Periodic Reporting for period 2 - SIMARGL (Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware)
Période du rapport: 2020-11-01 au 2022-04-30
The threat of cyberattacks using different variants of malware, i.e. malicious software programmes, is rapidly growing. Cyberattacks are aimed against individual citizens as well as public and private sectors and critical infrastructures ranging from health care to banking systems.
In this context, SIMARGL’s overarching aim was to significantly enhance cybersecurity by combating the threats imposed by novel malware that uses, for instance, information hiding techniques. SIMARGL offers an integrated and validated toolkit providing reliable protection against those threats.
To this end, SIMARGL uses breakthrough methods and algorithms to analyse network data. This includes, among others, advanced signal processing and transformations, lifelong learning intelligent systems (LLIS) approach as well as deep learning techniques. SIMARGL aims to carry cybersecurity methods beyond the state-of-the-art by providing an innovative product scalable to various domains and sectors and that can adapt and detect novel, emerging malware. Hence, the SIMARGL project centres around eight strategic objectives:
> Strategic Objective 1: To provide effective methods to counter attacks, cyber-crimes and broad range of malware including stegomalware.
> Strategic Objective 2: To propose, implement and validate innovative machine and deep learning methods do detect malware (including stegomalware), ransomware and network anomalies.
> Strategic Objective 3: To significantly improve current solutions (already at advanced TRL) owned by SIMARGL consortium partners such as Thales, Airbus, Pluribus-One and ITTI.
> Strategic Objective 4: To ensure privacy by design and security by design within our solutions, as well as to analyse and meet legal and ethical requirements.
> Strategic Objective 5: To provide training, especially for LEAs and other end-users focusing on threats using information hiding techniques, such as stegomalware. Tasks relevant to this objective will be realized in cooperation with Europol EC3 (via the Criminal Usage of Information Hiding – CUIng initiative).
> Strategic Objective 6: To integrate, deploy, demonstrate and validate our results at realistic use-case sites. SIMARGL consortium includes various end-users such a public educational CERT, private CERT of Orange and private commercial companies working on cyber protection of the financial sector.
> Strategic Objective 7: To communicate and disseminate our results. To provide relevant training of our innovative solutions, including the raise of awareness about risks of information-hiding-capable threats such as stegomalware.
> Strategic Objective 8: To transfer our results to market and to generate wide impact to European societies and economy.
In this context, SIMARGL’s overarching aim was to significantly enhance cybersecurity by combating the threats imposed by novel malware that uses, for instance, information hiding techniques. SIMARGL offers an integrated and validated toolkit providing reliable protection against those threats.
To this end, SIMARGL uses breakthrough methods and algorithms to analyse network data. This includes, among others, advanced signal processing and transformations, lifelong learning intelligent systems (LLIS) approach as well as deep learning techniques. SIMARGL aims to carry cybersecurity methods beyond the state-of-the-art by providing an innovative product scalable to various domains and sectors and that can adapt and detect novel, emerging malware. Hence, the SIMARGL project centres around eight strategic objectives:
> Strategic Objective 1: To provide effective methods to counter attacks, cyber-crimes and broad range of malware including stegomalware.
> Strategic Objective 2: To propose, implement and validate innovative machine and deep learning methods do detect malware (including stegomalware), ransomware and network anomalies.
> Strategic Objective 3: To significantly improve current solutions (already at advanced TRL) owned by SIMARGL consortium partners such as Thales, Airbus, Pluribus-One and ITTI.
> Strategic Objective 4: To ensure privacy by design and security by design within our solutions, as well as to analyse and meet legal and ethical requirements.
> Strategic Objective 5: To provide training, especially for LEAs and other end-users focusing on threats using information hiding techniques, such as stegomalware. Tasks relevant to this objective will be realized in cooperation with Europol EC3 (via the Criminal Usage of Information Hiding – CUIng initiative).
> Strategic Objective 6: To integrate, deploy, demonstrate and validate our results at realistic use-case sites. SIMARGL consortium includes various end-users such a public educational CERT, private CERT of Orange and private commercial companies working on cyber protection of the financial sector.
> Strategic Objective 7: To communicate and disseminate our results. To provide relevant training of our innovative solutions, including the raise of awareness about risks of information-hiding-capable threats such as stegomalware.
> Strategic Objective 8: To transfer our results to market and to generate wide impact to European societies and economy.
SIMARGL’s main achievement is the development and integration of a functional toolkit. The toolkit brings together a broad range of components prepared and supplied by the SIMARGL partners, who worked together to formulate an advanced malware detection platform, capable of discerning particularly hard to detect attacks leveraging steganography. The SIMARGL toolkit allows the user to run a comprehensive analysis, providing a high level of protection against a wide range of intrusions, including malware and stegomalware.
The toolkit development was based on an initial, comprehensive study that analysed the current state and trends in malware and its variation, including malware detection and countermeasures. The crucial functional requirements the SIMARGL toolkit were defined taking into account the end-user perspective. An intuitive user interface (UI) was designed that provides all relevant functions and features for an operator to observe tools and networks and to identify and manage alerts.
Apart from the technical issues the legal, social sciences and humanities perspective was addressed. The main results comprise a detailed account on the heterogenous actors in cyber space and the motives that direct their actions as well as a study on the dynamics that govern their interactions within cyber space. In addition, a comprehensive report to the EC that highlights recommendations for political actors. In particular, the report demonstrates the pivotal role of the European institutions using their regulatory competences to introduce norms.
Throughout the project runtime the consortium actively disseminated its results and will continue to do so even after its termination. A cornerstone of SIMARGL’s dissemination strategy is the SIMARGL website as well as social media accounts Core results were presented on scientific conferences and in highly-ranking peer-reviewed journals. SIMARGL envisages several short-, mid- and long-term objectives for continued exploitation after the project’s runtime including ongoing communication and dissemination activities to raise awareness for cyber security issues as well as continued offering of publicly available toolkit components.
The toolkit development was based on an initial, comprehensive study that analysed the current state and trends in malware and its variation, including malware detection and countermeasures. The crucial functional requirements the SIMARGL toolkit were defined taking into account the end-user perspective. An intuitive user interface (UI) was designed that provides all relevant functions and features for an operator to observe tools and networks and to identify and manage alerts.
Apart from the technical issues the legal, social sciences and humanities perspective was addressed. The main results comprise a detailed account on the heterogenous actors in cyber space and the motives that direct their actions as well as a study on the dynamics that govern their interactions within cyber space. In addition, a comprehensive report to the EC that highlights recommendations for political actors. In particular, the report demonstrates the pivotal role of the European institutions using their regulatory competences to introduce norms.
Throughout the project runtime the consortium actively disseminated its results and will continue to do so even after its termination. A cornerstone of SIMARGL’s dissemination strategy is the SIMARGL website as well as social media accounts Core results were presented on scientific conferences and in highly-ranking peer-reviewed journals. SIMARGL envisages several short-, mid- and long-term objectives for continued exploitation after the project’s runtime including ongoing communication and dissemination activities to raise awareness for cyber security issues as well as continued offering of publicly available toolkit components.
The SIMARGL project acted as a refinery of scientific endeavours, allowing researchers and innovators to continue pushing the envelope in multiple critical directions, a platform which allowed the scientists and the use-case partners to network and forge meaningful, long-term partnerships. SIMARGL turned many of the research breakthroughs into meaningful innovations in form of the SIMAGL toolkit that contributes to a more resilient and secure European cyberspace.
As depicted in the attached figure, the SIMARGL toolkit encompasses a collection of tools strengthening different facets of cybersecurity. The versatility and adaptability of the toolkit can be leveraged by actors in both the private and the public sectors to bolster security against various types of current and emerging malware threats. Before SIMARGL, security measures against information-hiding-capable malware were non-existent. The SIMARGL toolkit can be leveraged to formulate comprehensive protection.
Not only did SIMARGL advance technological innovations but also addressed directly EU’s cyber security policies with a set of guidelines for intrusion detection systems to be fully compliant with the GDPR, by designing a privacy-preserving network intrusion detection component, and also with legislative recommendations to the EU.
The significant scientific contributions disseminated via open access are quickly garnering the positive attention of a wider audience of researchers, and the research conducted in the project lifetime is already being built upon by researchers from all around the world, as demonstrated by the growing number of citations. Some of the project results are also open-sourced under permissive licences, allowing the community to take on the mantle and continue pushing forward. The SIMARGL project set the groundwork and made significant scientific contributions for a number of research domains, tied into the project goals and the covered threat space, including the development of solutions to detect information-hiding-capable malware.
The educational material produced by the top-tier experts in their respective fields of cybersecurity can be readily used by interested parties to train personnel required to fill the growing employment vacuum in cybersecurity, especially with the official backing provided by FernUniversität in Hagen.
As depicted in the attached figure, the SIMARGL toolkit encompasses a collection of tools strengthening different facets of cybersecurity. The versatility and adaptability of the toolkit can be leveraged by actors in both the private and the public sectors to bolster security against various types of current and emerging malware threats. Before SIMARGL, security measures against information-hiding-capable malware were non-existent. The SIMARGL toolkit can be leveraged to formulate comprehensive protection.
Not only did SIMARGL advance technological innovations but also addressed directly EU’s cyber security policies with a set of guidelines for intrusion detection systems to be fully compliant with the GDPR, by designing a privacy-preserving network intrusion detection component, and also with legislative recommendations to the EU.
The significant scientific contributions disseminated via open access are quickly garnering the positive attention of a wider audience of researchers, and the research conducted in the project lifetime is already being built upon by researchers from all around the world, as demonstrated by the growing number of citations. Some of the project results are also open-sourced under permissive licences, allowing the community to take on the mantle and continue pushing forward. The SIMARGL project set the groundwork and made significant scientific contributions for a number of research domains, tied into the project goals and the covered threat space, including the development of solutions to detect information-hiding-capable malware.
The educational material produced by the top-tier experts in their respective fields of cybersecurity can be readily used by interested parties to train personnel required to fill the growing employment vacuum in cybersecurity, especially with the official backing provided by FernUniversität in Hagen.