报告题目:AI for Security Event Correlation in Industrial Cyber-Physical Systems: Mathematical Models, Implementations, and Challenges
报告时间:2024年11月7日 10:00
报告地点:吉林大学中心校区王湘浩楼A521
报 告 人:Prof. Igor Kotenko St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS), ITMO University, Russia
报告人简介:
Igor Kotenko is a Chief Scientist and Head of Research Laboratory of Computer Security Problems of the St. Petersburg Federal Research Center of the Russian Academy of Sciences. He is also Professor of ITMO University, St. Petersburg, Russia, and Bonch-Bruevich Saint-Petersburg State University of Telecommunications. He is the Honored Scientist of the Russian Federation, IEEE Senior member, Corresponding Member of the Academy of Natural Sciences, member of many Editorial Boards of Russian and International Journals, and the author of more than 800 refereed publications, including 25 books and monographs. Main research results are in artificial intelligence, telecommunication, cyber security, including network intrusion detection, modeling and simulation of network attacks, vulnerability assessment, security information and event management, verification and validation of security policy. Igor Kotenko was a project leader in the research projects from the European Office of Aerospace Research and Development, EU FP7 and FP6 Projects, HP, Intel, F-Secure, Huawei, etc. The research results of Igor Kotenko were tested and implemented in multitude of Russian research and development projects, including grants of Russian Science Foundation, Russian Foundation of Basic Research and multitude of State contracts. He has been a keynote and invited speaker on multitude of international conferences and workshops, as well as chaired many international conferences.
报告内容简介:
Cybersecurity has quickly become a big social problem of the 21st century, and innovative solutions are needed to ensure the cybersecurity of society. Recent advances in artificial intelligence (AI) technologies have led to increased innovation and automation of information security processes. Modern Industrial Internet of Things (IIoT) networks combine many devices and sensors that transmit and process large amounts of data. Security tools identify security events that contain information about detected system or network states. In turn, AI methods are required to ensure stability and reliability of IIoT processes. In the field of cybersecurity, AI methods are necessary for detection and prediction of incremental threats, such as multi-stage or targeted attacks (advanced persistent threats) and other causal sequences of abnormal events. Information about the correlation of security events can be used to detect and explain deviations from normal states and cyberattacks. The use of methods of correlation also makes it possible to reduce the volume of the original data stream by grouping them and eliminating redundancy. The talk shows the state of the art in the use of AI for cybersecurity (both by attackers and defense against attacks), in common, and for Security Event Correlation in IIoT networks, in particular. It systematizes event correlation technologies according to applied mathematical methods, used data sources and architectural solutions. This talk also proposes an anomaly detection approach based on the casual correlation of security events using machine learning. The proposed approach does not require prior knowledge of event scenarios. Using cluster analysis and a recurrent neural network, a security state correlation graph corresponding to the normal behavior of the system is constructed. Cluster analysis determines the similarity of events to each other. A recurrent neural network, represented by an LSTM, analyzes the temporal relationships of events. Using the identified event correlation thresholds, anomalies can be detected in real time. Experimental results on an Internet of Things sensor dataset show that the proposed method is efficient in anomaly detection tasks. As the results of the analysis, the main directions of research in the field of event correlation, existing problems and possible ways to overcome them are defined. This research is being supported by the grant of Russian Science Foundation #21-71-20078.
主办单位:
吉林大学计算机科学与技术学院
吉林大学网络安全学院
吉林大学软件学院
吉林大学计算机科学技术研究所
符号计算与知识工程教育部重点实验室
仿真技术教育部重点实验室
网络技术及应用软件教育部工程研究中心
吉林大学国家级计算机实验教学示范中心