AI to boost cybersecurity in industry
Photo: Unsplash.
Cyberattacks against industrial operations are increasing in both number and complexity, whilst becoming increasingly difficult to detect. In a new project, researchers at Jönköping University are now set to develop an AI-based system designed to help industry better assess risks and take timely action – before cyber incidents disrupt production and operations.
“Traditional cybersecurity solutions are often based on known threats and predefined attack patterns. This makes them less effective against new, previously unknown attacks or more subtle threats that evolve over time,” explains Görkem Kılınç Soylu, Assistant Professor of Computer Science at the School of Engineering at Jönköping University and project leader for the study.
Görkem explains that industrial organizations today are heavily reliant on interconnected digital systems, which makes them efficient but also vulnerable to various types of attack.
“When something goes wrong, the consequences can be both immediate and far-reaching. Recent cyber incidents in industry and within critical infrastructure services in Sweden demonstrate how quickly such vulnerabilities can have serious consequences for society as a whole,” says Görkem Kılınç Soylu.
In close collaboration with industry
The project is being carried out in close collaboration with Dizparc Security Solutions AB, a company with specialist expertise in cybersecurity and security operations centres (SOCs) Dizparc plays a central role by providing a team of cybersecurity experts who work closely with the research team throughout the project.
A SOC is like a control centre for digital security. It is staffed by specialists who monitor, detect and manage IT threats to an organisation’s systems and data.
“We are seeing threat actors using AI in various ways to increase the effectiveness of their attacks and scale them up. Industrial organizations in Sweden, particularly small and medium-sized enterprises, are struggling to keep pace with the evolving threat landscape,” says Viktor Sjögren, CEO of Dizparc Security Solutions AB.
He hopes the project will help strengthen Swedish companies’ resilience against cyberattacks.
“By increasing the efficiency of SOCs, we hope to help reduce the risk of hacker groups exploiting AI to an even greater extent and to better protect critical business assets. In this way, Swedish small and medium-sized enterprises can achieve greater resilience against these attacks,” says Viktor Sjögren.
Focus on AI that can be interpreted and understood
The project combines several methods for analyzing and detecting cyber threats. By analyzing how industrial systems normally behave, applying rule-based security systems and using AI that is interpretable and understandable, the system can identify suspicious events, prioritize incidents and support analysts in understanding why a warning may indicate a potential cyber threat.
“Our ambition is to develop solutions that work in the day-to-day reality of industrial security operations. It is about strengthening analysts’ ability to act quickly and make well-founded decisions, even when resources are limited and the threat landscape is complex,” says Görkem Kılınç Soylu.
Project name: AI-REASON: AI-assisted Reliable and Explainable Analysis for Security OperatioNs
Funding from Vinnova: SEK 4,001,746
The project is a collaboration between two research groups within the Department of Computer Science and Informatics at Jönköping University – Cybersecurity and Privacy Research (CPR) and Human-Centred Technology (HCT) – together with the industry partner Dizparc Security Solutions AB.
The project will run for 24 months.
The following researchers from the School of Engineering are participating: Görkem Kılınç Soylu, Assistant Professor and Project Leader; Neziha Akalın, Assistant Professor; Joakim Kävrestad, Associate Professor; Erik Bergström, Associate Professor; Maria Riveiro, Professor.
