Disputation: Åvald Åslaugson Sommervoll

Doctoral candidate Åvald Åslaugson Sommervoll at the Department of Informatics, Faculty of Mathematics and Natural Sciences, is defending the thesis Machine learning for offensive
cyber operations for the degree of Philosophiae Doctor.

    Time and place: , Kristen Nygaards sal (5370), Ole-Johan Dahls hus /ZOOM
    Picture of the candidate

    Photo: UiO

     

    The PhD defence will be partially digital, in Kristen Nygaards sal (5370), Ole-Johan Dahls hus and streamed directly using Zoom. The host of the session will moderate the technicalities while the chair of the defence will moderate the disputation.

    Ex auditorio questions: the chair of the defence will invite the attending audience at Kristen Nygaards sal to ask ex auditorio questions. 

    Trial lecture

    “The CVSS metrics – past, present and future”

    Time and place: February 13,  2023 1:00 PM, Kristen Nygaards sal (5370), Ole-Johan Dahls hus/ZOOM

     

    Main research findings

    • Cybersecurity with machine learning has received widespread attention in education, research, and innovation in both the private and public sectors. Unfortunately, while essential for strong cyber security, offensive cyber operations with machine learning have seen significantly less innovation, at least in open academic literature. This thesis's contribution to the field of offensive cyber operations with machine learning can naturally be divided into the following: 1. Algorithmic cryptanalysis with machine learning 2. SQL injection with machine learning The historical cipher Enigma's plugboard is shown to be susceptible to an attack powered by the machine learning technique Genetic Algorithms, being broken far faster than any earlier attack. Modern ciphers are naturally more robust than historical ciphers. The cryptographic algorithm ASCON is still secure, but the novel machine learning technique, The Phantom Gradient Attack, is shown to attack many of its subfunctions successfully. OWASP's top 10 had SQL injections as the number one web vulnerability in 2017; in 2021, it was number three. This thesis highlights the possibility of automated SQL injection exploitation and identification with reinforcement learning for accelerated penetration testing. The reinforcement learning agent can exploit all 5 SQL injection archetypes, distinguish between them, and determine whether or not the website is vulnerable.

    Adjudication committee:

     

    • Professor Geir Myrdahl Køien, University of South-East Norway
    • Professor Kathryn Laskey, George Mason University, USA
    • Professor Ketil Stølen, Department of Informatics, University of Oslo and SINTEF, Norway

    Supervisors

    • Professor Audun Jøsang, Department of Informatics, UIO, Norway

    • Professor II Leif Nilsen, Department of Technology Systems, UIO

    • Associate Professor Thomas Gregersen, Department of Technology Systems, UIO

    Chair of defence:

    Professor Carsten Griwodz

    Candidate contact information

    Contact information at Department: Mozhdeh Sheibani Harat 

    Published Jan. 30, 2023 3:14 PM - Last modified Feb. 13, 2023 12:50 PM
    E-mail this page