All our social life, work, and movements are stored in our phones and shared with others. In order to early detect malicious infections, intrusions, or data thefts, organizations need to be able to analyze all the data very quickly. New developments in AI and machine learning algorithms have made this protection possible. However, most of the progress in this area has been confined to the corporate world, leaving a key part of our society defenseless.
Adding to the problem, it has never been easier for governments to abuse this very technology to surveil, track, spy, and often harm non-governmental organizations (NGO), human rights defenders, political activists, journalists, and lawyers. Civil society has been so far left behind when it comes to digital defense. Working in the field, often in war zones or facing prosecution, individuals at risk make do without the protection of a large organization, without digital defenses (firewalls, endpoint protection, or strict policies), and without resources. The Civilsphere Project at the Czech Technical University in Prague aims to fill this protection gap to civil society.
Since 2018, the Civilsphere project has been a pioneer in the use of machine learning to help civil society. The project is dedicated to providing individuals at risk with free tools to help detect active malware infections, privacy violations, or signs of digital surveillance. There are two main services offered by Civilsphere to individuals at risk: ShouldIClick and AI-VPN.
Should I click?
There are many reasons why a web link may not be safe to click. A large number of attacks, including targeted attacks, start with a link in an email or chat, generally ending in the full compromise of a device. Can AI help users decide when it is safe enough to click?
ShouldIClick receives a URL, downloads the content of the page, extracts features, and runs detection modules to search for suspicious activity. The results for these detection modules are ensembled to detect specific threats, and a final verdict is reached.
The ShouldIclick service has been active for two years and has been used to analyze and protect thousands of people at risk.
Is my phone at risk?
The Civilsphere AI VPN service was designed to answer this question. Combining a traditional Virtual Private Network (VPN) with network analytics and state-of-the-art machine learning detection algorithms, the AI VPN provides individuals at risk a free assessment of their mobile network traffic in real time.
The Civilsphere AI VPN works by combining three key elements. First, well-known VPN technologies, such as OpenVPN. Second, a system for capturing and storing the network connections generated by the users, which will be further analyzed to detect suspicious connections. Third, the Stratosphere Linux IPS, a free-software machine-learning-based intrusion prevention system, that performs behavioral analysis of the network traffic and automatic blocking of suspicious connections.
The Stratosphere Linux IPS has multiple modules that handle Threat Intelligence feeds, IP enrichment, a LSTM neural net for malicious behavior detection, port scanning detection on flows, long connection detection, and many others. Ensembling algorithms are used to decide the automated blocking of malicious connections. The complete work of Slips is open to the community and published in https://github.com/stratosphereips/StratosphereLinuxIPS.
Protect the vulnerable
Cyber defense is becoming more and more challenging, and more so to those at risk and without resources. Now, there is not only the need to defend devices but also data and even algorithms. With an ever more interconnected software supply chain, it will require a common effort to keep things safe. Combining AI and human experts will allow us to not only improve our security but also protect our most vulnerable groups working in the frontline.
About the author
Veronica Valeros is a senior researcher and project leader of the Stratosphere Research Laboratory at the Czech Technical University in Prague. She has more than 9 years of experience in cybersecurity. Her research strongly focuses on helping people. She currently specializes in threat intelligence, malware traffic analysis, and data analysis. She has made her career in both industry and academia.
In her current position as a project leader, Veronica helps driving forward the research and development projects, improves processes, and drives the community engagement of the groups she works with. As a senior researcher, she is responsible for the research, development, and customer support at the Civilsphere project, dedicated to protecting civil society organizations and individuals at risk from targeted digital threats.
Veronica has presented her research at international conferences such as Black Hat, EkoParty, Botconf, Virus Bulletin, Deepsec, and others. She is the co-founder of the MatesLab hackerspace based in Argentina and co-founder of the Independent Fund for Women in Tech.