Diversity by Design

Summary

Diversity-by-design: Quantifying vulnerability similarity of interconnected Networks

Diversity-based approaches have been studied as an effective strategy to enhance the security and resilience of complex systems. The property of diversity was originally used in biology to indicate the sustainability and survivability of an ecosystem. Inspired by this, diversity-based approaches have been studied since the 1970s as an effective strategy to enhance the security and resilience of complex systems. The underlying idea is diversifying the system components to make the overall system highly resistant against sudden changes, faults and attacks. It is a more concerning issue in digital systems as an identified vulnerability could quickly spread over all digitally identical components and give rise to catastrophic damage. Optimal diversification can effectively avoid replicated attacks and increase the attacking difficulty of the adversary.

Nevertheless, most works on diversity-based security to date have not used any metrics to quantify system diversity. Even though some work proposed diversity metrics in software diversity specifically, there is still an urgent need for a generic approach to assess and quantify diversity, which can be applied in a variety of interconnected networks and systems. Most diversification strategies suffer from high deployment costs, and thus accurately measuring diversity would be crucial to evaluate the effectiveness of those diversification plans prior to the actual deployment.

This project aims to quantify the system diversity by identifying similarly vulnerable structures of components in interconnected systems. It mainly uses Graph Neural Networks (GNN) and other machine learning techniques to convert network graph data into vector representation and search for similarly vulnerable structures. We can then effectively evaluate human-input diversification strategies prior to actual deployment. The proposed work also provides an effective way to represent the CNI and other interconnected systems with the focus of identifying similarly vulnerable points of a system, which can provide insights into the resilience of the dependencies against replicated attacks and avoiding cascading failure.

Project members

The PI on the project, Dr Tingting Li is currently a Lecturer in Cyber Security at Cardiff University, and holds an Honorary Research Fellow position at Imperial College London. Prior to joining Cardiff, she was working as the core researcher on RITICS at the Institute for Security Science & TechnologyImperial College London. She obtained her PhD degree in Artificial Intelligence from University of Bath. Her main research interests lie in Artificial Intelligence and its integration into Cyber Security solutions. The research goals she has been pursuing are to develop accountable and transparent AI systems to provide an intelligent defence that protects critical industrial control systems (ICS), IoT systems and cyber-physical systems from cyber attacks.