The PhD defence will be partially digital, in Kristen Nygaards sal (5370), Ole-Johan Dahls hus and streamed directly using Zoom. The host of the session will moderate the technicalities while the chair of the defence will moderate the disputation.
Ex auditorio questions: the chair of the defence will invite the attending audience at Kristen Nygaards sal to ask ex auditorio questions.
Trial lecture
“The CVSS metrics – past, present and future”
Time and place: February 13, 2023 1:00 PM, Kristen Nygaards sal (5370), Ole-Johan Dahls hus/ZOOM
Main research findings
-
Cybersecurity with machine learning has received widespread attention in education, research, and innovation in both the private and public sectors. Unfortunately, while essential for strong cyber security, offensive cyber operations with machine learning have seen significantly less innovation, at least in open academic literature. This thesis's contribution to the field of offensive cyber operations with machine learning can naturally be divided into the following: 1. Algorithmic cryptanalysis with machine learning 2. SQL injection with machine learning The historical cipher Enigma's plugboard is shown to be susceptible to an attack powered by the machine learning technique Genetic Algorithms, being broken far faster than any earlier attack. Modern ciphers are naturally more robust than historical ciphers. The cryptographic algorithm ASCON is still secure, but the novel machine learning technique, The Phantom Gradient Attack, is shown to attack many of its subfunctions successfully. OWASP's top 10 had SQL injections as the number one web vulnerability in 2017; in 2021, it was number three. This thesis highlights the possibility of automated SQL injection exploitation and identification with reinforcement learning for accelerated penetration testing. The reinforcement learning agent can exploit all 5 SQL injection archetypes, distinguish between them, and determine whether or not the website is vulnerable.
Adjudication committee:
- Professor Geir Myrdahl Køien, University of South-East Norway
- Professor Kathryn Laskey, George Mason University, USA
- Professor Ketil Stølen, Department of Informatics, University of Oslo and SINTEF, Norway
Supervisors
- Professor Audun Jøsang, Department of Informatics, UIO, Norway
-
Professor II Leif Nilsen, Department of Technology Systems, UIO
-
Associate Professor Thomas Gregersen, Department of Technology Systems, UIO
Chair of defence:
Professor Carsten Griwodz
Contact information at Department: Mozhdeh Sheibani Harat