18. March 2022 | Press releases:

Prof. Konrad Rieck receives ERC Consolidator Grant Funding worth nearly €2 million for project on machine learning at TU Braunschweig

To support his research on machine learning, Professor Konrad Rieck of the Institute of System Security at Technische Universität Braunschweig has been granted one of the coveted Consolidator Grants of the European Research Council (ERC). The almost €2 million in funding is designed to finance the project ‘MALFOY’ (Machine Learning for Offensive Computer Security) over the coming five years. An ERC Grant is among the most prestigious awards given to researchers in Europe.

“I am absolutely thrilled by this achievement! Through this project, I and my team will be exploring a new and exciting aspect of research in the field of computer security,” stated Rieck on learning of the award of EU support. The EU is making available a total of €632 million through ERC Consolidation Grants to fund 313 research projects.

“What we’ll be looking at in the project is how hackers might employ artificial intelligence. Although AI is currently a hot research topic, the potential and risks represented by its use for the purposes of attacking systems are as yet almost completely unknown. So, I intend to find out where and how machine learning might facilitate exploitation of computer vulnerabilities and what we can do to counter this,” he explains. The objective of ‘MALFOY’, so Rieck, is to make preparations to combat future AI-supported hacker activity.

How machine learning can be used to promote cyber security

Despite all the research that has already been carried out on the topic, cyber attacks still represent a major threat to the security of sensitive digital systems. Cyber criminals and intelligence agencies continue to develop new assault strategies in order to circumvent and outsmart existing defensive measures. This means that those working on how security can be improved are constantly playing catch up, and are having to develop new ways of fighting off assailants as quickly as possible. Machine learning, one of the key technologies to have emerged in recent years, has to date however been largely ignored in connection with offensive security – in this case, a stratagem that involves thinking like a hacker. As yet, little research has been conducted into how hackers might be able to employ machine learning to their advantage, making it difficult to anticipate future threats that use such an approach.

This problem is being tackled through the ‘MALFOY’ project, which systematically investigates how machine learning could be used to enhance the techniques of offensive security. “We will be assuming the perspective of hackers and then exploring how learning algorithms could be used to automatically search for gaps in security, analyse vulnerabilities and prepare to exploit these. For this purpose, we will, for the first time, be combining offensive security tactics with state-of the-art aspects of artificial intelligence, such as deep neuronal networks,” clarifies Professor Rieck.

The aim of the researchers is to examine how these aspects can be combined and their performance enhanced by means of the use of machine learning. As Rieck points out, the results of this should enable the team to develop completely novel defence systems that will already take into account the fact that potential hackers may be utilising machine learning.

‘MALFOY’ should help enhance computer security

It may seem odd that the researchers are taking on the role of hackers, but the outcome will contribute to cyber security. “In the first place, we will be looking at an aspect of security that has yet to be studied so that we will learn considerably more about what possible forms present-day computer attacks might take. And this will allow us to develop new protective measures that will ensure we stay one step ahead of those working on methods of breaching computer security systems,” concludes Rieck. Ultimately, two so far separate fields – offensive security and machine learning – will be combined during the project, thus creating a new research domain.

About the European Research Council (ERC)

The ERC was established by the European Union in 2007 as the principal organisation designed to support exceptional trailblazing research in Europe. It provides funding to creative researchers of all nationalities and of any age who are involved in projects based throughout Europe. It has an independent governing body called the Scientific Council. For 2021 to 2027, the ERC has been assigned a total budget that exceeds €16 billion and it operates under the aegis of the Horizon Europe funding programme.