Intern Program AI security & Cybersecurity

Job description

As an intern with the Navinfo Europe Cybersecurity team, you will research and write your master thesis on innovations cybersecurity technologies for Connected cars, IoT, Artificial Intelligence solutions.

You will have the freedom and support of Navinfo Europe to develop your research in one of the fastest-growing business areas of the world. We will give you the opportunity to gain knowledge and skills on a wide range of the most innovative cybersecurity tools, technologies, and methodologies.

You are free to write your own research proposal or choose one of the following suggested areas of research:

1. Penetration testing and reverse engineering of Connected cars and IoT devices.

2. Automated Man-in-the-middle attacks for the mobile network (2G/3G/4G/5G) traffic with software-defined radio (SDR) solutions.

3. Cybersecurity protection for Artificial Intelligence solutions, Deep Neural networks (DNN) models.


Open internship projects provided below:

1. Internship project/Master thesis: Automated Man-in-the-middle attacks for 2G/3G/4G/5G mobile networks with SDR solutions.

Mobile communications are used by more than two-thirds of the world population who expect security and privacy guarantees. Even though privacy was a requirement, numerous man-in-the-middle attacks, and network traffic interception techniques were demonstrated at the biggest cybersecurity conferences.

In this research, we will automate mobile traffic interception for different mobile network standards and discover new vulnerabilities in communications protocols. Finally, we will conduct a security analysis of the vulnerability and propose countermeasures to remedy our attacks.


2. Internship project/Master thesis: Penetration testing and reverse engineering of Connected cars and IoT devices.

Connected cars are likely the most complex connected devices we see. The attack surface is immense – the Internet, mobile, Bluetooth, custom RF protocols, DAB, media files imported over USB, remote diagnostics, telematics, mobile apps… As an intern, you will get hands-on experience with penetration testing and software, hardware reverse engineering of modern electric cars and IoT devices:

· Software fuzzing

· Exploit development

· Key fob communication security analyses

· NFC communication security analyses

· CAN bus communication security analyses

· Reverse engineering firmware

· Reverse engineering mobile application


3. Internship project/Master thesis: Improve robustness of digital watermarking DNN models (This project is not available anymore)

Comprehensive IP protection of NavInfo Europe models requires robustness of digital watermarking methods against various attacks. Ambiguity attack is one that can be rightfully classified as the most difficult. Ambiguity attack aims to cast doubts on the ownership verification by forging counterfeit watermarks. The ownership is in doubt since both the original and forged watermarks are detected by the verification process. This type of attack poses serious threats to existing DNN watermarking methods. Two recent NIPS papers (for example 2019, 2020) addressed the problem. Despite a very promising approach, our recent analysis shows that these methods are still very limited in the remedy of ambiguity attacks. Therefore, further research is required in that direction. Since the topic is relatively new and there is not much material on it, research work would take a long time and require freedom that hardly available in a commercial organization. That is why we propose to start the exploration of that topic with a student master thesis project.


4. Internship project/Master thesis/PhD project: Coverage-guided penetration testing of DNN models 

It is well known that DNN models can be easily offended by adversarial attacks. A DNN model is unsafe if even one adversarial example (mislabeled after minor perturbation) can be found. To prevent enormous financial and reputational risks, a penetration test is required. The test can provide a meaningful indication of model performance and robustness; bug finding and structure analysis. Applying various adversarial attacks by using available toolboxes (e.g. advbox, foolbox) in an unconstrained way is insufficient. The testing that is done within the guidelines from non-structured coverage metrics is much more promising. Coverage-guided penetration test stays away from exhaustive (endless) testing and indicates test completeness. Several recent papers (for example 2018, 2020, 2020, toolbox) show potential and development in this direction. While testing, random mutation enhanced with the coverage knowledge, i.e., targeted mutation, is designed to generate test cases. It is important to mention that there is a strong connection link to AD scenario simulation, in which completeness or coverage have to be estimated as well. However, the attacks generated by random mutations do not correlate with the published one in the available toolboxes. This significantly reduces the tested space as well as its representativeness of actual attacks on DNN. Therefore, further research is required in that direction. Since the topic is large, new, and there is not much material on it, research work would take a very long time and require freedom that hardly available in a commercial organization. That is why we propose to start the exploration of that topic with a student master thesis or PhD project (depending on the scope).


5. Internship project/Master thesis: Digital watermarking of proprietary datasets for training DNN models (This project is not available anymore)

NavInfo possesses several proprietary and costly datasets that are used to train DNN models. Hidden labeling such data by digital watermarking could prevent financial and reputational risks caused by data leakage or accidental breaches. Dataset watermarking creates imperceptible changes to a dataset such that any model trained on it will carry an identifiable mark. The watermark should be robust to strong variations during the training such as different architectures or optimization methods. One recent paper (2020) addressed that problem by embedding a digital watermark successfully. However, that approach is restricted to blind attacks such as architectural or training changes. In an adversarial scenario, the detectability of that carried mark is reduced and attacks, such as evasion attack, can be performed. Therefore, further research is required in that direction. Since the topic is relatively new and there is not much material on it, research work would take a long time and require freedom that is hardly available in a commercial organization. That is why we propose to start the exploration of that topic with a student internship/master thesis project.


6. Internship project/Master thesis: Improved protection against DNN knowledge stealing (This project is not available anymore)

Protecting the confidentiality of DNN models becomes very important nowadays due to the rising popularity of development attacks to steal knowledge via prediction API. These attacks can cause not only IP consequences but also serious performance and reputational consequences. In the second case, an adversary may use a stolen model to find transferable adversarial examples that can evade classification by the original model. Prediction APIs still provide enough information to allow an adversary to mount model extraction attacks by sending repeated queries via the prediction API. Modern stealing attacks (for example 2020, 2020) do not require a large number of queries to extract the model. On the contrary, they require much fewer queries than iterations during that DNN learning. Recent papers (e.g. 2019, 2020) present methods that aimed to protect against knowledge stealing attacks by detection or evasion. However, detection makes strong assumptions on the attack query distribution, which cannot be always guaranteed. Moreover, more popular evasion methods are perturbation-based, hence can affect model prediction accuracy. Therefore, further research is required in that direction. Since the topic is quite large new and there is not much material coverage, research work would take a long time and require freedom that hardly available in a commercial organization. That is why we propose to start the exploration of that topic with a student master thesis project.

7. Internship project/Master thesis: Optimal parametrization of penetration testing of DNN models (This project is not available anymore)

It is well known that Deep Neural Network (DNN) models can be easily offended by adversarial attacks. A DNN model is unsafe if even one adversarial example (mislabeled after minor perturbation) can be found. To prevent enormous financial and reputational risks, a penetration test is required. The test can provide a meaningful indication of model performance and robustness; bug finding and structure analysis. Applying various adversarial attacks by using available toolboxes (for instance advbox, foolbox) in an unconstrained way is insufficient. In the case of highly parametrized attacking methods the test hyper and meta parametrization plays important role since the amount of testing methods scales up very rapidly. There is well-known work in the direction of probabilistic surrogate sequential model-based (Bayesian) optimization (e.g. 2011) of model hyper parameters. An alternative to that is using deterministic surrogates (2017) or meta machine learning approaches (for example 2020). Therefore, gathering and fitting the optimal parametrization to penetration testing of DNN models becomes very important. General nature of these approaches is expected to enable domain-agnostic parametrization for penetration testing of DNN models. Therefore, further research is required in that direction. This work is closely connected to our another student research project “Coverage-guided penetration testing of DNN models.”

Requirements

Education:

  • Background in relevant domain (e.g. Cybersecurity, AI,  Data Analytics, Data Science, BI or related field)
  • Finishing bachelor or Master at university (WO) or Applied Sciences university (HBO) in the Netherlands, Belgium, Germany.

Technical skills:

  • Ability to read, interpret and analyze researches
  • Writing and presenting. Knowledge about information security (focus on people/ process). 
  • Able to communicate complexity (verbal and written)

Soft skills:
Ability to work well in an international team environment


Interested?

Does this profile describe you and are you interested in this internship program? Please apply!

You can expect a challenging paid internship with professional guidance. For more information contact the HR department via hrm@navinfo.eu