Project summary

Cyber-attacks adversely affect businesses and government organizations. It is crucial to automatically detect cyber-attacks in real-time. Machine learning (ML) has the potential to achieve this, however, ML models require massive annotated data, which can be slow and expensive.  


This project aims to explore the feasibility of building methods that are time and cost efficient in detecting cyber-attacks. To this end, we propose to develop techniques that allow learning from incomplete and inaccurate data (e.g., Weakly Supervised Learning). The targeted outcome of this project are customized datasets and novel detection technologies that will be key components towards developing efficient real-time automatic detection systems. 


Project description

The recent cyber-attacks on JBS Foods, Australia’s largest meatworks company, caused the company to shut down its facilities in Australia, United States and Canada, forcing thousands of employees to be out of work and possibly without pay for at least a week. A month prior to the incident, cyber-attacks on Colonial Pipeline in the United States caused fuel shortages, price hikes and panic buying amongst residents in the country. These incidents have shown the devastating adverse social, environmental, economic, and political effects caused by cyber-attacks on national critical infrastructures. 


As part of Australia’s AI Action Plan 2021 and Cyber Security Strategy 2020 to use AI solutions to secure Australia’s digital world, it is important to develop effective AI approaches that can detect cyber-attacks in real time. Machine learning (ML) – a subset of AI that can effectively find and learn patterns in data, has demonstrated that ML based detection systems usually perform better than their counterparts [1]. 

However, current methods fall short, because typically domain expertise is needed to provide annotated network traffic data to semi-automated detection methods, which can be slow and expensive. Therefore, it is critical to develop ML-based detection model that will reduce the cost and increase the efficiency of detecting cyber-attacks with less reliance on domain expertise.  


Methodology 
To facilitate such detection models, we propose using weakly supervised learning (WSL) - a technique that can learn from incomplete and inaccurate data [2]. To this end, we plan to perform the following tasks: 

Task 1: Using domain expertise to develop time- and cost- effective techniques that can automatically create weakly-labeled but still informative datasets. In addition, we create a platform/method for domain experts to quickly provide partial/noisy/high-level information/labels.
Task 2: Develop customized weakly supervised learning techniques that can leverage such datasets to build efficient and accurate cyber-attack detection models.


Innovation
We will explore the promising techniques from the WSL literature to design time- and cost- effective methods for detecting cyberattacks. At the time of writing, WSL has been successfully applied to reduce the resource requirement in resource intensive tasks such as text mining and image processing. The idea could be applied to reduce the time and cost for detecting cyberattacks by only requiring weak labels. However, this promising approach has not been explored yet in cybersecurity or critical infrastructure domain. This project will fill in this gap, by addressing several key challenges, including designing customized features, annotations and corresponding representation learning models. We expect that this project will accelerate the realization of real-time automatic detection systems.


Partner organization(s)

AARNet

Project members

Lead investigator:

Dr Abigail Koay

Honorary Research Fellow
School of Electrical Engineering and Computer Science

Other investigator(s):

Professor Ryan Ko

Chair & Director - Cyber Security
School of Electrical Engineering and Computer Science

Dr Miao Xu

Lecturer - Computer Science & ARC DECRA
School of Electrical Engineering and Computer Science

Dr Nan Ye

Senior Lecturer
School of Mathematics and Physics