Year 2020 Highlights

Data61’s DSS has established itself as a leading group in cybersecurity research with a total of 103 staff and affiliates. 2020 has been one of the most successful years for the group. We have secured several large external grants and published papers in the top security venues such as ACM CCS, Usenix Security, or Crypto. We are grateful to all our collaborators, students and researchers, without their commitment, it would have been impossible to achieve the same results.
Thanks to Data61 management for their continuous support to the group and its research area.

Surya Nepal

Autonomous and Application security team of the DSS group has been establishing national recognition in cybersecurity and ML. Artificial Intelligence (AI) has already been deployed in a multitude of applications, including AI-based defences against AI-powered threats. Current AI-powered threats do not take the context of the environment, such as the resources on the target, into account. This often makes these threats distinguishable from background behaviour. Future AI-powered attacks are expected to consider the context to become more adaptive and persistent, and this way evades detection. In response, this project aims to develop automated threat response methods with real-time situation awareness, AI-based response planning and a multi-level threat response with automation and self-evolving capabilities.

The team is leading three Collaborative research projects (CRPs) with universities including the University of Melbourne, Monash University and Swinburne University.
– Adversarial Machine Learning for Cyber
– Deep Learning for Cyber
– Towards Robust Learning Systems via Amortized Optimization and Domain Adaptation

Three new CRP’s has been approved to commence in 2021 with universities including University of Adelaide, UNSW and Macquarie University:
– Talos: Towards trustworthy machine learning
– Kronos: Towards Fast Feedback Fuzzers
– Security Assessment Framework for Next-Generation IP Networks

Seyit Camtepe

2020 has been a busy year in terms of growth, change and events. As a team, we have welcomed Kristen Moore as staff member, and three new CRP postdocs with our two human centric security collaborative projects: Yanjun Zhang (UQ), Tina Wu (Monash) and Muhammed Esgin (Monash). We have also welcomed three new tiny team members, with proud parents in staff and our extended PhD network.

We have worked closely with three local university industry project students teams: two teams from Swinburne university on one from RMIT. We have also welcomed 7 vacation students, working from Marsfield, Black Mountain and Kintore Avenue. Our Human Centric Security was heavily involved in the organisation of three public events: HACS (Humans And Cyber Security) 2020, the second year that we have run this Special Session in collaboration with IEEE CIC; HCSE&CS (Human Centric Software Engineering & Cyber Security) in collaboration with IEEE/ACM International Conference on Automated Software Engineering; and the Cutting Edge Science and Engineering Symposium: Advances in personalised healthcare and wellbeing support technologies, in collaboration with the Future Science Platform: Precision Health, Health & Biosecurity Business Unit and the Australian eHealth Research Centre.

We have further had a number of projects in collaboration with the CSCRC: IoT consumer perspectives, COVID-19 cyber security perspectives in mass working from home, SA SME Cyber Security uplift, Cyber Common Operating Platform (CCOP), Deception as a Service (DECAAS).

Finally, we have bid farewell to two CRP postdocs: Shabnam Kasra Kermanshahi (RMIT) and Shifeng Sun (Monash). We also had a record number of Data61 PhD scholarship students graduating: M.A.P. Chamikara (RMIT), Ahmad Salehi Shahraki (Monash), Dimaz Wijaya (Monash), Mohammad Nosouhi (UTS), Cong Zuo (Monash), Derek Wang (Swinburne), Nan Sun (Deakin), Chamila Dilshan Diwelwatta Gamage (UNSW ADFA), Hagen Lauer (Monash), Junyang Qiu (Deakin), Shangqi Lai (Monash), Muhammed Esgin (Monash), Jishan Giti (Monash), Nicholas Akinoyokin (Monash), Peter Eze (University of Melbourne). Working remotely this year has been quite an adventure.

Marthie Grobler

This year, the team managed to
– develop a deployable plugin integrating all novel research components to Microsoft outlook.
– win the CSIRO Customer-first award.
– secure several CRC scholarships as follows: 2 PhD scholarships 2020/2023 at QUT and UNSW, 2 honours scholarships 2020/2021 at ECU and UNSW, 7 vacation students’ scholarships 2020/2021
– get 6 paper accepted: 2 TDSC, 2 IEEE TPS, 1 ACM SAC, 1 Elsevier Computer Communications
– establish a great collaboration with SKKU university Korean students.

Dongxi Liu

The Security Data Science team have had a busy year with many new projects beginning and collaborations developing within and external to CSIRO.
With the Defence Science and Technologies group, two projects have commenced this year “Unexpected Event Estimation using Entropy” under the Modelling Complex Warfighting initiative in collaboration with The University of Adelaide, and “A framework for modelling social influence in a wargame setting” with the ORnet program.

In collaboration with CSCRC a major project in collaboration with a financial sector partner has commenced, “Automating Identity And Access Management (IAM)​For Dynamic Business Environments”, which has been very successful so far in building capability with the client that have been delivered and will be trialled in their environment soon. The “Cyber Common Operating Picture” project in collaboration with the Human Centric Security team and the University of Adelaide is continuing and delivering capability to uplift the cyber security knowledge of executives.

Within CSIRO a project has commenced with the Information Security and Privacy group within Data61 and the Energy Business Unit, “Privacy Preserving Technology for Energy Data”. This project has been researching the developing of privacy preserving techniques that can be applied to energy data to solve common optimisation problems, while still preserving the privacy of consumer and corporate data.

Two new CRPs have been approved to commence in collaboration with Defence Science and Technology group, which are “Talos: Towards trustworthy machine learning” in collaboration with University of Adelaide, UNSW and the Autonomous and Application Security team. The second is “Rapid situation awareness using network knowledge” in collaboration with UniSA, University of Wollongong and the University of Adelaide.

Finally, we have welcomed 4 vacation students at Kintore Avenue, who are collaborating on the two projects with CSCRC. We look forward to seeing the outcomes of their vacation research!

Andrew Feutrill

– ‘We started the CSCRC IAM project, our very first solely team-led project, few weeks before the first pandemic lockdown. In spite of all the heddles of the year, we celebrate the successful engagement of our industry partner, showcase of our research, and the timely delivery of our first deliverable this December!’ Selasi

– ‘In partnership with CSIRO A&F, we delivered Value Chain Analytics Platform (https://valuechains.csiro.au) that provides insights into Coles’ fresh food supply chain sustainability and resilience. It is fulfilling to see almost all Coles’ relevant category managers using this system to understand their food supply chains!’ Raj

– ‘I started working on Smartshield and delivered the first version of Smartshield (https://smartshield.ai) as a part of CSCRC project. Exciting days ahead!’ Raj

– PIF project

– Covid Safe App
Autonomous and Application security team of the DSS has contributed to volunteer activity for assessing the security of COVIDSafe app. COVIDSafe is an application which is developed by the Australian Government based on a Singaporean open-source app. The application suite consists of smartphone apps (Android and iOS) and several backend components. The smartphone app uses a Bluetooth Low Energy (BT LE) interface to detect any other device closer than 1.5M for 15 minutes or more. The app logs temporary IDs supplied by those detected devices. If the smartphone owner tests positive for COVID-19, (s)he may upload the logged data to the backend server. This data will then be used by health care workers to track and inform people who have been in contact with the COVID-19+ individual. The team has also taken part in the security assessment of COVIDSafe like tools worldwide. Joint work with University of Adelaide has been accepted for publication at a CORE A* venue: Ruoxi Sun, Wei Wang, Minhui Xue, Gareth Tyson, Seyit Camtepe, Damith Ranasinghe: An Empirical Assessment of Global COVID-19 Contact Tracing Applications, To Appear in International Conference on Software Engineering (ICSE), 2021.

– The “Boeing” project of this year (and last year) is called “Threat modeling for wireless sensor networks for aviation applications’.

– Space FSP Autonomous and Application security team of the DSS group is currently delivering a Space FSP project in collaboration with CASS on Pulsar Randomness. The project investigates potential ways to use unpredictable behaviour of pulsars to fill an essential gap in Cryptography: publicly verifiable and physically sharable universal sources for randomness which can be accessible within or beyond Earth’s atmosphere. The team has recently filed a patent and currently extending its collaboration beyond Australia. The project has received media attention, and there is an interest by JPL@NASA for further discussions.

– ‘We completed and delivered a funded project named ‘BugFinder’ for the US army. I lead the innovation and research involving development of new ML and natural language processing (NLP) based deep learning approaches for vulnerability assessment.  We proposed ‘BERT4ROS’ that is natural language-based API called BERT (Bidirectional Encoder Representations from Transformers) for developing machine learning-based module for automatically detecting vulnerabilities in robot operating systems. BERT4ROS outperformed the state-of-the-art machine learning based technique called “VulDeePecker” – this approach detecting vulnerabilities in source codes using deep learning. BERT4ROS module is successfully implemented in the main framework of BugFinder and is delivered to our client (US army) for deployment. The US Army asked for extension proposal to follow-up and further develop ML/NLP based methods that I led the development of.’ Ejaz

– ‘Risks, mitigations and interventions of mass remote working during the COVID-19 pandemic” is a project that we did in collaboration with the CSCRC. The objective of this research is to gain a basic understanding of how some organisations in Australia have responded to the current cyber security risks brought about by a large proportion of their workforce working from home. The research seeks to analyse perceptions of cyber risks; new policies, strategies and support structures established to obviate these risks; challenges to be overcome; and how the Federal Government might support organisations. This project provided a great collaboration platform between CSIRO’s Data61, CSCRC and UNSW Canberra, with the outputs of our research being shared in the Financial Reviews ‘(https://www.afr.com/technology/call-for-cyber-laws-as-covid-19-highlights-small-business-shortfall-20200521-p54vam). Marthie

– ‘My highlight for 2020 would be, successfully completing the Investigative Analytics (IA) / StellarGraph project. In particular delivering a demonstrable and novel end-to-end Entity Resolution (ER) solution to federal government. The feedback from the IA steering committee has been extremely positive, enthusiastic and encouraging. I am extremely proud of the work I had contributed over the course of the IA program.’ Terry

– ‘My best memory of 2020 is walking kids to/from school without disruption of work while WFH’ Raj

– ‘In 2020 I was most excited by being a part of the working group that established the diversity and inclusion committee (led by Dr Sue Keay) in CSIRO’s Data61 . In 2020, we have seen Covid19 magnifying all existing inequalities, around the world. Hence, it was very timely to create a dedicated D&I committee at Data61 and being one of the people involved in this process was surely very exciting.’ Mehwish

– ‘What stood out for me in 2020 is that people are capable of far more than what they think they can achieve. Despite everything going on around us, we managed to add more to our loads and get more done. A full work load, remote learning kids and doing homework assignments, remote extracurricular activities, managing a household and trying to maintain wellbeing was the norm for a large portion of the year.’ Marthie

– ‘Be flexible. No matter how well you plan, things are most likely not going to work out as as scripted. We had to move so many events to virtual format, after spending months and months planning an in-person event. And it is ok. Virtual is doable.’ Marthie

– ‘My best learning experience: The fortnightly reading group with PhD students from other universities in metropolitan Melbourne’, Nicholas

– ‘My key lesson of 2020 is a renewed and deepened believe in the “ubuntu philosophy” – the idea of communal good: “I am because we are”, “the belief in a universal bond of sharing that connects all humanity”.’ Selasi

– ‘My key lesson of 2020 is that life could become harsh, uncertain and frustrating but if we stay together, cope with the new situation, and finally pass it, we will become stronger. No question about it!’ Meisam

– ‘My best learning experience at Data61 is not limited to one. The fortnightly meetings, invited talks, summer schools are a few of many different opportunities that gave me fantastic learning experiences. ’ Chamikara