Defesa - Dissertação de Afaq Inayat - Instituto de Informática

Contato

Defesa – Dissertação de Afaq Inayat

Detalhes do Evento

Data: 21/11/2025 11:00 – 12:00
Categorias: Dissertação de Mestrado

Aluno(a): Afaq Inayat
Orientador(a): Lisandro Zambenedetti Granville

Título: Employing PDDL Plan to Recommend Security Controls against Cyberattacks
Linha de Pesquisa: Arquiteturas, Protocolos e Gerência de Redes e Serviço

Data: 21/11/2025
Hora: 11:00
Local: Esta banca ocorrerá de forma híbrida (virtual e presencial), na sala Sala 215 (Polycom) do prédio 43412 do Instituto de Informática/UFRGS e pelo link https://conferenciaweb.rnp.br/webconf/rnp-dg.

Banca Examinadora:
-Lucas Bondan (Universidade de Brasília (UnB))
-Jéferson Campos Nobre (Universidade Federal do Rio Grande do Sul (UFRGS))
-Juliano Araújo Wickboldt (Universidade Federal do Rio Grande do Sul (UFRGS))

Presidente da Banca: Lisandro Zambenedetti Granville

Resumo: Cybersecurity represents a dynamic and rapidly evolving discipline continuously challenged by increasingly sophisticated threats that could benefit most from the introduction of Artificial Intelligence (AI). AI offers significant opportunities to enhance cybersecurity, for example, to improve attack modeling, prediction, and response. A promising field of research is AI planning, which involves the automated generation of action sequences to achieve specific goals. For example, in a logistics scenario, the goal could be to satisfy a location, while in a vulnerability scenario, the goal can be defined as an account credential being compromised. We introduce an AI-based approach that uses the Planning Domain Definition Language (PDDL) to model the behavior of cyberattacks, specifically phishing and ransomware. Using an AI planner, we generate detailed attack steps and classify them into standard attack lifecycle phases, including reconnaissance, weaponization, delivery, exploitation, installation, and command & control. The classification is used to propose security controls that align with industrial frameworks such as the NIST Cybersecurity Framework and ISO 27001. The approach was evaluated using a scenario of a phishing attack, highlighting the effectiveness of classifying attack steps and providing countermeasures in compliance with de facto standards. The results highlight the potential of our approach to AI planning to provide a structured and proactive methodology to map and understand the behavior of cyberattacks and provide recommendations for specific protections according to compliance demands.

Palavras-Chave: Artificial Intelligence, AI planning, PDDL, Cybersecurity, Security Controls Recommendation