Predictive and preventive Cybersecurity
Digitization offers many new opportunities and possibilities, but it also leads to new challenges. One consequence of the advancing Digitisation is that more and more networked devices are available in the private (e.g. Smart Spaces), economic and public sectors (e.g. health care and transport), and are connected to the Internet around the clock. The associated IT networks are located in private homes, small medical practices, or medium-sized businesses and contain devices, such as smart TVs, which are not perceived as IT components requiring protection or are located in public places in order to aid autonomous vehicles (see Diginet-PS). Especially in private environments and small businesses, IT infrastructures are not operated by experts. Especially for IT security, there are hardly any experts available in these environments and certainly not experts who can react to threats and attacks every hour and every day of the week. Even for public administration and multinational companies, operating a Security Operation Center (SOC) with 24/7 availability is a costly undertaking that may not be financially viable.
But digitization also requires cybersecurity measures that protect IT infrastructures around the clock and all phases in a security process (prediction, prevention, detection, and response). This protection must not be purely reactive but must react proactively to changing threat situations and initiate protective measures or initiate countermeasures at an early stage. Artificial intelligence and, in particular, machine learning offer the possibility of integrating self-protection measures into IT infrastructure and thus being able to react automatically to threats and attacks at any time.
At the DAI Laboratory of the Technischen Universität Berlin, we develop solutions that automatically monitor IT infrastructures, generate current threat models, react proactively to new types of threats, and initiate countermeasures when vulnerabilities and attacks are detected. Our developed solutions can either be used within an enterprise infrastructure or remotely as cloud solutions. In our research, we closely cooperate with GT-ARC, an An-Institut of TU Berlin. GT-ARC has a research focus on the prediction of cyber threats (within the BMBF funded project Cosy), while the DAI Lab focuses on mitigating and preventing threats in an autonomous fashion.