Member of  University of Ljubljana: UL Faculty of Electrical Engineering

Code: V2-2125

Project title: Exposure of modern information and communication infrastructures to cyber attacks

Duration: 01.9.2021 – 28.02.2022

Head: doc. dr. Urban Sedlar

Research activities: Engineering sciences and technologies

Research organisations: Faculty of Electrical Engineering (SICRIS)

Partners

Faculty of Electrical Engineering, University of Ljubljana

Funding:

Slovenian Research Agency

 

Government Information Security Office

The rapid development of modern technology enabled the digital transformation of both the economy and society. This results in increased productivity and process efficiency, easier communication, faster information retrieval, and easier and more reliable decision-making based on machine learning.

At the same time, the digital transformation has led to the rapid increase in the amount of cyber threats. By connecting our physical environments to the Internet and storing our most valuable data in external cloud systems, we are preparing an ideal terrain for attackers. The tools, techniques, and knowledge that were useful for attacking Internet-connected computers are now also useful for attacking critical infrastructures, on which our lives increasingly depend.

The protection of information and communication systems is anything but trivial. The reasons can be found in an interplay of human, technological, economic and legal factors. On the one hand, the development of bug-free software and hardware is an extremely complex task; on the other hand, there are still many production systems not designed with security in mind. Technological security vulnerabilities are compounded by human and psychological factors such as poor password hygiene, irregular software updates, and the removal of security measures.

Modern trends show that cyber attacks are becoming a lucrative business. However, the given starting points and the listed factors show that the impact of these attacks will only increase with further digitalization, and will have potentially catastrophic consequences for all critical systems.

In this project, we want to identify attackers and provide insight into their techniques at three types of exposed targets: web systems, the Internet of Things, and cloud computing infrastructures. To this end, we will establish a distributed system of cyber traps that will allow us to monitor the activities and strategies of attackers.

The aim of the project is to investigate the exposure of modern information and communication infrastructures to cyber risks and to give recommendations for measures to reduce these risks in systems integration and digital transformation projects. Additionally, the purpose of the project is to research existing and develop and prototype new technologies and algorithms, with the help of which it is possible to study different types of cyber attacks and create profiles of both attackers and tools. The area of research will be web and cloud services with associated infrastructure, as well as the abuse of ambient intelligence and intrusions into networks and devices of the Internet of Things.

Project structure

  • WP 1: Specification of system requirements and architecture
  • WP 2: Establishment of a data collection environment
  • WP 3: Analysis of collected data
  • WP 4: Dissemination

Citations for bibliographic records: