The cybersecurity strategy that future-proofs digital innovation
While digitalisation creates new opportunities, it also introduces risks such as targeted cyberattacks and privacy breaches. This leaves organisations and governments locked in an arms race, constantly developing and adopting risk mitigation tools and techniques. “There is a fast-growing demand for more dynamic real-time threat analysis, complemented by smarter tools that not only better contain threats before they escalate, but evolve as they learn to reduce the chances of reoccurrence in the future,” explains Mauro Conti, coordinator of the Marie Skłodowska-Curie Actions funded OPTIMA project from the University of Padua, the project host. Building on this momentum, OPTIMA fine-tuned a range of cutting-edge techniques – principally explainable artificial intelligence (AI), blockchain and proactive cyber threat intelligence (CTI) mechanisms – to counter contemporary priority concerns.
Ensuring digital infrastructure, data privacy and cybersecurity
The OPTIMA solution used machine learning (ML) and explainable AI (XAI) techniques to identify cyberthreats by analysing CTI from various sources. One project tool, the Organization-Specific Threat Intelligence System (OSTIS), used a custom web crawler to gather intelligence from security blogs. Deep learning then classified this intelligence, resulting in knowledge graphs which visualised elements such as attack patterns and threat actors. To securely share threat intelligence, OPTIMA leveraged another tool developed by the project, SeCTIS, a blockchain and swarm learning system that preserves data confidentiality. As a hidden space for cybercriminals, the darknet is of increasing concern to security specialists, so OPTIMA developed the ML-based XAITrafficIntell framework to classify network behaviour and identify malicious activity. XAI tools then help flag possible cyberattack indicators. As malware attacks are increasingly sophisticated, OPTIMA also used deep learning fusion models – combined with visual, static and dynamic analysis – to detect and classify them more accurately. With increased use of federated learning (FL) models presenting another vulnerability, OPTIMA explored blockchain to protect sensitive data in decentralised AI models. Complemented by project solutions to detect malicious updates, such as DLShield and SecDefender, this ensured that only high-quality data contributed to global model training. OPTIMA’s various tools and techniques were subjected to extensive tests and simulations to validate their effectiveness. “The system demonstrated real-world robust and adaptive cybersecurity, effectively detecting and countering evolving threats, while preserving privacy and data integrity,” says Vinod Puthuvath, chief researcher. OPTIMA’s enhanced FL security, for example, improved global data accuracy by up to 7.5 %, reducing the cyberattack success rate by 22.8 %. The deep learning fusion techniques detected hidden malware with a 99.97 % accuracy score, while the OSTIS framework returned an accuracy rate of 95 % for entity recognition and 89 % for relation extraction.
For a safer digital ecosystem
OPTIMA’s advanced cybersecurity frameworks support key EU policies, including the EU cybersecurity strategy, General Data Protection Regulation (GDPR) and digital Europe programme. The system is designed for cybersecurity professionals and IT administrators, offering benefits to governments and industries such as finance and healthcare. The modular and scalable design means that it can integrate into existing IT infrastructure. “Ensuring a safer digital ecosystem for businesses and governments, puts OPTIMA at the forefront of ensuring that initiatives like smart cities and autonomous cars, can become a safe reality,” concludes Puthuvath. The team is currently using ‘machine unlearning’ to enable the OPTIMA system to ‘forget’ compromised or obsolete information, preventing data poisoning and improving real-time evolving threat detection. Ultimately the focus will shift to real-world cybersecurity solutions introduced through start-ups, cyberwarfare training, technology transfer, licensing agreements and collaborations.
Keywords
OPTIMA, threat, AI, security, privacy, cyberattacks, blockchain, machine learning, malware
