VIG-IA: Cognitive system based on threat intelligence and continuous simulation for the prevention of cyber-attacks in the value chain of the tourism sector and smart territories.
Tourism promotes cultural preservation, environmental protection, employment, development and economic growth, peace and security in the various regions. According to UNWTO, 1 in 10 jobs in the world belong to the sector, representing 10% of the world’s GDP. In Europe, tourism employs 22.5% of people in the service sector, with Spain as the second country in the world in terms of received visits and income originating in 2019. This was dramatically interrupted in 2020 with the SARS-CoV-2 crisis. In addition to human losses, its impact on tourism has been evident through measures to restrict freedom of movement between countries. It is necessary to find ways to revitalize the tourism sector in Spain in a balanced, sustainable and safe way for citizens. In this sense, we must take advantage of the fact that we live in a progressively more digitized world. Thanks to digitization and the way to plan travel and consumption in HORECA using digital technologies, there are more and more ways to collect and store large volumes of data in Big Data repositories in the cloud and reflect user activity, its movements, the density of visitors in a tourist destination, its interaction with natural or cultural heritage in a smart territory or its consumption in the HORECA sector. From these large volumes of data, it is possible to apply advanced Artificial Intelligence (AI) techniques on data collected from heterogeneous sources such as user interaction with applications or social networks, as well as from IoT devices, in order to make predictions and recommendations that help provide personalized experiences, balancing visitor flows to limit carbon footprint and impact on heritage and revitalize one of the most important sectors of our economy.
Start date: July 2023
End date: June 2026
Budget: 749.800,00€
INCIBE contribution: 689.816,00€
USAL contribution: 59.984,00€
Call 2. Pre-commercial Public Procurement CPP002/22
Objetives
In this sense, the main objective of the Vig-IA project (Cognitive system based on threat intelligence and continuous simulation for the prevention of cyberattacks in the tourism value chain and smart territories) is to investigate and develop an intelligent system based on cognitive computing, threat intelligence and attack simulation for tactical learning and analytics, techniques and procedures used by cyber attackers in the field of solutions aimed at the tourism sector and smart territories. Objetives:
- Analyze the requirements to define the functional and technical details of the system, select the OSTI sources and carry out the design of the system architecture and especially that of the Big Data source intake layer of threats.
- Investigate elastic search techniques on big data sources in order to apply them on the intake layer of OSTI sources. Investigate DL techniques applied to cyberthreat learning and detection, including DRL and NLP techniques.
- Investigate cognitive computing techniques, CBR, data analytics and data visualization for early and contextualized detection of attackers. Investigate a continuous attack simulator based on MAS, OVA and DRL techniques.
- Integrate system components and create user interfaces for different users, including threat analysts and incident investigators to improve their understanding of attackers. Validate the system with end users.
- Raise the solution TRL and create new business models associated.
Methodology
Vig-IA is structured in 3 sequential stages, as indicated by the CPI offer:
Detail engineering
Prototype development
Demonstration in operational environment.
The project is divided into 4 Work Packages (WPs). To ensure the success of the project, the Action-Research methodology , beneficial for transfer and innovation, will be followed, allowing simultaneous tasks of research and development actions. The methodology has 4 characteristics: action orientation and change; approach to the problem; organizational process with systematic stages; and collaboration among participants.
Abstract of technologies:
- Cognitive System for Learning Cyber-Attacker Tactics: The competitive advantages due to DL techniques and cognitive modeling, in addition to the construction of a system taking into account the needs of end users from the outset, will allow the development of a highly efficient solution.
- Continuous simulator of cyberattacks based on cognitive models, OVA and DRL: This component will be of great importance for the Vig-IA system, since it will allow the challenge, training and continuous improvement of the system itself.
- Deep Learning and natural language processing for threat detection and prevention: pattern recognition or natural language will detect gaps and threats in the use of mobile applications, the blockchains of crypto tokens exchange or in user interactions on social networks.
- Elastic searches in Big Data Open Source Threat Intelligence sources: will improve the ability to infer knowledge from massive sources, as well as its application in other areas such as fintech solutions, the creation of expert healthcare systems or IoT-based applications.
Results
The main result of the project, the cognitive system itself for learning and analyzing tactics, techniques and procedures employed by cyber attackers based on threat intelligence, provide SOC users with a competitive advantage in the use of systems and platforms for Threat Intelligence, being a key moment for market entry as the adoption of such platforms by corporations and public administrations is still in development, at the same time as it is necessary to have solutions that revitalize the tourism sector.
The result of Vig-IA will be a prototype system whose functionalities will be demonstrated in 6 operational environments (Security Operations Centers) of 6 different representative users, thus reaching a level TRL7.
Final result: a solution (TRL7) designed considering the needs of SOC teams, cybersecurity teams and threat analysts of these entities.
Final users:
Beonprice, Global Exchange, SigmaDos, Toools esports, FIW, Madison