Showing 1–9 of 9 results for author: Franco, F

The infrastructure powering IBM's Gen AI model development

Authors: Talia Gershon, Seetharami Seelam, Brian Belgodere, Milton Bonilla, Lan Hoang, Danny Barnett, I-Hsin Chung, Apoorve Mohan, Ming-Hung Chen, Lixiang Luo, Robert Walkup, Constantinos Evangelinos, Shweta Salaria, Marc Dombrowa, Yoonho Park, Apo Kayi, Liran Schour, Alim Alim, Ali Sydney, Pavlos Maniotis, Laurent Schares, Bernard Metzler, Bengi Karacali-Akyamac, Sophia Wen, Tatsuhiro Chiba , et al. (121 additional authors not shown)

Abstract: AI Infrastructure plays a key role in the speed and cost-competitiveness of develo** and deploying advanced AI models. The current demand for powerful AI infrastructure for model training is driven by the emergence of generative AI and foundational models, where on occasion thousands of GPUs must cooperate on a single training job for the model to be trained in a reasonable time. Delivering effi… ▽ More AI Infrastructure plays a key role in the speed and cost-competitiveness of develo** and deploying advanced AI models. The current demand for powerful AI infrastructure for model training is driven by the emergence of generative AI and foundational models, where on occasion thousands of GPUs must cooperate on a single training job for the model to be trained in a reasonable time. Delivering efficient and high-performing AI training requires an end-to-end solution that combines hardware, software and holistic telemetry to cater for multiple types of AI workloads. In this report, we describe IBM's hybrid cloud infrastructure that powers our generative AI model development. This infrastructure includes (1) Vela: an AI-optimized supercomputing capability directly integrated into the IBM Cloud, delivering scalable, dynamic, multi-tenant and geographically distributed infrastructure for large-scale model training and other AI workflow steps and (2) Blue Vela: a large-scale, purpose-built, on-premises hosting environment that is optimized to support our largest and most ambitious AI model training tasks. Vela provides IBM with the dual benefit of high performance for internal use along with the flexibility to adapt to an evolving commercial landscape. Blue Vela provides us with the benefits of rapid development of our largest and most ambitious models, as well as future-proofing against the evolving model landscape in the industry. Taken together, they provide IBM with the ability to rapidly innovate in the development of both AI models and commercial offerings. △ Less

Submitted 7 July, 2024; originally announced July 2024.

Comments: Corresponding Authors: Talia Gershon, Seetharami Seelam,Brian Belgodere, Milton Bonilla

QBER: Quantifying Cyber Risks for Strategic Decisions

Authors: Muriel Figueredo Franco, Aiatur Rahaman Mullick, Santosh Jha

Abstract: Quantifying cyber risks is essential for organizations to grasp their vulnerability to threats and make informed decisions. However, current approaches still need to work on blending economic viewpoints to provide insightful analysis. To bridge this gap, we introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk… ▽ More Quantifying cyber risks is essential for organizations to grasp their vulnerability to threats and make informed decisions. However, current approaches still need to work on blending economic viewpoints to provide insightful analysis. To bridge this gap, we introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ). The QBER approach serves as a guided approach for organizations to assess risks and strategically invest in cybersecurity. △ Less

Submitted 6 May, 2024; originally announced May 2024.

Comments: 10 pages, 9 equations, 3 tables, 2 figures

QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience

Authors: Jan von der Assen, Muriel F. Franco, Muyao Dong, Burkhard Stiller

Abstract: Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily in… ▽ More Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily interpreted by decision-makers. This can hinder downstream activities, such as discussing security investments and a security control's economic applicability. This article introduces QuantTM, an approach that incorporates views from operational and strategic business representatives to collect threat information during the threat modeling process to measure potential financial loss incurred by a specific threat event. It empowers the analysis of threats' impacts and the applicability of security controls, thus supporting the threat analysis and prioritization from an economic perspective. QuantTM comprises an overarching process for data collection and aggregation and a method for business impact analysis. The performance and feasibility of the QuantTM approach are demonstrated in a real-world case study conducted in a Swiss SME to analyze the impacts of threats and economic benefits of security controls. Secondly, it is shown that employing business impact analysis is feasible and that the supporting prototype exhibits great usability. △ Less

Submitted 21 February, 2024; originally announced February 2024.

RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports

Authors: Muriel Figueredo Franco, Fabian Künzler, Jan von der Assen, Chao Feng, Burkhard Stiller

Abstract: Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide indi… ▽ More Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide individualized and quantitative monetary estimations of cybersecurity impacts. Due to limited resources and technical expertise, SMEs and even large companies are affected and struggle to quantify their cyberattack exposure. Therefore, novel approaches must be placed to support the understanding of the financial loss due to cyberattacks. This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs using real-world information from public cybersecurity reports. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies. Furthermore, RCVaR extends current methods to achieve cost and risk estimations based on historical real-world data instead of only probability-based simulations. The evaluation of the approach on unseen data shows the accuracy and efficiency of the RCVaR in predicting and managing cyber risks. Thus, it shows that the RCVaR is a valuable addition to cybersecurity planning and risk management processes. △ Less

Submitted 20 July, 2023; originally announced July 2023.

Traffic Centralization and Digital Sovereignty: An Analysis Under the Lens of DNS Servers

Authors: Demétrio F. Boeira, Eder J. Scheid, Muriel F. Franco, Luciano Zembruzki, Lisandro Z. Granville

Abstract: The Domain Name System (DNS) service is one of the pillars of the Internet. This service allows users to access websites on the Internet through easy-to-remember domain names rather than complex numeric IP addresses. DNS acts as a directory that translates the domain names into a corresponding IP address, allowing communication between computers on different networks. However, the concentration of… ▽ More The Domain Name System (DNS) service is one of the pillars of the Internet. This service allows users to access websites on the Internet through easy-to-remember domain names rather than complex numeric IP addresses. DNS acts as a directory that translates the domain names into a corresponding IP address, allowing communication between computers on different networks. However, the concentration of DNS service providers on the Internet affects user security, privacy, and network accessibility. The reliance on a small number of large DNS providers can lead to (a) risks of data breaches and disruption of service in the event of failures and (b) concerns about the digital sovereignty of countries regarding DNS hosting. In this sense, this work approaches this issue of DNS concentration on the Internet by presenting a solution to measure DNS hosting centralization and digital sovereignty in countries. With the data obtained through these measurements, relevant questions are answered, such as which are the top-10 DNS providers, if there is DNS centralization, and how dependent countries are on such providers. △ Less

Submitted 3 July, 2023; originally announced July 2023.

Comments: 8 pages, 7 figures

SECAdvisor: a Tool for Cybersecurity Planning using Economic Models

Authors: Muriel Figueredo Franco, Christian Omlin, Oliver Kamer, Eder John Scheid, Burkhard Stiller

Abstract: Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve… ▽ More Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve a better cybersecurity strategy. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models. SECAdvisor allows to (a) understand the risks and valuation of different businesses' information, (b) calculate the optimal investment in cybersecurity for a company, (c) receive a recommendation of protections based on the budget available and demands, and (d) compare protection solutions in terms of cost-efficiency. Furthermore, evaluations on usability and real-world training activities performed using SECAdvisor are discussed. △ Less

Submitted 16 April, 2023; originally announced April 2023.

Comments: 12 pages, 7 figures, 2 tables, 9 equations

The Role of Machine Learning in Cybersecurity

Authors: Giovanni Apruzzese, Pavel Laskov, Edgardo Montes de Oca, Wissam Mallouli, Luis Burdalo Rapa, Athanasios Vasileios Grammatopoulos, Fabio Di Franco

Abstract: Machine Learning (ML) represents a pivotal technology for current and future information systems, and many domains already leverage the capabilities of ML. However, deployment of ML in cybersecurity is still at an early stage, revealing a significant discrepancy between research and practice. Such discrepancy has its root cause in the current state-of-the-art, which does not allow to identify the… ▽ More Machine Learning (ML) represents a pivotal technology for current and future information systems, and many domains already leverage the capabilities of ML. However, deployment of ML in cybersecurity is still at an early stage, revealing a significant discrepancy between research and practice. Such discrepancy has its root cause in the current state-of-the-art, which does not allow to identify the role of ML in cybersecurity. The full potential of ML will never be unleashed unless its pros and cons are understood by a broad audience. This paper is the first attempt to provide a holistic understanding of the role of ML in the entire cybersecurity domain -- to any potential reader with an interest in this topic. We highlight the advantages of ML with respect to human-driven detection methods, as well as the additional tasks that can be addressed by ML in cybersecurity. Moreover, we elucidate various intrinsic problems affecting real ML deployments in cybersecurity. Finally, we present how various stakeholders can contribute to future developments of ML in cybersecurity, which is essential for further progress in this field. Our contributions are complemented with two real case studies describing industrial applications of ML as defense against cyber-threats. △ Less

Submitted 20 June, 2022; originally announced June 2022.

IASIS and BigMedilytics: Towards personalized medicine in Europe

Authors: Ernestina Menasalvas Ruiz, Alejandro Rodríguez-González, Consuelo Gonzalo Martín, Massimiliano Zanin, Juan Manuel Tuñas, Mariano Provencio, Maria Torrente, Fabio Franco, Virginia Calvo, Beatriz Nuñez

Abstract: One field of application of Big Data and Artificial Intelligence that is receiving increasing attention is the biomedical domain. The huge volume of data that is customary generated by hospitals and pharmaceutical companies all over the world could potentially enable a plethora of new applications. Yet, due to the complexity of such data, this comes at a high cost. We here review the activities of… ▽ More One field of application of Big Data and Artificial Intelligence that is receiving increasing attention is the biomedical domain. The huge volume of data that is customary generated by hospitals and pharmaceutical companies all over the world could potentially enable a plethora of new applications. Yet, due to the complexity of such data, this comes at a high cost. We here review the activities of the research group composed by people of the Universidad Politécnica de Madrid and the Hospital Universitario Puerta de Hierro de Majadahonda, Spain; discuss their activities within two European projects, IASIS and BigMedilytics; and present some initial results. △ Less

Submitted 20 September, 2018; originally announced September 2018.

Journal ref: XVIII Conference of the Spanish Association for Artificial Intelligence (CAEPIA). 2019

An Analysis of Technical Debt Management Through Resources Allocation Policies in Software Maintenance Process

Authors: Eduardo Ferreira Franco, Joaquim Rocha, Hamilton Carvalho, Martins Marcelo, Kechi Hirama

Abstract: This paper presents an analysis of technical debt management through resources allocation policies in software maintenance process during its operation to demonstrate how different strategies leads to the emergence of different behaviors along the evolution path. To achieve this objective, this work used the System Dynamic approach for building a computational simulation model based on extensive l… ▽ More This paper presents an analysis of technical debt management through resources allocation policies in software maintenance process during its operation to demonstrate how different strategies leads to the emergence of different behaviors along the evolution path. To achieve this objective, this work used the System Dynamic approach for building a computational simulation model based on extensive literature review and secondary data. Most of the works that applied the System Dynamics on software projects research, focused on initial phases of its life cycle, leaving a gap to be explored regarding the long-term behaviors of the operation and maintenance phases. The results demonstrated that the excessive focus on the perfective maintenance activities could be more costly than performing regular preventive maintenance to reduce the technical debt incurred, ending up with fewer functionalities deployed, higher backlog, lower productivity, lower maintainability and higher technical principal. △ Less

Submitted 22 September, 2016; originally announced September 2016.

Comments: in Proceedings of the 34th International Conference of the System Dynamics Society, Jul 2016, Delft, Netherlands. 2016