Enabling Machine-Learning Intelligence for Network Cybersecurity
About the project
The Enabling Machine-Learning Intelligence for Network Cybersecurity (EMERGENCE) aims at enabling machine-learning-based analysis of high-speed network cybersecurity data. The first part of the project focuses on extracting the relevant fine-grained network metrics directly in the network devices and transforming these collected metrics into summaries that can be easily extracted from the devices. The second part of the project takes these summaries and feeds them into a machine learning system that is tailored to detect security attacks and performance-related issues. A key idea in the project is to leverage programmable network technologies that allow performing ad-hoc operations at the speed of the network before the summaries are sent to the slower machine learning systems.
One of the envisioned contributions of the project is the design and implementation of a framework that reconciles the different speeds at which today’s networks and machine learning systems operate.
During the current global pandemic crisis, the Internet has played an essential role in allowing different parts of our society to continue operating without interruptions to the largest extent possible. The recent wave of cyber-attacks targeting the Internet infrastructure has however raised concerns about the resilience of the Internet infrastructure. In contrast to general cybersecurity threats, which affect end-host systems, Internet-based network attacks target the core infrastructure of the Internet that is responsible for interconnecting all the billions of users, devices, and services together. Machine learning techniques to detect network-based cyber-attacks have long been limited by two unique aspects of the networking domain. First, network data is inherently volatile as traffic flows through a network without being stored. Second, network technologies are ill-suited for extracting fine-grained network information from high-speed networking devices. Both challenges will be addressed by relying on the emerging high-speed programmable network devices.
The researchers in the team represent the School of Electrical Engineering & Computer Science, KTH, and the Connected Intelligence unit at RISE Research Institutes of Sweden.
Associate Professor, Division of software and computer systems at KTH EECS, Working group Cooperate, PI of Research project Enabling Machine-Learning Intelligence for Network Cybersecurity (EMERGENCE), Digital Futures Faculty+46 979 044 29
Senior researcher in the Connected Intelligence unit at RISE, Co-PI of research project Enabling Machine-Learning Intelligence for Network Cybersecurity (EMERGENCE), Digital Futures Faculty+46707349247