Cyber Security Automation and Orchestration (CySA) Team

Our Research

The team concentrates on evolving cyber security solutions at the same pace as new cyber technologies such as AI/ML, quantum and 6G and supply-chains emerge. We observe that malicious groups are much faster to identify opportunities and use the most recent technology (e.g., AI/ML) quite effectively to reach their objectives. Consequently, cyber security attacks are getting more complex, adaptive and non-deterministic. The team want to break this vicious cycle and give an unfair advantage to defenders by effective use of secure AI/ML-based automation and orchestration for Cyber Security. For this reason, the team develops innovative ways to operationalize recent AI/ML results in a noisier, massively distributed (e.g., intelligence to resolve an alert may require ingestion of a range of information from many sources over the Internet) and less structured cyber domain. We continuously evolve such solutions to address the technical drift that cyber security solutions face when they meet with the practice and humans. Overall research and development activities within the team are carried under two main sub-teams:

AI Security (AISec), led by Dr Jason Xue: AI/ML itself has critical vulnerabilities, which may result in an extended threat landscape when AI/ML is applied to complex cybersecurity problems. The AI Security sub-team aims to: 

                     Develop trustworthy AI/ML algorithms, 
                     Install guardrails for responsible design and deployment of AI systems, and 
                     Apply trustworthy AI to real-world cyber-critical applications.

The sub-team examines and establishes the intrinsic connections and properties between the cyber domain and feature space tailored for various cyber-critical infrastructures to ensure the correct representation and transferability of the recent results in robust and secure AI.

Automated Security (AutoSec), led by Dr Ejaz Mohammad: Utilizing AI/ML technologies has become critical to supplement the shortage of security analysts in making crucial security decisions. The Automated Security (AutoSec) sub-team emphasizes the use of technology to detect security threats within extensive system artefacts rapidly. We develop AI/ML-based solutions to ensure security and provenance at scale and reduce the attack surface each software/hardware solution brings to the organization. The AutoSec sub-team’s focus areas include:

  Automated malware analysis and API deobfuscation for binaries using language models.

                     Supply chain security analysis of open-source packages and their dependencies from vulnerabilities context.
                     Program analysis and NLP.
                     Applied ML for digital forensics.

The team became a primary driver for Data61’s growth focus technology area of AI and Cyber Security, which aims to use AI to protect against cyber-attacks and mitigate new forms of AI-enabled cyber-attacks. The team plays a critical role in Cyber Security CRC with its leadership role in the CRC’s Theme 2.2 – Security Automation and Orchestration. Additionally, the team is a major player in DSTG Cyber Security engagement, DHA’s 6G Security program and AU/NZ Cyber Security Research Program. The team is also a trusted advisor for the government (State Governments) and defence (e.g., AU Defence, US Army). Consequently, the team has a growing capacity, capabilities, research ecosystem and recognition to lead these topics in Australia and worldwide.