EPSRC iCase studentship in Cyber Security Analytics: Deception Approaches for Critical National Infrastructure (with Thales)

EPSRC iCase 网络安全分析学生资助：关键国家基础设施的欺骗方法（与泰雷兹合作）

• 批准号: 2599518
• 金额: --
• 依托单位: CARDIFF UNIVERSITY
• 依托单位国家: 英国
• 项目类别: Studentship
• 财政年份: 2021
• 资助国家: 英国
• 起止时间: 2021 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=studentship-2599518
• 关键词: EPSRC; iCase; studentship; Cyber; Security

Attacks on Critical National Infrastructure (CNI), such as the energy, transport management, and supplies sectors, may have disastrous consequences. Such attacks may be performed by a variety of threat actors, including lone individuals, crime organisations, and nation states. Likewise, the goals of the attacks comprise a wide range, such as attention-seeking, terrorism, monetary gain, and cyber warfare. Attackers may use a large array of approaches to reach these goals. They may perform pure cyberattacks - which can be executed from anywhere in the world.Deception provides a virtual environment that resembles the actual physical environment as closely as possible, in order to fool the attacker into believing they are attacking the real systemDeception has two aims:Enabling the study of attackers' Tools, Techniques, and Procedures (TTPs) within a secure environment. This supports the gathering of threat intelligence. One well-known instance is the classical "honeypot" approach.Defending the system by drawing attackers' attention and effort away from the real environment into the virtual one.We are seeking an enthusiastic, creative and technically skilled candidate for an exciting and unique fully-funded scholarship opportunity to study deception in the context of cybersecurity for critical national infrastructure. The result of this PhD will be novel research that addresses a subset of the challenges outlined below, and begins to develop a realistic technical implementation. The successful candidate will be supported by internationally recognised researchers at Cardiff University's NCSC Academic Centre of Excellence for Cybersecurity Research, as well as industry experts and world class testbeds at Thales' National Digital Exploitation Centre (NDEC). You will join the ESPRC DTP Hub in Cyber Security Analytics at Cardiff University, becoming part of an interdisciplinary cohort of students studying the human and algorithmic aspects of AI in the context of cybersecurity.ObjectivesThis project will investigate existing deception approaches for CNI systems in both the academic and the industrial domain. Due to the context, there are many intellectual, scientific and technical challenges to be addressed:Realistic systems: The deception system must appear realistic in order to convince the attacker. Hence, its components and topology must closely match the real system. This is made particularly challenging by the fact that attackers may attack the system not just in the cyberspace. Therefore, the deception system will have to emulate not just digital components, but social and physical systems as well.Realistic responses: The system must react to attacks in a convincing way. As attackers can monitor the success of their attacks in the physical world and in the media, these must be covered as well.Scalability: Depending on the real system in question, CNI may involve a large number of diverse components. This raises questions of emulating those in a scalable way without replicating the original system in its entirety.Automation: Generating an instance of the deception system for a particular real system cannot be done manually. Therefore, the project must support the automated discovery and matching of a real system, including components, topology, and behaviour.Publicity and impact: The deception system will operate within an intellectually challenging field. On the one hand, some information needs to be publicised in order for it to operate (see (2), above). On the other hand, generating false information about attacks on a CNI may cause problems. In addition, the fact that a deception system is in operation should not be publicised.

对能源、运输管理和供应部门等关键国家基础设施 (CNI) 的攻击可能会造成灾难性后果。此类攻击可能由各种威胁行为者实施，包括单独个体、犯罪组织和民族国家。同样，攻击的目标也很广泛，例如寻求关注、恐怖主义、金钱利益和网络战。攻击者可能会使用多种方法来实现这些目标。他们可能会执行纯粹的网络攻击——可以在世界任何地方执行。欺骗提供了一个尽可能接近实际物理环境的虚拟环境，以欺骗攻击者相信他们正在攻击真实的系统。欺骗有两个目标：能够在安全环境中研究攻击者的工具、技术和程序 (TTP)。这支持威胁情报的收集。一个著名的例子是经典的“蜜罐”方法。通过将攻击者的注意力和精力从真实环境转移到虚拟环境中来保护系统。我们正在寻找一位充满热情、富有创造力和技术精湛的候选人，以提供令人兴奋且独特的全面解决方案- 资助奖学金机会，研究关键国家基础设施网络安全背景下的欺骗行为。该博士的成果将是新颖的研究，解决下面概述的部分挑战，并开始开发现实的技术实现。成功的候选人将得到卡迪夫大学 NCSC 网络安全研究卓越学术中心的国际知名研究人员以及泰雷兹国家数字开发中心 (NDEC) 的行业专家和世界级测试平台的支持。您将加入卡迪夫大学网络安全分析领域的 ESPRC DTP 中心，成为跨学科学生群体的一员，研究网络安全背景下人工智能的人类和算法方面。 目标该项目将研究 CNI 系统在网络安全和网络安全方面的现有欺骗方法。学术和工业领域。由于具体情况，有许多智力、科学和技术挑战需要解决： 现实系统：欺骗系统必须显得现实才能说服攻击者。因此，其组件和拓扑必须与实际系统紧密匹配。由于攻击者不仅可以在网络空间攻击系统，这一事实使得这一点变得特别具有挑战性。因此，欺骗系统不仅必须模拟数字组件，还必须模拟社会和物理系统。 现实的响应：系统必须以令人信服的方式对攻击做出反应。由于攻击者可以监控物理世界和媒体中的攻击是否成功，因此也必须涵盖这些攻击。 可扩展性：根据所涉及的实际系统，CNI 可能涉及大量不同的组件。这就提出了以可扩展的方式模拟这些系统而不完全复制原始系统的问题。 自动化：无法手动为特定的真实系统生成欺骗系统的实例。因此，该项目必须支持真实系统的自动发现和匹配，包括组件、拓扑和行为。 公开性和影响力：欺骗系统将在一个智力上具有挑战性的领域内运行。一方面，一些信息需要公开才能运行（见上文（2））。另一方面，生成有关 CNI 攻击的虚假信息可能会导致问题。此外，不应公开欺骗系统正在运行的事实。