At CICERO, we work to advance cybersecurity technologies for identifying, protecting against, detecting, responding to, and recovering from cyber threats. As digital technologies become more deeply integrated into daily life, the risks associated with them also increase. This makes continuous innovation in cybersecurity essential to adopting new technologies without exceeding acceptable levels of risk.
The consortium—formed by GRADIANT, CEIT, FIDESOL, I2CAT, and ITCL—works together to drive this mission and strengthen technology transfer across key research areas.
Personal contribution
Within CICERO, I lead two tasks focused on malware analysis and secure AI, and I also contribute to the security of ORAN networks.
Malware analysis
Developed a PoC application for Malware analysis, gathering over 30 Million Malware Samples from vx-undeground, which I then decompiled with Radare2 to generate a dataset with the assembly code of each binary, classified by family. The assembly instructions were tokenized and converted into embeddings, which were used to fine-tune a BERT-uncased model for malware family classification.
Although other architectures were tested, I chose BERT-uncased instead of larger models because it provides an excellent trade-off between accuracy and computational cost. Given the size of the dataset (tens of millions of samples), larger architectures would have required substantially more hardware and training time. BERT-uncased allowed me to process and fine-tune on massive amounts of assembly code efficiently while still achieving high classification performance.
The application had over 97% accuracy when detecting malicious against bening samples, and over 93% accuracy on detecting the correct malware family. The application was served using FastAPI endpoints via Uvicorn, with a simple UI with drag & drop functionaly, which allow users to easily analyse any binary. Additionally, the entire application was containerized with Docker, allowing it to be deployed seamlessly across different environments.
Secure AI
Developed a PoC application for testing and improving the robustness of text-based transformer models. The system generates evaluation pipelines capable of assessing models against a wide range of threats, including all out-of-the-box attacks provided by TextAttack as well as custom, user-defined threats created through Python scripts. The application also provides an intuitive interface for selecting multiple defense strategies, such as adversarial training, feature squeezing, and defensive distillation, and evaluating how models behave under adversarial conditions, with or without defenses enabled.
The application was served using FastAPI and Uvicorn, featuring a simple drag-and-drop UI that allows users to easily test models and datasets. The entire system was containerized with Docker for seamless deployment across different environments.
ORAN Security
Performed log analysis on data generated by the O-RAN DU, RU, and CU modules to identify which log sources were most useful for producing security events aligned with the MITRE FIGHT Framework.
Afterwards I modified the OSSEC Agent to gather the required data and be able to send it to Wazuh, where I developed custom detection rules to identify relevant threats. I was also responsible for deploying, configuring, and maintaining the Wazuh toolstack on a VPS, as well as executing attacks against the O-RAN infrastructure using the KeySight IoT Security Assessment platform to validate the detection capabilities.