Author: PHOENIX project

Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are methodologies used in application security testing to identify security vulnerabilities that can make an application susceptible to attack.

For making this effective, it must be an integral part of the software development CI/CD lifecycle from initial stages until final versions.

The PHOENIX Project is developed exactly for this scope, to cyber-fortify the European EPES infrastructure by enabling and coordinating advanced, adaptive, and cooperative detection of large scale, cyber-human security and privacy incidents and attacks.

Evaluating the risk related to a cyberattack is very complex and must include many criteria. Taking into account the skills of subject matter experts is therefore capital. Multiple Criteria Decision Making is a very relevant tool to handle the complexity of the way the experts make their decision. One of the main issues in MCDA is the way we can collect their preferences and build the model. The MACBETH (Measuring attractiveness through a categorical-based evaluation technique) proposes an interesting methodology to deal with this issue in a scientific way.

From a cybersecurity point of view applying AI-systems within critical infrastructure can help to resolve persistent cybersecurity challenges being able to perform advanced network monitoring for detecting anomalies, software analysis techniques to identify vulnerabilities in code and to determine automatically defensive patches at the first indication of an attack.

The main goal of the PHOENIX project is to build a cyber-shield armour to European Electric Power Energy System (EPES), securing such infrastructures against unsolicited and solicited malicious behaviours. To this end, the PHOENIX platform devises the Secure and Persistent Communication (SPC) layer which enables the secure and efficient exchange of information, describing the security status of EPES infrastructures.

COVID 19 is showing how we are dependent on critical infrastructures, which are often the subject of conflicts that we are not always aware of or whose we only become aware of when everything has already happened.

As stated in a 2019 cyber-crime study conducted by Accenture [1], there is a growing trend in the financial loss that different cyberattacks would incur on organizations. This study also predicted that in the next five years cyber threats would jeopardize the assets of companies exposed to this class of attacks with the estimated value of 5.2 trillion dollars. Thereby, the numbers mentioned above highlight the definite need for robust and reliable procedures aimed at securing organizations and critical infrastructure against complex cyberattacks.

An extension to the autoencoder architecture for ML anomaly detection. This post introduces the Variational Auto-Encoders (VAEs), a better version of the original autoencoders that applies regularization in the encoder-decoder steps to obtain more meaningful embeddings from the input data.