Advanced Cyber-Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things
European Commission – H2020
01/05/2018 – 31/07/2021
Total project cost
EUR 2 996 182,50
The CYBER-TRUST project aims to develop an innovative cyber-threat intelligence gathering, detection, and mitigation platform to tackle the grand challenges towards securing the ecosystem of IoT devices. The security problems arising from the flawed design of legacy hardware and embedded devices allows cyber-criminals to easily compromise them and launch large-scale attacks toward critical cyber-infrastructures. The proposed interdisciplinary approach will capture different phases of such emerging attacks, before and after known (even years old) or unknown (zero-day) vulnerabilities have been widely exploited by cyber-criminals to launch the attack. Emphasis is given on building a proactive cyber-threat intelligence gathering and sharing system to prevent the exploitation of zero-day vulnerabilities.
This intelligence information will be used to maintain accurate vulnerability profiles of IoT devices, in accordance with data protection, privacy, or other regulations, and optimally alter their attack surface to minimise the damage from cyber-attacks.
Novel technologies will be developed, based on distributed ledgers and blockchains, to monitor devices’ integrity state and network behaviour that will considerably increase the detection and response capabilities against targeted and interdisciplinary cyber-attacks.
In the case of alleged malicious activity, tools for collecting and storing forensic evidence on a tamper-proof blockchain structure will be delivered, taking into account the specific needs of law enforcement agencies.
Privacy-preserving network monitoring and advanced virtual reality-based visualisation techniques will be employed for quickly detecting botnets, DDoS attacks and other incidents. Relying on interdisciplinary research, an intelligent autonomous cyber-defence framework will be built for providing intelligent ways of isolating the devices under an attacker’s control (or infected) and effectively responding to and mitigating large-scale attacks.