Machine Learning, Robust Optimisation, and Verification: Creating Synergistic Capabilities in Cybersecurity Research

The need for better support to deal with the threats of cybersecurity is undisputed. Organisations are faced with an ever growing number of malware and integrated malware attack tools, attempted attacks on infrastructure and services, an increasing number of insider attacks, and advanced persistent threats for high-priced assets. Dealing with such threats requires that organisations have ICT staff that is at least familiar with cybersecurity issues and preferably has actual skills in cybersecurity regardless of the role of such staff. Likewise, management and decision makers need to be aware of cybersecurity issues and reflect these in their actions. Large organisations often have a Chief Information Security Officer (CISO) who deals with the operational and strategic issues of cybersecurity for his or her organisation. But SMEs typically cannot afford a role with such oversight on cybersecurity, which makes them especially vulnerable.

The scale and diversity of cybersecurity issues that an organisation faces means it cannot possibly consider each single vulnerability of its systems against each credible or potential adversary whose presence would turn a vulnerability into an actual threat. A CISO or decision maker, though, needs to have a fairly abstract view of all this complexity where the choice of abstraction is not driven by technical aspects but by modalities such as risk, compliance, availability of service, and strategy. This view often has to take into account the cybersecurity of external or partner organisations, which is problematic as organisations are reluctant to share such sensitive information. Therefore, a CISO or decision maker needs a representation of relevant internal or external systems and services that allows him or her to make decisions of either operational or strategic nature.

The uncertainty expressed in such abstractions is typically probabilistic or strict in nature. For example, a bank may have a good idea of the probability that a given teller machine has a corrupted external interface that clones inserted bank cards, based on past history, location of the machine and so forth. Strict uncertainty often relates to threats for which no (or insufficient) historical information is available to estimate probability distributions, or it is used to express the combinatorial nature of a problem, for example the different orderings in which one may schedule critical tasks.

This project brings together research leaders in machine learning, robust optimisation, verification and cybersecurity to explore new modelling and analysis capabilities for needs in cybersecurity. The project will investigate new approaches for modelling and optimisation by which cybersecurity of systems, processes, and infrastructures can be more robustly assessed, monitored, and controlled in the face of stochastic and strict uncertainty. Particular attention will be paid to privacy: new forms of privacy-preserving data analytics will be created and approaches to decision support that respect privacy considerations; for corporate confidentiality, we will invent foundations that enable different organisations to model and analyse cross-organisational cybersecurity aspects whilst respecting the type of privacy inherent in organisations' confidential information by establishing appropriate information barriers.

Each project site will host a workshop. These workshops will be open to any interested parties, but we will also send out targeted invitations to PIs and co-Is of other projects of this call, people from industry and governmental agencies, and other academics at all career stages (including PhD students). The aim of these workshops is to promote the objectives of the project, to disseminate project outcomes, to encourage external researchers (including PhD students) to share problems and collaborate with us, and to engage industrial problem owners.

We believe it is vital to create tool prototypes to increase impact of our foundational research. We therefore have an increased staff density in the final 12-16 months of the project to ensure that we can create powerful and convincing tool demonstrators.

Our research outputs will be made available in open-access form. This applies to research papers, software, research data (unless the latter is confidential due to its origin) or other project artefacts. We plan to use tools such as Zenodo (https://zenodo.org) to host such data and software with supporting DOIs.

We feel that this work is quite important and relevant to the concerns of the general public. Security and especially privacy of individual data is on most people's mind. Therefore, we aim to engage with the media to communicate to a general audience the research problems that we are addressing as well as our research outputs. We will choose such venues in a flexible and opportunistic manner. Let us mention the Imperial College London Festival, Science Events at the Darwin Centre in London, events hosted by the BBC, radio interviews with UK and Singapore stations, and also media outlets in the wider EU.

We broaden academic impact through further activities. We mean to develop course material (lecture notes, exercises, software) that other academics can use to teach material at the junction of machine learning, cybersecurity, privacy, and verification. Furthermore, we plan to write overviews of the research problems and our solutions addressed to a general scientific audience - aiming at appropriate venues such as the Communications of the ACM but also targeting venues beyond Computing, for example the New Scientist.

We plan to schedule a Hackathon around the second workshop. Here, we mean to provide a somewhat more sophisticated
gamification of the learning material developed for outreach to schools, to engage students (undergraduates, postgraduates or PhD students) and early career researchers with these research issues in the hope of attracting them to these research topics.

Both PIs and the co-I will explore during this project how research outcomes can be leveraged to generate research proposals for more applied or impact oriented research. We also plan to propose a seminar at the Leibniz-Centre for Informatics that would happen around the end of this project. These meetings gather international research leaders and decision makers in academia, industry, and to some degree from government to explore a research challenge. We would use this event in part to promote our research findings but also to form new collaborations and networks, and to provide stimulus for creating new or better research solutions.

To foster more longterm impact in academia, we will propose a workshop satellite event for a large security conference, for example for the ACM Computer and Communications Security conference series. We would expect this event to be repeated annually to provide a forum for exchange of research ideas and outputs at the junction of areas at which this proposal is situated.