For his research on machine learning, Professor Konrad Rieck from the Institute of System Security at the Technische Universität Braunschweig has received a highly desired Consolidator Grant from the European Research Council (ERC). The project "MALFOY" (Machine Learning for Offensive Computer Security) will be funded with approximately 2 million euros over five years. The ERC Grant is one of the most prestigious awards for scientists in Europe.
"I am very happy about this success! With this project, I and my team can open up a new and exciting research area in security," Rieck said after the announcement of the EU funding awards. A total of 313 research projects are being supported with a funding volume of 632 million euros.
"My project explores how artificial intelligence can be used by hackers*. Although a lot of research is already being done on AI, the possibilities and risks of offensive application are almost completely unknown. With this project, I want to find out where and how machine learning can improve computer attacks and what we can do about it," explains Professor Konrad Rieck. The goal of "MALFOY", he says, is to be prepared for future intelligent attacks.
How machine learning can be used for cybersecurity
Despite a long line of research, computer attacks still pose a major threat to the security of digital systems. Cybercriminals and intelligence agencies are constantly developing new attack techniques to circumvent and outsmart existing defenses. As a result, security research is in a constant arms race and must counter new developments as early as possible. However, one of the key technologies of recent years, machine learning, has received little attention in offensive security. How hackers* can use machine learning is still largely unexplored. This makes it difficult to anticipate imminent threats.
The "MALFOY" project fills this gap and systematically explores how machine learning can be used in offensive security. "By taking the position of attackers*, we investigate how learning algorithms can be used to automatically find security vulnerabilities, analyze vulnerabilities, and construct computer attacks. To this end, we are combining offensive security techniques with modern artificial intelligence concepts such as deep neural networks for the first time," explains Professor Rieck.
The researchers' goal, he says, is to investigate how these techniques can be combined and their performance improved through machine learning. Based on this analysis, the researchers will be able to develop completely new types of defense measures that take machine learning into account in the toolbox of potential attackers*, says Professor Rieck.
Project "MALFOY" strengthens computer security
Despite its offensive nature, the project strengthens cybersecurity. "First, it opens up an unexplored area of security and will therefore significantly increase our knowledge of modern computer attacks. Second, the project leads to novel protection mechanisms that will allow us to stay one step ahead of attack development," says Professor Konrad Rieck. Finally, the project combines two previously independent fields, offensive security and machine learning, and thus establishes a new branch of research.
About the European Research Council (ERC)
The ERC, founded by the European Union in 2007, is the most important European funding organization for excellent frontier research. It funds creative researchers of all nationalities and ages to carry out projects across Europe. The ERC is governed by an independent governing body, the Scientific Council. The ERC's total budget for the years 2021 to 2027 is more than 16 billion euros and is part of the Horizon Europe program.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.
