Innovative Security Solutions: Gaetano Perrone Tutor Simon Pietro Romano

Slide Note
Embed
Share

Gaetano Perrone, a PhD holder in Information Technology, is the co-founder of SecSI and has a background in Computer Science Engineering. He has worked on projects like AI platforms for ethical hacking and security automation. His contributions include software development of a collaborative ethical hacking platform and an AI engine for suggesting actions during hacking sessions.

kald_4
kald_4 Follow

Uploaded on Nov 17, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Gaetano Perrone Tutor: Simon Pietro Romano XXXIV Cycle - I year presentation SecSI: Security Solutions for Innovation

  2. Background Computer Science Engineering degree in 2017 Docker Security Playground: A microservices-based platform for the study of Network Security scenarios Security Consultant in NTT Data (2017 - 2018) Today PhD in Information Technology and Electrical Engineering Cofounder of SecSI Gaetano Perrone 2

  3. Context 1. AI Platform aimed at supporting the penetration tester during Ethical Hacking sessions In collaboration with NTT Data Combine Vulnerability Assessment and Penetration Testing techniques by using AI Focus on Web Applications Artificial Intelligence for WAPT DSP improvements Drag and Drop Interface Hack Tools 2. Security Automation & Virtualization Gaetano Perrone 3

  4. Contribution (1 of 2) Software Development of Ch4pt3r: Collaborative Ethical Hacking Platform for Penetration Tester A complete model and implementation of Web Application Penetration Test Hacking Goals and Web Attacks 1. Based on OWASP Testing Guide and Penetration Test reports Web Attack classification 2. AI Models Design and Development Suggest users best actions to perform in order to detect vulnerabilities Focused on Reninforcement Learning and Natural Language Processing techniques 1. 2. Gaetano Perrone 4

  5. AI Engine to detect best actions User A.I. Assistant Application 1 1 DESIGN S0 S1 S2 2 2 SF 3 3 For the chosen HackingGoal, the AI Assistant will suggest all possible actions that the user may pursue, ordered by estimated efficacy From the current state, the AI Assistant will suggest all possible actions that the user may pursue, ordered by estimated efficacy THE PROCESS IS REPEATED UNTIL The user finds himself in another node User starts the session and chooses HackingGoal The user reaches the final state where he needs to take a decision PROCESS FINAL STATE The application records the outcome of the Hacking Session User chooses any action to be pursued among all suggested actions User chooses any action to be pursued among all suggested actions The application moves the user towards the next step in the Hacking Session by following the path designed by the choosen action and records the choice The application moves the user towards the next step in the Hacking Session by following the path designed by the choosen action and records the choice The AI Assistant updates its scores associated to each action s efficacy with the data collected from the new session Gaetano Perrone 5

  6. NLP to detect valid HTTP requests Gaetano Perrone 6

  7. Ch4PT3r Architecture Virtual Security Analyst The pentester connects to the application and performs a Hacking Session AI Engine: suggests the pentester the best action for each step in the Hacking Session suggested on the basis of historical data Hacktuator: the hacker armed arm , it offers an API to obtain observations from the environment and to send Hacking actions Gaetano Perrone 7

  8. Contribution (2 of 2): DSP improvements Drag and Drop Interface Improve virtual security network scenarios design phase Hack Tools oneline feature A complete subset of security tools to improve enhance and simulation experience Gaetano Perrone 8

  9. Next Years Formalize our results Hacking Goals concept formalization Comparison with other attack classifications (CAPEC: Common Attack Platform and Enumeration Classification) Evaluation phase Testbed design for XSS and SQLi models Compare our results with current state of art detection techniques Reproducibility of experiments by using DSP Improve Docker network by using virtual network technologies Integrate experiment models in our platform Gaetano Perrone 9

  10. Thanks for the attention! Gaetano Perrone 10

Related


MLER Tutor Program Overview

MLER Tutor Program Overview

joseda
Advancing Liberal Professions in the Digital Era: Insights from CEPLIS President Gaetano Stella

Advancing Liberal Professions in the Digital Era: Insights from CEPLIS President Gaetano Stella

cpett
Explore AP Human Geography with Ms. Dana Romano

Explore AP Human Geography with Ms. Dana Romano

issa_983
Learn Touch Typing Efficiently with Rapid Typing Tutor

Learn Touch Typing Efficiently with Rapid Typing Tutor

leah_95
Get Your Schoolwork Done with Tutor.com Online Classroom

Get Your Schoolwork Done with Tutor.com Online Classroom

hees405
A Comparative Analysis of Piggy and Simon in Lord of the Flies

A Comparative Analysis of Piggy and Simon in Lord of the Flies

klepa
Power and Sorcery in Samaria: The Conversion of Simon

Power and Sorcery in Samaria: The Conversion of Simon

hillegass_m
Meet Quentin and Simon, Two French Students from Jacques Marquette High School

Meet Quentin and Simon, Two French Students from Jacques Marquette High School

kove_983
SIMON Training for New Clinical Users - Comprehensive Guide

SIMON Training for New Clinical Users - Comprehensive Guide

veda
Comprehensive DevOps Security Training Overview

Comprehensive DevOps Security Training Overview

jahv_808
Innovative Approaches in Quality Frameworks for Social Services: The Maltese Experience

Innovative Approaches in Quality Frameworks for Social Services: The Maltese Experience

dev_sa
Comprehensive IT & Security Solutions for Home and Business Needs

Comprehensive IT & Security Solutions for Home and Business Needs

aziza
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Salaat Tutor - A Comprehensive Guide for Children and Parents

Salaat Tutor - A Comprehensive Guide for Children and Parents

farah
Year 5 GP Assistantship Tutor Training 2023-2024 Overview

Year 5 GP Assistantship Tutor Training 2023-2024 Overview

xenia
Standardized Operations Proposal for BCC Tutoring Working Group

Standardized Operations Proposal for BCC Tutoring Working Group

chandler
Funeral Arranging and Administration Diploma Course Overview

Funeral Arranging and Administration Diploma Course Overview

zbink
Understanding and Addressing Prejudices and Stereotypes in Tutor Training

Understanding and Addressing Prejudices and Stereotypes in Tutor Training

pnai
Developing Local Tutor Workforce for Enhanced Sports Education in Highland

Developing Local Tutor Workforce for Enhanced Sports Education in Highland

zam_nu
Comparison of Model-Tracing and Constraint-Based Intelligent Tutoring Paradigm

Comparison of Model-Tracing and Constraint-Based Intelligent Tutoring Paradigm

cdeci
Innovative Enterprise Security Solutions by Vigilant Platforms

Innovative Enterprise Security Solutions by Vigilant Platforms

estea
Understanding Security in World Politics

Understanding Security in World Politics

eisenberg_k
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University

kol_lov

More Related Content