Research Associate – AI-guided Attack Surface Assessment

The SnT is seeking a Postdoc to support the research and development work within the SEDAN group. We seek a candidate with expertise and/or interest in the following relevant fields: machine learning and cybersecurity.

The candidate will have the opportunity to work on a collaborative project with a leading industry in cybersecurity allowing thus to validate and receive feedback from on-the-field cybersecurity practitioners. The project aims at improving the assessment of the attack surface of an organization. This is essential to identify all possible entry points an external attacker could use to break into the IT system. Because attack surface became large and diverse [Rizz20], Automated External Attack Surface Management (EASM) cannot be limited to naive IP address scanning or simply relying on incomplete CMDBs [Kie23]. Thus, multiple tools are used by experts with strong knowledge and previous experience. The main objective of the project is to automate this human-based cognitive process thanks to the use of Deep-Reinforcement Learning (DRL) to orchestrate the joint use of multiple attack surface tools, Large-Language Models (LLMs) to refine their configurations and graph-based Machine Learning (ML) to detect anomalies (such as a new unknown possible entry point) and provide actionable recommendation according to the recovered attack surface. A tool like AMASS[1] from OWASP already acts as an interface through multiple tools. Although it still relies on manual configuration or scripting, such types of tools will be considered to serve as a basis to support modelling and interacting with existing tools.   

The postdoc will thus have to define an orchestrator capable of communicating with existing tools by defining necessary interfaces and most of all the intelligent iterative engine based on reinforcement learning. The developed orchestrator thus consists in interconnecting existing open-sources tools for EASM with an orchestrator to be defined. This requires the definition and development of a unified language alongside the necessary interfaces. LLMs will be used to iteratively interpret results obtained by to the execution of the EASM tools to support an orchestrator to refine their configurations. Indeed, the space of exploration is almost infinite and is often based on text-based information (domain names, service provider names, software names, certificates, etc.) from which a particular semantic can be inferred. At the end of the processing pipeline, a component will aggregate the accumulated knowledge about the discovered attack surface. The ultimate objective is to provide useful and prioritized recommendations by detecting anomalies in the external attack surface, knowing that a system cannot be totally isolated.

In addition, the candidate will be also involved in project management, reporting and dissemination. The project is an academic project oriented but applied research. It is a unique opportunity to develop new concepts with a close collaboration with industry.

During postdoc, the candidate will have the opportunity to participate and propose other projects within the group and so also develop his/her/their own research agenda. We are working on various topics related to applied ML and cyber-security, including applications and security of LLMs.