CyberSecDome to enhance the security and resilience of digital infrastructures, and the next phase of testing will help further refine and validate the system’s capabilities.
CyberSecDome presents several innovations that push the boundaries of current cybersecurity solutions. One of the key advancements is the use of VR to support SOC analysts in both incident handling and understanding AI models. This integration of VR enhances situational awareness, allowing analysts to visualize and interact with complex data in real-time, which improves their decision-making process during active cyberattacks. Another major innovation is the dynamic and adaptive incident response system, which not only proposes quick mitigation actions but also adapts its future responses based on the acceptance or rejection of prior actions, significantly enhancing the agility of the system. Moreover, the development of AI-knowledge sharing allows different CyberSecDome instances to securely exchange AI model knowledge without needing to share sensitive training data, ensuring privacy while enabling collaboration.
These innovations bring several long-term impacts. First, they drastically reduce decision-making time for SOC analysts, improving their ability to respond to incidents swiftly. The system also enables secure collaboration across organizations, allowing them to share threat intelligence without exposing private data, which strengthens collective cybersecurity efforts. The framework contributes to the overall resilience of digital infrastructures by helping organizations recover faster from cyber incidents. Additionally, the introduction of the VR interface provides SOC analysts with an advanced tool that helps them gain deeper insights into ongoing attacks, enhancing their response capabilities.
However, to ensure the continued success and broader adoption of CyberSecDome, several key actions are needed. These include further testing and validation of the system against a variety of cyberattacks, ensuring its robustness across different scenarios. Additionally, demonstrating CyberSecDome in different domains and infrastructures will be crucial to proving its scalability and adaptability in real-world environments.
By the end of the project, CyberSecDome will provide a complete framework for incident handling and management, incorporating cutting-edge AI models, dynamic response systems, and the VR interface. This framework will be fully tested and ready for deployment, offering a comprehensive solution that significantly improves the security and resilience of digital infrastructures.
These innovations bring several long-term impacts. First, they drastically reduce decision-making time for SOC analysts, improving their ability to respond to incidents swiftly. The system also enables secure collaboration across organizations, allowing them to share threat intelligence without exposing private data, which strengthens collective cybersecurity efforts. The framework contributes to the overall resilience of digital infrastructures by helping organizations recover faster from cyber incidents. Additionally, the introduction of the VR interface provides SOC analysts with an advanced tool that helps them gain deeper insights into ongoing attacks, enhancing their response capabilities.
However, to ensure the continued success and broader adoption of CyberSecDome, several key actions are needed. These include further testing and validation of the system against a variety of cyberattacks, ensuring its robustness across different scenarios. Additionally, demonstrating CyberSecDome in different domains and infrastructures will be crucial to proving its scalability and adaptability in real-world environments.
By the end of the project, CyberSecDome will provide a complete framework for incident handling and management, incorporating cutting-edge AI models, dynamic response systems, and the VR interface. This framework will be fully tested and ready for deployment, offering a comprehensive solution that significantly improves the security and resilience of digital infrastructures.