Titulo Estágio
Enhancement and evaluation of Cyber Threat Intelligence Platforms for IoT
Local do Estágio
IPN / Coimbra
Enquadramento
The increased digitalization of our society and its economic sectors, helped by technological advances such as the Internet of Things (IoT), cellular communications or AI, has unlocked disruptive services and significantly increased productivity (e.g., through automation, remote work or services). However, it has also created the ideal circumstances for malicious actors / attackers, as reflected by the increased frequency and impact of cybersecurity incidents.
IoT devices (i.e., sensors and / or actuators) and systems are particularly prone to attacks such as eavesdropping or brute-force, which can lead to vast consequences both on cyber and physical domains, as demonstrated by attacks such as Mirai . By 2025, over 25% of cyber-attacks against businesses are estimated to be IoT-based , which stresses the importance of both securing IoT technologies and sharing threat events and Indicators of Compromise (IoCs) whenever relevant threats or incidents are detected, allowing to take quick and informed decisions regarding the response against cyberattacks. For this purpose, Cyber Threat Intelligence platforms are used as tools for managing threat information (e.g., gathering, processing, enriching or visualizing). Nevertheless, current Cyber Threat Intelligence (CTI) platforms still possess some important limitations relating to standardization, privacy or reliability of shared information – such as events generated from AI-based threat or incident detection systems, which typically have high false-positive rates.
Objetivo
The main objective of this work is to understand and get solid know-how on a reference Cyber Threat Intelligence platform (e.g. MISP, MITRE CRITS), and integrate it with one or more sources of threat indication (e.g. Intrusion Detection Systems (IDS), Reputation databases, OSINT), and perform the associated validation and evaluation.
Plano de Trabalhos - Semestre 1
[Week 1 - 8] –Literature review of approaches for Cyber Threat Intelligence (CTI) and their integration with different sources (e.g., Intrusion Detection Systems (IDS), Reputation databases, OSINT);
[Week 9 - 12] – Analysis and familiarization with target open-source CTI Platforms (MISP );
[Week 13 - 16] - Definition of functional and non-functional requirements (e.g., target sources of information), evaluation metrics, and target use case in one of the target IoT application environments (e.g., remote health monitoring, drone-based video monitoring, smart grid monitoring);
[Week 15 - 20] - High-level specification of the system;
[Week 16 - 20] - Preparation of the master's dissertation interim report.
Plano de Trabalhos - Semestre 2
[Week 1 - 6] - Experiment and obtain solid know-how using a reference CTI platform (e.g., MISP), associated features and data structures / formats for exchanging information;
[Week 4 - 12] – Design and implementation of adaptations (e.g. custom objects) for supporting one or more of the target information sources, considering the established requirements and target IoT use case, in an experimental environment;
[Week 13 - 17] – Validation and evaluation of the implemented solution;
[Week 14 - 20] - Preparation of the final master thesis / report.
Condições
The place of work will be at Laboratório de Informática e Sistemas (LIS), Instituto Pedro Nunes (IPN).
This topic is part of the Autonomous Trust, Security and Privacy Management Framework for IoT (ARCADIAN-IoT) project, coordinated by the Pedro Nunes Institute (IPN), and funded by the European Commission's H2020 program (agreement nº 101020259), and the associated work will take place in a multi-disciplinary team addressing other similar or more distant research topics.
The student may apply for a research grant, for a period of 6 months, possibly renewable, with the amount of €875.98 / month.
Observações
During the application phase, doubts related to this proposal, namely about the objectives and conditions, must be clarified with the supervisors, via email or a meeting, to be arranged after an email contact.
IPN supervisor - Sérgio Figueiredo (sfigueiredo@ipn.pt)
Orientador
Sérgio Figueiredo
sfigueiredo@ipn.pt 📩