We are partners in the CAIDAN project, which is funded by the German Federal Ministry of Education and Research. The aim of the project is to use artificial intelligence to better protect companies of all sizes from hacker attacks. The idea is that AI will help to better detect attacks. In this article, you will learn exactly how this works and why it could become relevant for companies with regard to critical infrastructure protection and NIS-2. For many companies, digital structures now form the basis of their work and value creation. This makes it essential to monitor complex data streams and protect themselves from cyber attacks. While large companies often have the financial resources for expensive security solutions or services, smaller companies face a dilemma. They need cost-effective, dynamic and adaptive solutions to monitor and secure their systems. We see this almost every day in our work.Objective: Standard for digital investigations in IT security systems and infrastructureAs part of the CAIDAN project, we are working to develop a hybrid signature and attack detection system (intrusion detection system – IDS). This system is supported by artificial intelligence (AI) and searches for anomalies in various data sources. As soon as these anomalies are detected, the system triggers alarms. Our goal: to detect complex cyberattacks or potential system failures at an early stage and to enable appropriate response measures after an incident. CAIDAN is about creating innovative, cost-effective and efficient solutions for monitoring IT and operational technology for small and medium-sized companies. Trufflepig is particularly dedicated to evaluating potential incidents and developing suitable response measures. In order to be able to initiate suitable response measures as quickly as possible after an attack, legal and regulatory aspects must be taken into account in addition to technical ones. Trufflepig aims to create a forensic standard that is as broadly applicable as possible for the rapid evaluation of a wide range of hardware products. Firewalls, IoT devices and other devices should be secured in a uniform process and be able to be evaluated quickly and easily.
In contrast to classic IDS, which mainly target known attacks, AI-based methods are able to detect new types of attacks. However, they often have a high false positive rate. Our project team is working on this topic. This information is automatically transferred to the IDS"s threat signature database. In addition, the creation of the universally applicable forensic standard fills an important gap in the standards previously considered in the development of new devices.
With the increase in cyberattacks and the growing number of authorities and companies in the “critical infrastructure” (KRITIS) category in the coming year as part of NIS-2, we expect a growing demand for solutions like those developed in the CAIDAN project. We at Trufflepig Forensics are proud to be a partner in this project and look forward to the progress we will make together. We are confident that CAIDAN will make a significant contribution to cybersecurity. Further information can be found on the website of the Federal Ministry: https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/caidan
