AI has become an emerging technology to assess security and privacy in recent years. Unfortunately, while there are many success stories when using AI for security, many challenges exist. AI is commonly used in the black-box setting, making the interpretability or explainability of the results difficult. So far, research on AI and security has looked at the various sub-problems in isolation, primarily relying on best practices in the domain.

This Dagstuhl Seminar will cover several topics where AI has proved to be a reliable choice to design/attack systems or to detect/prevent attacks. We are especially interested in the connection between the security and AI domains. Indeed, while security researchers commonly use state-of-the-art results from the AI domain, they also need to adapt solutions, representing interesting applications for the AI domain. On the other hand, the security domain deals with specific challenges (e.g., noise as a countermeasure) that can provide new insights for the AI domain on how to deal with noise.

The plan is to bring together researchers working in artificial intelligence (machine learning, fuzzy logic, heuristic, and metaheuristic techniques) and security (cryptography, network security, systems security). The seminar will cover the following AI-assisted security mechanisms:

• Implementation attacks and countermeasures
• Machine learning-based attacks on secure systems
• Trustworthy manufacturing and testing of secure devices
• Validation and evaluation methodologies for physical security
• Design and evaluation of security primitives
• Intrusion detection
• IoT Security & Privacy

We hope the seminar will produce several ideas on improving the state of the art in AI for security. Ideally, there will be joint publications and project proposals as a result of the seminar. Additionally, we plan to prepare and publish a white paper (a few months after the seminar) on state-of-the-art security and AI. The participants will also discuss the topics with the industry members to close the gaps between academic research and industry needs.

We consider this Dagstuhl Seminar a success if the following challenges are addressed:

1. Participants from the different communities collaborate and continue their research with directions resulting from the seminar’s work.
2. Future research directions are proposed for each topic, enabling other forms of collaboration.
3. Thanks to a careful selection of topics, common knowledge and transferable practices are recognized during the seminar to narrow the gap between these topics.

Creative Commons BY 4.0

Lejla Batina, Annelie Heuser, Nele Mentens, Stjepan Picek, and Ahmad-Reza Sadeghi

• Ileana Buhan (Radboud University Nijmegen, NL)
• Lukasz Chmielewski (Radboud Universiteit Nijmegen, NL & Masaryk University - Brno, CZ)
• Alexandra Dmitrienko (Universität Würzburg, DE) [dblp]
• Elena Dubrova (KTH Royal Institute of Technology - Kista, SE) [dblp]
• Oguzhan Ersoy (TU Delft, NL)
• Hossein Fereidooni (TU Darmstadt, DE)
• Fatemeh Ganji (Worcester Polytechnic Institute, US) [dblp]
• Houman Homayoun (University of California, Davis, US)
• Domagoj Jakobovic (University of Zagreb, HR)
• Dirmanto Jap (Nanyang TU - Singapore, SG)
• Florian Kerschbaum (University of Waterloo, CA) [dblp]
• Marina Krcek (TU Delft, NL)
• Jesus Luna Garcia (Robert Bosch GmbH - Stuttgart, DE)
• Damien Marion (IRISA - Rennes, FR)
• Luca Mariot (Radboud University Nijmegen, NL)
• Nele Mentens (Leiden University, NL) [dblp]
• Irina Nicolae (Bosch Center for AI - Renningen, DE)
• Stjepan Picek (TU Delft, NL) [dblp]
• Jeyavijayan Rajendran (Texas A&M University - College Station, US)
• Ahmad-Reza Sadeghi (TU Darmstadt, DE) [dblp]
• Patrick Schaumont (Worcester Polytechnic Institute, US) [dblp]
• Matthias Schunter (INTEL ICRI-SC - Darmstadt, DE) [dblp]
• Mirjana Stojilovic (EPFL - Lausanne, CH)
• Shahin Tajik (Worcester Polytechnic Institute, US) [dblp]
• Trevor Yap (Nanyang TU - Singapore, SG)