Description du projet :
Objectives of the project: The project provides quantitative technology assessment, monitoring & forecasting models for cyber-defence. Such an effort aims to contribute to the Technology Monitoring (TM) portfolio of the Cyber-Defence (CYD) Campus in (i) fulfilling the first measure of the NCS[1] attributed to armasuisse S+T, (ii) writing technical reports on specific cyber-defense technologies for the CYD Campus clients, and (iii) contributing in the development of The Swiss Technology Observatory[2] – all three objectives being attached to the Strategy Cyber DPPS (see figure below). While the project aims to present concrete cybersecurity-technology assessments, monitoring, and forecasting through case studies defined under the TM portfolio needs, we want these results to be backed by coherent, relevant, and solid scientific methodologies that will be published in Q1 journals and A conferences. By applying (i) advanced natural language processing (NLP) methods, (ii) forecasting techniques based on machine-learning models and quantitative analysis (data science), and (iv) algorithmics economics, our work aims to rethink traditional technology mining methodologies by developing dynamic and holistic approaches to provide concrete cyber-defense insights in terms of technology assessment, monitoring, and forecasting.
WP1: Edition and Coordination to the CYD TM “Safety of LLMs in Cybertechnology” Overview Book: Successful public demonstration of high-performance LLMs in late 2022 led to a push to their generalized introduction across a range of software services, including mission-critical systems such as intelligence report generation, retrieval, and summarization or integration with operations systems as user interfaces. Unfortunately, LLMs are still a new technology, and the new risks to the security of the cyber-physical systems they introduce have yet to be discovered. To respond to this risk, the CYD TMM center is preparing the “Safety of LLMs in Cyber” book. While it results from collaboration between dozens of cyber-security and machine learning experts worldwide, their domain expertise until 2023 usually had minimal to no overlap with LLMs. In turn, it means that they rely critically on the information provided in an accessible manner by an LLM expert. As an ex-distinguished CYD Postdoctoral Fellow specializing in generative learning in cyber-security and cyber-defense and current co-leader of the GenLearning Center at HES-SO Valais-Wallis, Dr. Kucharavy is well-suited for this task. In the book's first chapters, Dr. Kucharavy will provide a solid base for others to work off, notably by introducing the principles behind the current generation of LLMs, an overview of existing models and approaches to adapt them to novel tasks, and their fundamental limitations. This will provide other authors with a solid basis for LLM capabilities evaluation to provide their input in their domain of expertise.
WP2: Identification of persistently robust technological monitoring proxies: Developing new defense capabilities fundamentally differs from fundamental or applied research in the civil environment. Because of the length of procurement and lifecycles, the technologies that provide them must still be relevant decades later. This leads to a conundrum. On the one hand, the technologies must be novel enough to be still relevant to the delivery time of the new capabilities. On the other hand, they must be mature enough to be ready for use by then. Errors in either direction are measured in lives lost or tens of billions wasted in procurement. MRAPs and DD-21 (Zumwalt) are recent impressive examples, but cyber-defense is rife with similar failures. In the 2010s, NATO lacked social media information operations defense, and despite repeated promises since the 1980s, expert verification systems have not yet gotten rid of all bugs in software. Quantitative technology monitoring and forecasting tools have been developed to address this problem. They rely on hard-to-falsify proxies, ranging from patent citation structure to bibliometrics, journalistic coverage analysis, and social media conversation sentiment. However, with the recent advances in Generative ML, such proxies are no longer hard to falsify. Given the IP-based investment and addition of AI tools to better evaluate patent analysis by several patent offices worldwide, they are likely to be falsified. To retain the robust technological monitoring capabilities of TMM, this project aims to identify novel robust proxies, notably by examining the novelty of terms and correlations and statement factuality coherence, and to apply it to current novel technology with high long-term novel capabilities potential – quantum technologies.
WP3: Novel NLP methods of evaluating short-term technological convergence potential: Key technologies underlying defensive operations rely on a steady effort and funding to be progressively developed and brought to a maturity level when applicable. However, novel operational capabilities often rely on technological convergence, obtaining a massive synergy from well-developed but previously unconnected technologies, such as DDoS and HTTP/2 parallel page loading assets logic, resulting in an overnight tripling of traffic load available to the attackers. Such convergences present a unique opportunity for offensive use, given that systems able to use them can be developed rapidly and deployed without warning. Because of that, it is critical for the side in a defensive posture, such as Switzerland, to anticipate short-term technological convergence potential and forecast the threat posed by systems resulting from such convergence. This working package aims to investigate how well recently developed NLP methods – notably entailment on scientific texts – could assist technological convergence analysis. Specifically, this WP will support the development of a prototype tool to perform such forecasting on DDoS, in addition to the above-mentioned HTTP/2 convergence previously seen with IoT.
[1] https://www.ncsc.admin.ch/ncsc/en/home/strategie/strategie-ncss-2018-2022.html
[2] https://technology-observatory.ch/
Equipe de recherche au sein de la HES-SO:
Percia David Dimitri
, Kucharavy Andrei
Partenaires professionnels: Dr. Alain Mermoud, Cyber-Defence Campus
Durée du projet:
01.01.2024 - 31.12.2024
Montant global du projet: 148'002 CHF
Url du site du projet:
https://www.hevs.ch/en/projects/novel-nlp-methods-to-evaluate-short-term-technological-convergence-potential-208972
Statut: En cours
SWITCH edu-ID
Administration
