R&D Department

Over the last few years many techniques have been applied to find and mitigate vulnerabilities, misuses, cyber-attacks and other cyber-security flaws. One of the approaches, which we consider in this paper, is a model-based technique applied to network communication protocols. This idea is not brand new, and model-based techniques have been successfully used to verify and validate the standard models of communication protocols. However, the implementation of network protocols varies from one system to another, and in many cases they miss standards or recommendations. Attackers know these flaws very often and try to use them before everybody else finds them, what can be called “zero-day exploit of communication protocol.” To address this issue, a combination of the best features of model-based and anomaly detection techniques could be applied. (…)

In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected group of testers who had a music background. Finally, for the worst case scenario, none of them could identify any differences in the audio with a 1% margin of changed tempo.

In this paper a new method for information hiding in open social networks is introduced. The method, called StegHash, is based on the use of hashtags in various open social networks to connect multimedia files (like images, movies, songs) with embedded hidden messages. The evaluation of the system was performed on two social media services (Twitter and Instagram) with a simple environment as a proof of concept. The experiments proved that the initial idea was correct, thus the proposed system could create a completely new area of threats in social networks.

We are developing a probe to detect cyberattacks on the basis of a totally different paradigm than the solutions currently used, which are designed to detect web anomalies. The existing solutions rely on pre-defined attack signatures. A new kind of attack has to have been discovered previously for the firewalls to be able to detect it. Our solution will allow the detection of cyberattacks, irrespective of the method used by the intruder.

The objective of the project is to create and develop a prototype version of an intelligent hardware and software solution for network attack of information leak detection. The solution utilizes a unique approach for network protocol observation from different perspectives. The solution will analyze internal network traffic focusing on network protocol behavior in real time. The system will be able to detect network steganography techniques and network attacks. An observation of network protocol behavior strictly depends on the point in which the observation is conducted thus the objective of the project is to observe a network traffic from multiple perspectives.

Cryptomage expansion by product development and commercialization.

Participation in industry promotion programs to promote product brands that have a chance to become recognizable brands on foreign markets, and promotion of brand of the Polish Economy. The project consists of participation in prestigious international events as an exhibitor, organizing an individual economic mission and purchasing additional services.

Similar to previous one, the project consists of participation in prestigious international events as an exhibitor with different product, organizing an individual economic mission and purchasing additional services. It uses participation in industry promotion programs to promote product brands that have a chance to become recognizable brands on foreign markets, and promotion of brand of the Polish Economy.

The subject of the project is to create a system utilizing artificial intelligence methods to detect attacks on infrastructure using ICS industrial networks, critical infrastructure in particular. The system will be designed to monitor messages transmitted between individual elements in the industrial network, in particular control messages, to detect anomalies in occurring processes and rapid response in the event that anomalies are identified as a potential attack on the monitored infrastructure.

The project will develop an innovative, integrated, analytical system to detect, prevent and respond to APT (Advanced Persistence Threat) attacks that may remain undetected for many months or years. Scientifically, the project will be based on applicants’ own concepts for mapping types of security events in relation to the APT model. Specifying algorithms for assigning security events to these phases will allow to effectively visualize the severity of the attack, to identify predicted, probable actions of criminals and will facilitate to identify actions necessary to stop the attack, according to the kill chain method.