Decentralized AI-Powered Security Operation Center (SOC)

There is a notable increase in cyberattacks, targeting vital digital services like energy, water, oil plants, communication and transportation infrastructure, etc. The lack of right cybersecurity and resilience solutions can transform the blessing of the digital transformation into a curse, thus leaving significant societal threats and economic damage. Security Operation Centers (SOC) are therefore becoming a necessary part of every digital and critical infrastructure with the main roles of defining cybersecurity policies, processes, and implementing detection and response mechanisms and tools. Unfortunately, detection and response tools fall short to address the recent complexity and heterogeneity of real systems being centralized: sensed data is collected from endpoint devices and pushed to the center for processing using AI/ML models, i.e., for detecting vulnerabilities and suggesting responses (e.g., closing ports, installing a patch, etc.). This leads to several weaknesses among them: (1) having the SOC center as central point of attack/failure which disables the effectiveness of the entire detection and defense capabilities; (2) causes huge cost on data in transit from endpoints to the center; (3) inducing more response delays which makes strong adversaries faster in maneuvering than reactive defense. Our project addresses the above challenges by investigating the feasibility, strengths, and tradeoffs of introducing a Decentralized SOC (D-SOC) architecture. One envisions a continuum of decentralization from endpoints to edge devices, all the way to the center at several levels, e.g., decentralizing monitoring and detection, decision making, decentralizing response, etc. The intern is expected to work on tasks within this project scope such as: building and integrate mechanisms to mitigate these issues, e.g., by employing TinyML models and/or FPGA accelerators at the edge, and by dynamically adapting to the cybersecurity posture as a response mechanism.

The objectives of the project will be to: - explore state-of-the-art research and practice together with PhDs and researchers; - help on defining and solving a problem conceptually; - implement a Proof-of-Concept solution with evaluation/simulation; and - contribute and coauthor a scientific paper. More details can be shared and defined after admission and specific topic selection.