USE CASE 1: URANIE SIMULATIONS SECURITY
UC1 explores key vulnerabilities in structural design, with a focus on the susceptibility of design processes to intelligent and covert disruptions. In the attacker’s side, already developed, it aims to create potential attacks where AI is employed to generate false values that are subtly injected to poison the simulation, making detection extremely difficult. Such AI-driven disruptions, though minor at inception, can introduce long-term risks with significant impact on structural integrity. On the defense side, a detector has been developed as a baseline to identify these anomalous inputs. However, further optimizations are required to improve its accuracy and efficiency. The current phase of research focuses on refining the detection system and testing the incorporation of new methods from probability theory to address certain correlation issues.
USE CASE 2: HEALTHCARE AND PHISHING EMAIL TO STEAL EHR DATA
Digital transformation in healthcare introduces IT systems to support patient’s care, as data collector and managers. These systems store information that can be stolen and reused for malicious purposes, that’s why protection of the access keys, assigned to the healthcare professional for authorized operations, is paramount. Social channels, public websites, as well as data on the darkweb, can be exploited to target single operators and steal access credential to gain illegal access to a population of patients or single VIPs. KINAITICS develops tools to detect such attacks and protect sensitive data.
USE CASE 3: HEALTHCARE DATA EVASION/ATTACK DURING AI TRAINING OR INFERENCE
Improving healthcare applications and supporting decision-making for medical professionals using methods from AI is a rapidly expanding field with numerous studies producing AI models, and many companies are investing in medical field producing diagnostic tools based on AI, also certified as medical devices. Tampering the images used to “teach” an AI-based diagnostic tool how to recognize a disease is a way to damage a set, also large, of patients on which the diagnostic tool is used. KINAITICS develops tools that discover image poisoning and “heal” the AI-based tool correcting its behaviour
USE CASE 4: AI-DRIVEN WEB APPLICATION FIREWALL SECURITY
This use case is dedicated to the evaluation of AI-based systems for the detection of advanced web (ro)bots via the development of realistic (targeted) attacks against web-based systems and the deployed defence tools. This use case is relevant for almost all online services which nowadays are heavily based on web-based infrastructures, a trend that is also expected to (significantly) grow in the future. Web-based services are routinely subject to bot attacks launched on a global scale by cybercriminals, mainly motivated by (easy) financial gains. The environment prefigures the simulation of web services, as well as defense and attack tools against such services. All tools are based on the SeerBox data format and share a common sample of (anonymized) production web service transactions (web request/response) and alerts. The realistic scenario focuses on cyberphysical systems employed in the digital transformation sector.
USE CASE 5: RAILS STRUCTURAL HEALTH MONITORING SECURITY
UC5 investigates the weaknesses of a Structural Health Monitoring (SHM) system used for real-time identification of defects in railway rails. The SHM system monitors and analyzes the rails over time by measuring the response signals generated by ultrasound excitations periodically propagated through the structure. The emission-reception modules and AI models for defect detection are hosted on nodes evenly distributed along the rails. Data about defect detection or prediction is transmitted via communication channels to a decision-making system on a remote server. In the context of various attack scenarios, we focus on three main attack surfaces. The first involves disrupting the local AI models hosted on the nodes, either by poisoning the data during the learning phase (backdoor attack) or by manipulating the data during the inference stage (adversarial attack). The second surface concerns the intrusion and attack of the IT system, including the nodes’ API or the central server itself, with the aim of stealing sensitive information or crashing the system. The final surface involves physical intrusion around the nodes, bypassing the environment monitoring system of the nodes. KINAITICS provides defense functionalities to tackle these types of attacks. These defenses are based on embedded models for predicting defects and anomaly detection techniques that utilize heterogeneous graphs constructed from NetFlow data and system logs.