AI for APTs detection

Advanced Persistent Threats (APTs) detection in the realm of cybersecurity

Advanced Persistent Threats (APTs) detection in the realm of cybersecurity

R2D2 Partners S2Group has made an interesting publication to demostrate how they are appliying AI for APT detection within the frame of the R2D2 (Reliability, Resilience, and Defense technology for the grid) project, examining both current challenges and implicit benefits. S2Group analyzes the distinctive characteristics of APTs, the obstacles in their detection, and how AI- based results can overcome these challenges.

To achieve their goals, APTs use highly sophisticated tactics such as custom malware, exploitation of unknown vulnerabilities, and advanced social engineering techniques. Understanding and defending against these threats is essential, and the MITRE ATT&CK framework is crucial as it details the different phases of the cyberattack lifecycle, from reconnaissance to evasion.

In response to this challenge, the use of artificial intelligence (AI) is proposed as an effective solution to improve the detection of APTs. AI excels in its ability to analyze large volumes of data and detect anomalous patterns in real time, thus overcoming the limitations of traditional methods based on signatures and static rules. Unlike these conventional approaches, AI can adapt and learn from new threats, offering more dynamic and effective detection.

AI for APTs detection

In R2D2 project, S2Group is committed to integrating AI into its Carmen tool for APT detection. This process is developed in two main phases.

First, Natural Language Processing (NLP) techniques are used to project threat tactics and techniques into an N-dimensional space. This allows the alignment of historical threat intelligence collected by the Threat Intelligence team with the real-time results produced by Carmen’s analyzers. By representing this data in a common space, it is possible to measure the distances and relationships between them, identifying potential correlations that alert to the presence of an APT.

In the second phase, all previously generated alerts are correlated using an algorithm that calculates the risk probability of an APT. This approach allows for a more accurate and rapid assessment of the situation, increasing detection precision and enabling early identification of threats before significant damage occurs to the organization.

In summary, the combination of AI, NLP, and a threat intelligence database in the R2D2 project represents a significant advancement towards more proactive and robust cybersecurity. This innovative approach enhances the ability of digital infrastructures to withstand and mitigate the most advanced threats, ensuring resilience against APTs.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


Internal meetings to make important decisions regarding UCs

Internal meetings to make important decisions regarding UCs

Partners from IMP, EMSS and SCC gathered together for an internal meeting in order to discuss about further implementations and development regarding UC12 “Emergency & Restoration -Over-Frequency Protection module” and UC19 “Emergency & Restoration -System Split module”.

The goal of UC12 is to replace individual controllers on generators, mimicking the response of the entire power system to over-frequency conditions and to ensure effective over-frequency protection, while the goal of UC19 is automatic detection and faster coordination during disturbances, ensuring faster and more efficient crisis response.

The main topic for UC12 was planning the future activities and dynamic of work. Also, some details were agreed about testing. Regarding the UC19, discussion was about needed inputs (frequency from PMU and topology) for detection of system split and improvements of coordination platform for a better signalization of smart notifications. Furthermore, it was agreed that the structure of notifications in some steps of coordination should be modified in order to be aligned with the business process.

Outcomes of this meeting will be reflected in future R²D² development.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.


Impact assessment regarding UC “Validation of network model integrity”

Impact assessment regarding UC “Validation of network model integrity”

During the R²D² plenary meeting in Ljubljana, representatives of GUARD (Priit Anton and Mihkel Väljaots), EMSS (SrđanSubotić) and SCC (Dušan Prešić) took the opportunity to organise a side meeting to discuss future demonstration activities and impact assessment regarding UC “Validation of network model integrity”.

The goal of this UC is to increase cyber security and maintain network model integrity by using KSI Blockchain technology to create a signature file – a unique cryptographic proof that protects the integrity, signing time and signing identity of the network model so that TSOs and RCCs could be sure that some third actor (or error) did not change metadata of the network model during its transfer of storage.

The meeting was very fruitful since two demonstration scenarios (green and red) are sketched. Also, several attack points are detected based on the current business process that is implemented on the TSO and RCC side regarding the processing of network models.

Finally, some potential financial impacts were discussed during the meeting, including reputational impact for TSOs or RCCs in case of network model integrity issues.

The outcomes of this meeting will be reflected in future R²D² deliverables.

Further information:

info@r2d2project.eu

This project has received funding from the  European Union’s Horizon Europe research and innovation programme under grant agreement No 101075714.