Summary
- Profile Type
- Research & Development Request
- POD Reference
- RDRDK20241120014
- Term of Validity
- 20 November 2024 - 20 November 2025
- Company's Country
- Denmark
- Type of partnership
- Research and development cooperation agreement
- Targeted Countries
- All countries
Contact the EEN partner nearest to you for more information.
Find my local partner
General information
- Short Summary
- A Danish cybersecurity SME seeks partners with expertise in artificial intelligence and machine learning for an R&D project. The aim is to develop advanced methodologies to identify malicious activities in noisy cybersecurity event logs, improving incident detection accuracy. The SME invites academic and industrial partners specializing in deep learning, time series analysis, and cybersecurity solutions for collaboration under a research cooperation agreement.
- Full Description
-
The company specializes in aggregating and analyzing cybersecurity event logs from diverse sources, including computer networks, devices, and intelligence providers. The current challenge is filtering through vast amounts of unstructured data to detect and predict cyberattacks effectively while minimizing false positives—a critical issue in the industry often referred to as "alert fatigue."
The proposed R&D project seeks to develop a machine learning framework capable of recognizing and clustering patterns of malicious activities within large volumes of low-fidelity detection signals. Inspired by methodologies used in other domains like healthcare and finance, the research will focus on the correlation of disparate events into coherent attack narratives.
The ideal consortium would include:
- Academic partners with expertise in AI/ML for developing innovative algorithms (e.g., deep learning, anomaly detection, graph neural networks).
-Cybersecurity specialists to ensure domain-relevant feature selection, synthetic data generation, and robust model validation.
Optionally, an industrial partner (e.g., managed security service providers or tech vendors) for strategic integration, data enrichment, and market research.
The project aligns with the Digital Europe Programme call DIGITAL-ECCC-2024-DEPLOY-CYBER-07, with an anticipated budget of €5 million. Expressions of Interest (EOIs) are open until May 31, 2025. - Advantages and Innovations
-
The project offers a transformative approach to cybersecurity by:
- Applying cutting-edge AI techniques like deep learning and graph neural networks to a high-impact domain.
- Reducing the industry's reliance on noisy data by focusing on actionable insights and precise detections.
- Bridging gaps in current cybersecurity solutions through interdisciplinary collaboration.
- While the initial focus is on cybersecurity, the methodologies developed are expected to have cross-domain applicability, benefiting industries such as healthcare, finance, and social sciences. - Stage of Development
- Under development
- Sustainable Development Goals
- Goal 17: Partnerships to achieve the Goal
- Goal 9: Industry, Innovation and Infrastructure
- Goal 16: Peace and Justice Strong Institutions
- IPR description
-
The consortium seeks:
- Academic institutions specializing in machine learning, AI, and cybersecurity research for algorithm development and proof-of-concept studies.
- Cybersecurity-focused entities to provide domain expertise and assist in feature validation, model testing, and real-world simulation.
Optionally, industrial partners (e.g., MSSPs or technology vendors) for integrating the developed solutions into existing cybersecurity frameworks.
Partners should be experienced in EU research projects and committed to collaborative, interdisciplinary development.
Partner Sought
- Expected Role of a Partner
-
We aim to form a consortium to apply for an R&D grant of the order of 3M-5M EUR over a two- or three-year period. In addition to our company, which will provide the infrastructure and the data, the ideal consortium shall consist of
(1) machine learning experts from academia (approx. 2 or 3 FTE plus the principal investigator),
(2) cybersecurity experts with a focus on SIEM/NDR/EDR and the related issues of false-positive reduction (approx. 2 FTE plus the principal investigator), and,
(3) optionally, a commercial partner, i.e., another non-competing company which may have complementary data- or strategic interests in this collaboration.
Note: The above is indicative only. We are open to suggestions for alternative formations of the consortium. The participation of an academic partner who specializes in AI/ML is however a must-have. Deep learning is especially relevant.
The contributions of the prospective partners are as follows.
==== Academic partner with the ML/AI focus (e.g., university, research institute)
- Literature review, including research on the state of the art
- Co-development of the machine learning methodology
- Co-development of the PoC
- Joint publications and dissemination
Areas of expertise: Deep learning, graph neural networks, anomaly detection, supervised classification (with highly imbalanced classes), time series analysis, pattern mining, predictive failure analysis, process mining, speech separation, blind source separation, video classification, video captioning, ontologies, etc.
==== Academic partner with the cybersecurity focus (e.g., university, research institute)
- Literature review, including research on the state of the art
- Domain expertise for feature selection and data validation
- Experiment design and data acquisition (e.g., red team, generation of synthetic data)
- Co-development of the PoC
- Joint publications and dissemination
Areas of expertise: Network security, NDR, EDR, SIEM, alert fatigue, virtual environments, ontologies, machine learning, etc.
==== Industrial partner (MSSP, MDR, or data/technology vendors)
- Product/strategic integration
- Data sharing, enrichment, and integration
- Market research
- Co-development of the PoC
- Networking
Areas of expertise: SOC, NDR, EDR, IDS, SIEM, SOAR, XDR, MSSP, MDR, MITRE framework, etc. - Type and Size of Partner
- R&D Institution
- SME 50 - 249
- SME <=10
- Big company
- University
- SME 11-49
- Type of partnership
- Research and development cooperation agreement
Call details
- Framework program
- Digital Content
- Call title and identifier
-
DIGITAL-ECCC-2024-DEPLOY-CYBER-07 (deadline 2024/01/21) but open to alternatives
- Anticipated project budget
-
EUR 5.000.000
- Coordinator required
-
No
- Deadline for EoI
- Deadline of the call
- Project title and acronym
-
Identification of Attack Flows from Low-Fidelity Detection Signals Using Machine Learning
- Digital Content
Dissemination
- Market keywords
- 02006007 - Databases and on-line information services
- 02007020 - Artificial intelligence programming aids
- 02007016 - Artificial intelligence related software
- 02006008 - Data storage
- Targeted countries
- All countries