Result Summary
Automation framework, partially based on AI, capable of realistically simulating normal user behaviour as well as attack patterns based on real-life data.
Result description
We develop a framework capable of simulating user behaviour inside a network through automated procedures and user profiling procedures based on real network data. We are also setting up a series of virtual machine-based environments capable of reproducting various attack and malicious behaviour patterns.
Addressing target audiences and expressing needs
- Grants and Subsidies
- Collaboration
We are interested in further development of our result in research/development projects. We seek to increase accuracy, extend the scope and test it in other sectors. We also seek to extend our behaviour simulation models using real traffic captures and neural networks such as Autoencoders and GANs in order to apply user profiling and behaviour simulation at Netflow level. Finally, we intend to publish our results at cybersecurity conferences and journals.
- Public or private funding institutions
- Research and Technology Organisations
R&D, Technology and Innovation aspects
Our component will be used for testing purposes in the SPHINX platform with the purpose of enabling the realisation of a variety of cybersecurity use cases. Next steps: (1) Further development to cover more and more attack simulation use cases (2) Development of deep learning models to apply accurate profiling of network users and reproduce traffic patterns.
Scripts and virtual machines can be deployed (requiring some minor configuration) in any real network infrastructure to verify intrusion detection system capabilities while it can also be adapted and trained on new network traffic data.
Result submitted to Horizon Results Platform by NATIONAL TECHNICAL UNIVERSITY OF ATHENS – NTUA
