Reda Morsli (PhD Student), IMAGIN Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: Leveraging Multi-Dimensional Context Information for Advanced Cyber Threat Detection
Abstract:
In response to the growing sophistication of cyberattacks, artificial intelligence (AI) plays an essential role in advancing cybersecurity solutions. However, the efficacy of AI-based applications is tightly linked to the quality and relevance of input data. This presentation explores a multi-dimensional approach to context-aware intrusion detection in containerized environments, combining data sources such as network packets and resource usage metrics. The session is structured into two parts: first, we introduce our container-based testbed, which demonstrates the deployment of a Network Intrusion Detection System (NIDS) within a Kubernetes cluster to provide a realistic, adaptable environment for experimentation. Next, we discuss the results of our experiment on detecting DoS attacks, where context-enriched data significantly enhanced the model's performance and consistency. These findings underscore the importance of diverse data sources for improving the effectiveness of AI-driven intrusion detection within complex containerized infrastructures.
Anes Abdennebi (PhD student), IMAGIN Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: Leveraging LLMs for Context-Aware Cybersecurity
Abstract:
In the era of advanced Artificial Intelligence technology, including Generative models trained on enormous data corpus from the internet, papers, repositories, codes, databases, and documents, several fields and sectors they witnessed a boost in their technical operations regarding automating their decision-making processes, report generation, data management and analysis, knowledge expansion, scalability, and other types of their systems key performance pillars. Based on its main building block, Large Language Models (LLMs), Generative AI not only left a positive impact but also created a window for enhanced malicious activities under multiple cyberattack categories. Malicious actors studied and well-leveraged LLMs by creating evil twins of widely used GPT-based models (Generative Pretrained Transformers) like WormGPT and XXXGPT without restricting rules or instructions. This double-edged technology led to an observed surge in cyberattacks on many levels and scales. Moreover, attackers merge their technical knowledge with these malicious generative AI tools to conduct automated and coordinated attacks such as DDoS, Ransomware, Polymorphic malware, infiltration, Phishing, Spear Phishing, Cross-Site Scripting (XSS), and so on. The difference between this wave of cyberattacks and the previous ones is the level of sophistication they reached that rendered network intrusion detection systems NIDSs (and IDSs) unable to cope with them. These attacks no longer keep trackable signatures, as generative AI can help dynamically change attack behaviors, commands, and malicious payloads to avoid detection.
Given the unprecedented level of sophistication in cyberattacks, there is an urgent need to adopt more resilient cyber threat detection (CTD) mechanisms. These mechanisms should harness Large Language Models (LLMs) in a manner that matches or surpasses the attackers' use. This defensive process is not straightforward, but by including relevant and valuable context information in the LLMs, the training process can significantly enhance the models' understanding of the system's current state and ability to make corrective decisions. This workshop session focuses on Large Language Models for Cyber Threat Detection and the role of context in cybersecurity applications. We have trained several LLMs on datasets that simulate real-world systems specific to network-based intrusion detection, and tested them to demonstrate their potential in the future of NIDSs. Additionally, we have employed prompt engineering techniques to inject and vary context within the training prompts of LLMs, and have recorded and discussed the resulting performance. Finally, we propose further improvements to LLMs in CTD and possible implementable approaches to reinforce remediation actions on the network level.
Omar Tahmi (PhD Student), LCSec Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: Privacy-Preserving Intrusion Detection
Abstract:
The rapid advancement of Network Function Virtualization, alongside the exponential growth in enterprise network traffic, has accelerated the need to transition network services to external platforms, often through "middleboxes" hosted by third-party providers, such as cloud environments. Among these services are Network Intrusion Detection Systems (NIDS), which are vital for safeguarding network security. However, outsourcing NIDS introduces critical privacy challenges, particularly concerning the confidentiality of decrypted packet contents required for inspection. Ensuring that traffic remains encrypted throughout the inspection process thus becomes imperative. This presentation examines the state of the art in privacy-preserving intrusion detection methods, including homomorphic encryption for anomaly-based detection and searchable encryption for signature-based detection. We will explore existing solutions, analyze potential areas for contribution, and propose novel approaches for developing efficient, secure, and high-performance intrusion detection systems adaptable to modern network infrastructures.
Mohamed Arafeh (PhD Student), LCSec Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: ModularFed: Leveraging modularity in federated learning frameworks.
Abstract:
Recent research suggests integrating Federated Learning (FL) to address privacy concerns in sensitive industries. However, current FL frameworks struggle to keep up with rapid advancements, limiting FL’s potential. As such, we introduce ModularFed, a research-focused framework designed to address the complexity and lack of adaptability in existing FL solutions. The proposed framework offers a comprehensive protocol-based architecture covering three core FL paradigms: adaptable workflows, dataset distribution, and third-party application support. These protocols enhance modularity, enabling a plug-and-play design, dynamic simulators, and built-in data distribution, facilitating a fair comparison of FL challenges such as client deficiencies, data distribution, and network latency. Furthermore, the framework’s ability to integrate seamlessly with different technologies and datasets enhances its utility, providing researchers and developers with a robust and versatile toolset to advance their FL projects.
Dr. Houssem Eddine Mohamadi (Postdoctoral researcher), IMAGIN Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: A versatile chaotic cryptosystem with a novel substitution-permutation scheme for internet-of-drones photography
Abstract:
Unmanned Aerial Vehicles (UAVs) are gaining much attractiveness due to the emerging Internet of things applications and the advances in artificial intelligence. UAVs can ubiquitously supply many IoT-driven services; as such, they can be configured into airborne networks to provide flexible aerial views, which is essential for photography and videography-based applications. This has posed significant safety and security challenges. The necessity surges in security made researchers come up with solutions providing instantaneous protection. However, modern cryptographic primitives tend to require more power to be in action, which is not compatible with resource-constrained UAVs.
In this presentation, a lightweight and versatile chaos-driven cryptosystem is described. The cryptosystem is featured by minimum resource usage and adjustable randomness. It makes use of three puzzling enigmas (Rubik’s cube, Sudoku and Scytale cipher) all together with some new customized functionalities such as the novel substitution-permutation scheme, the chaotic Rijndael and hashing, dynamic key-dependent operations and cascade encryption. Rigorous experimental analyses are carried out in comparison with other native/customized algorithms in the field of image encryption. The results proved the high security margin of the proposed cryptosystem, its great sensitivity to the slightest alterations, strong robustness against external disturbances, statistical and differential cryptanalytic attacks, and explicitly its competency for securing aerial photography.
Dr. Bellal Zouhir (PhD Student ETS), IMAGIN Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: Navigating the Challenges of Sustainability in Shared Cloud Environments
Abstract:
With the IT sector's electricity demand projected to reach 3,200 TWh by 2030, industry leaders face mounting pressure from stringent global regulations aimed at achieving Net Zero emissions. Meeting these sustainability goals poses significant challenges, particularly in the cloud computing landscape, where diverse applications with varying performance requirements share the same hardware infrastructure. Often, these performance requirements, such as latency, are non-negotiable and embedded within application SLAs, making energy efficiency while maintaining SLA commitments a complex task. This work will address the key challenges involved in energy optimization within cloud environments. We will explore effective strategies to overcome current limitations and demonstrate how leveraging advanced hardware features can improve energy efficiency. By adopting these innovative approaches, companies can meet sustainability targets, ensure regulatory compliance, and achieve significant cost savings, gaining a competitive edge in a rapidly evolving industry landscape.
Said Muhamad (PhD Student ETS), IMAGIN Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: Power-Aware Scheduling in Multi-Core CPUs Using DVFS and THEAS with gem5 Simulator
Abstract:
This work proposes a power-efficient scheduling approach using the Task Heterogeneity and Energy-aware Scheduling (THEAS) strategy within the gem5 simulator, targeting both homogeneous (ARM) and heterogeneous (ARM, X86, RISCV) architectures. Further, this work utilizes Dynamic Voltage and Frequency Scaling (DVFS) with performance monitoring counters (PMCs) based Empirical power model to manage CPU power consumption effectively under various workload configurations, both in pinning and non-pinning scenarios. By examining the workload characteristics, we derive insights into CPU usage patterns, leveraging these findings to enhance scheduling strategies tailored to digitalized industrial systems.
To ensure practical applicability, the model is validated against real hardware environments. Key experimental workloads, including the Splash and MiBench benchmarks, comprehensively analyze power and performance trade-offs across the ARM Cortex-A72 and Cortex-A53 processors. Results demonstrate the potential of THEAS for power-aware scheduling, offering meaningful contributions to power optimization in industrial and embedded systems by obtaining an average error of approx. 10%. In Future work, further evaluation of the THEAS algorithm is planned across various heterogeneous configurations (ARM, X86, RISCV) with DVFS policies guided by predictive workload analysis.
Mirza Wahid Anas (PhD Student), IMAGIN Lab, École de Technologie Supérieure, Montreal, Quebec, Canada
Title: Development of a Sustainable Flight Operation Solution for a Coordinated Swarm of UAVs using Soaring
Abstract:
This presentation covers the development of a sustainable flight operation solution for UAV swarms, focusing on energy-efficient strategies in high-fidelity simulations. The current contribution of this work is an energy consumption model designed for a Software-In-The-Loop (SITL) environment, allowing us to precisely assess power usage and make better decisions for UAV swarm operations. Future work will expand on this model by creating strategies for using thermal currents to improve surveillance while conserving energy. Additionally, we plan to develop dynamic path-planning methods that adapt to changing conditions, supporting longer and more sustainable UAV swarm missions. These efforts aim to create efficient and adaptable UAV operations, advancing autonomous swarm management.