Acronym: aSIEMmetry
Title: Employ entropy models to pre-emptively detect novel risks for monitored SIEM assets and enhance SOC processes and analysts leveraging AI capabilities
| Call | DIGITAL-ECCC-2024-DEPLOY-CYBER-06EU |
| EU nr | 101190232 |
| Period | 36 months - 01.01.2025 to 31.12.2027 |
| Project budget | € 730, 649.50 |
| VUB budget | € 82,390 |
| Contact | Prof. Johan Loeckx |
What is the aSIEMmetry project about and what are the main goals?
aSIEMmetry project aligns perfectly with the call DIGITAL-ECCC-2044- Novel applications of AI and other Enabling Technologies for Security Operation Centres (SOC). Indeed, the project is about testing and implementing new ways of modelling complex behaviour of networked computers and raising the capabilities for private and national SOCs creating advanced Machine Learning (ML)/AI pipelines to detect patterns and anomalies continuously.
On a broader scale, the project aims to create an EU-based resilient ecosystem and reusable solutions blueprints which will enhance the capacity to protect regional/national/EU public and private organisations.
In this project the AI LAB of the VUB is working with two partners:
EXPERTWARE SRL is a Romanian company established in 2006 with services in the area of cybersecurity, IT transformation, Big Data & analytics and web development.
They have a demonstrated a track record as a trusted service provider for large European companies. The company grew to 95 employees holding over 200 professional certifications and it achieved a 100% customer retention for the last 5 years and 97% employee retention.
DNSC (DIRECTORATUL NATIONAL DE SECURITATE CIBERNETICA) - is the Romanian National Cyber Security Directorate established in 2022. It is the specialized body of the central public administration under the authority of the government. Its main responsibility is to ensure the cyber security of the national civilian cyberspace in collaboration with the competent institutions and authorities.
The consortium assembles a good mix of expertise, competences and ressources since it includes partners with complementatry expertise: academical institutions, SMEs and public administration (NAtional Cyber Security Center)
What are the main challenges Security Operations Centers (SOCs) face?
The main challenges are the high numbers of alerts that SOC analysts are faced with and the lack of ranking by importance of the alerts.
The project addresses these challenges by:
- modelling complex behavior of network asset which should lead in the reduction of the number of alerts.
- developing machine learning models that will properly learn how to rank the alert based on SOC analysts’ feedback.
What is VUB’s role in the aSIEMmetry consortium?
The VUB AI LAB will research and develop the algorithms that will be used by the project partners. VUB role is also to model a network asset behavior (computers, servers, phones etc) and train machine learning models that will perform anomaly detection of the behaviors.
