Hochschule Karlsruhe Hochschule Karlsruhe - University of Applied Sciences
Hochschule Karlsruhe Hochschule Karlsruhe - University of Applied Sciences
Federated trained AI models are used to detect security issues in web infrastructures

KIWI

Artificial Intelligence in Secure Web Infrastructures with Digital Identity Management

Motivation

Modern web services are the basis and driver of the advancing digitisation of our society. They also serve millions of users as a trustworthy source and digital identity management. Excluding completely the misuse of these identities in order to avert damage to private users and economic actors is the main strategy in this context. Artificial intelligence (AI)-based detection methods for attacks against IT systems already exist. AI-based attack detectors used today usually focus on clearly delimited features. However, attacks against web services often do not target an isolated technical level. In fact they rather develop over time and leave traces at various points in the system that need to be evaluated as a whole.

KIWI in a Nutshell - The Project Video

External content

To use this content (Source: www.xyz.de), please click to Accept. We would like to point out that by accepting this iframes data to third parties transmitted or cookies could be stored.

You can find further information in our Privacy policy.

Objectives and Methods

The KIWI project partners have actively contributed to the development and practical testing of AI-supported security management in complex web infrastructures. The project, now completed, delved into investigating the merging of data from distributed detectors to make inferences about the presence of attacks within the overall context. Another aspect explored was the training of AI models using data collected from various systems, aiming to enhance the overall system performance by decentralizing the training processes. The objective was to minimize the exchange of information between systems of different operators or organizational units to only what is absolutely necessary or legally permitted.

The effectiveness of AI crucially hinges on the quality of the training data. Therefore, precautions were taken to ensure that AI models were not trained on unsuitable data or data intentionally manipulated or falsified by attackers. In the event of such occurrences, the project focused on developing reliable mechanisms to detect, reset, re-train, and subsequently distribute affected models throughout the system. As part of the project's outcomes, the KIWI project partners have also devised and tested a framework for data governance.

Innovations and Perspectives

The project partners have utilized the open European login standard netID, a particularly significant factor in Germany given the direct competition with analogous offerings from US corporations. This standard plays a crucial role in providing users with data sovereignty through transparency. Notably, the project's findings, exemplified in the use case scenario of e-mail services, can be integrated into the ongoing evolution of web identity management. Furthermore, the project's approach guarantees that the obtained results are transferable to other use cases, ensuring broader applicability beyond the specific scenario examined.

Publications

2023

  • P. Baumstark, D. Monschein, and O. P. Waldhorst, “Secure Plaintext Acquisition of Homomorphically Encrypted Results for Remote Processing,” in 2023 IEEE 48th Conference on Local Computer Networks (LCN), Los Alamitos, CA, USA: IEEE Computer Society, Oct. 2023, pp. 1–4. doi: 10.1109/LCN58197.2023.10223372. Available: https://doi.ieeecomputersociety.org/10.1109/LCN58197.2023.10223372.

2022

  • Zirpins C, Ortiz G, Nochta Z, Waldhorst O, Soldani J, Villari M, Tamburri D: Advances in Service-Oriented and Cloud Computing: International Workshops of ESOCC 2022; Revised Selected Papers. International Workshop on AI for Web Application Infrastructure and Cloud Platform Security (AWACS 2022) (Wittenberg, Germany, 22.-24.03.2022), Cham: Springer 2023 (Communications in Computer and Information Science 1617), X, 117 S.- ISBN 978-3-031-23297-8 (Elektronische Veröffentlichung: http://dx.doi.org/10.1007/978-3-031-23298-5)
  • Piotrowski T, Nochta Z: Towards a Secure Peer-to-Peer Federated Learning Framework. In: Zirpins C, Ortiz G, Nochta Z, Waldhorst O, Soldani J, Villari M, Tamburri D (Hrsg.): Advances in Service-Oriented and Cloud Computing: International Workshops of ESOCC 2022 ; Revised Selected Papers. International Workshop on AI for Web Application Infrastructure and Cloud Platform Security (AWACS 2022) (Wittenberg, 22.-24.03.2022), Cham: Springer International Publishing 2023 (Communications in Computer and Information Science 1617), S. 19-31.- ISBN 978-3-031-23297-8 (Elektronische Veröffentlichung: http://dx.doi.org/10.1007/978-3-031-23298-5_2)
  • Peregrina Pérez JA, Ortiz G, Zirpins C: Towards a Metadata Management System for provenance, reproducibility and accountability in Federated Machine Learning. In: Zirpins C, Ortiz G, Nochta Z, Waldhorst O, Soldani J, Villari M, Tamburri D (Hrsg.): Advances in Service-Oriented and Cloud Computing : International Workshops of ESOCC 2022 ; Revised Selected Papers. International Workshop on AI for Web Application Infrastructure and Cloud Platform Security (AWACS 2022) (Wittenberg, 22.-24.03.2022), Cham: Springer 2023 (Communications in Computer and Information Science 1617), S. 5-18.- ISBN 978-3-031-23297-8 (Elektronische Veröffentlichung: http://dx.doi.org/10.1007/978-3-031-23298-5_1)
  • Peregrina Pérez JA, Ortiz G, Zirpins C: Towards Data Governance for Federated Machine Learning. In: Zirpins C, Ortiz G, Nochta Z, Waldhorst O, Soldani J, Villari M, Tamburri D (Hrsg.): Advances in Service-Oriented and Cloud Computing : International Workshops of ESOCC 2022 ; Revised Selected Papers. International Workshop on AI for Web Application Infrastructure and Cloud Platform Security (AWACS 2022) (Wittenberg, 22.-24.03.2022), Cham: Springer 2023 (Communications in Computer and Information Science 1617), S. 59-71.- ISBN 978-3-031-23297-8 (Elektronische Veröffentlichung: http://dx.doi.org/10.1007/978-3-031-23298-5_5)
  • Monschein D and Waldhorst O: mPSAuth: Privacy-Preserving and Scalable Authentication for Mobile Web Applications. 2022 (Elektronische Veröffentlichung: arxiv.org/abs/2210.04777)

2021

  • Monschein D, Peregrina Pérez JA, Piotrowski T, Nochta Z, Waldhorst O, Zirpins C: KIWI: Artificial intelligence for secure web infrastructures. In: Forschung aktuell, ISSN 1613-4958 (2021), S. 40-43 (Elektronische Veröffentlichung: https://www.h-ka.de/fileadmin/Hochschule_Karlsruhe_HKA/Bilder_VW-PK/Publikationen/Forschungsbericht/ForschungAktuell_2021_Online.pdf)
  • Monschein D, Waldhorst O: Privacy-Preserving and Scalable Authentication based on Network Connection Traces. NetSys 2021 (Lübeck, 13.-16.09.2021)
  • Monschein D, Waldhorst O: SPCAuth: Scalable and Privacy-Preserving Continuous Authentication for Web Applications. In: 2021 IEEE 46th Conference on Local Computer Networks (LCN). Conference on Local Computer Networks (LCN 2021) (Edmonton, Canada, 04.-07.10.2021), Piscataway: IEEE 2021, S. 281-286.- ISBN 978-1-6654-1886-7 (Elektronische Veröffentlichung: http://dx.doi.org/10.1109/LCN52139.2021.9524959)
  • Monschein D, Peregrina Pérez JA, Piotrowski T, Nochta Z, Waldhorst O, Zirpins C: Towards a Peer-to-Peer Federated Machine Learning Environment for Continuous Authentication. In: 2021 IEEE Symposium on Computers and Communications (ISCC). The 1st IEEE International Workshop on Distributed and Intelligent Systems (DistInSys) (Athens, Greece, 05.-08.09.2021), Piscataway: IEEE 2021, 6 S.- ISBN 978-1-6654-2744-9 (Elektronische Veröffentlichung: http://dx.doi.org/10.1109/ISCC53001.2021.9631491)
  • Wink T, Nochta Z: An Approach for Peer-to-Peer Federated Learning. In: 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). Dependable and Secure Machine Learning (DSML 2021) (Taipei, Taiwan, 21-24.06.2021), Piscataway: IEEE 2021, S. 150-157.- ISBN 978-1-6654-3950-3 (Elektronische Veröffentlichung: http://dx.doi.org/10.1109/DSN-W52860.2021.00034)
  • Peregrina Pérez JA, Ortiz Bellot G, Zirpins C: Towards Data Governance for Federated Machine Learning in Secure Web-based Systems. In: Ortiz Bellot G, Medina Bulo I (Hrsg.): Actas de las Jornadas de Investigación Predoctoral en Ingeniería Informática = Proceedings of the Doctoral Consortium in Computer Science (JIPII 2021). Doctoral Consortium in Computer Science = Jornadas de Investigación Predoctoral en Ingeniería Informática (JIPII2021) (Cádiz, Spain, 15.06.2021), Cádiz: Repositorio Institucional UCA 2021, S. 36-39.- ISBN 978-84-89867-47-5 (Elektronische Veröffentlichung: hdl.handle.net/10498/26026)

Status

Completed project 06/2020 – 11/2023

 

Contact

Project manager
Prof. Dr.-Ing. Zoltán Nochta

phone: +49 (0)721 925-1578
zoltan.nochtaspam prevention@h-ka.de

Project manager
Prof. Dr. rer. nat. Oliver Waldhorst

phone: +49 (0)721 925-1474
oliver.waldhorstspam prevention@h-ka.de

Project manager
Prof. Dr. rer. nat Christian Zirpins

phone: +49 (0)721 925-1528
christian.zirpinsspam prevention@h-ka.de

Directly to the Data Centric Software Systems Research Group (DSS) at IAF

Data Centric Software Systems Research Group (DSS) at IAF

The project KIWI is located in the "Data Centric Software Systems Research Group (DSS)" at IAF

 

Project funding

The KIWI project is funded within the framework of the "Artificial Intelligence for IT Security" programme of the German Federal Ministry of Education and Research (BMBF)