Smart cybersecurity: pooling to prevent suffering

During the Assises de la Sécurité, in October in Monaco, Guillaume Poupard (DG ANSSI) proposed “to anticipate not to suffer any more and find solutions through a collective approach”. Two experts from Cyblex Technologies, Philippe Lepain, Chief Technology Officer, and Roberto Pasqua, Doctor of Computer Science, explained how pooling would consolidate cybersecurity through artificial intelligence.

The sophistication and scale of attacks on information systems make them increasingly destructive. Cybersecurity is a major economic issue due to the absolute need to protect data, companies’ information capital. A race has begun against pirates and ransomware who are ahead of the curve in this war.

While safeguarding cyberspace is the business of states and intergovernmental regulatory organisations (EU, OECD), it is also the business of companies, large and small, and users who are also consumers but not yet sufficiently aware of their vulnerability. In companies, this awareness must extend beyond CIOs and CISOs, to reach all decision-makers and employees. The risk analysis must match methods, tools and training.

Talent management and skills development

Faced with these major threats and the risks they create, the state and entrepreneurial worlds have not progressed at the same speed as that of the aggressors in terms of skills. The lack of foresight has reduced the demand for talents trained to resist and counter attacks. The Gartner Information Security Report estimates this market’s overall annualised growth at 8.5% from 2017 to 2022. This study predicts the strongest acceleration in Security as a Service. This favourable market is growing. But, according to Le Monde, 350,000 cybersecurity jobs would be lacking in Europe by 2022. This scarcity of skills is already visible in France, with 1,200 unfilled positions out of 6,000 in 2017. There is a lack of security operation centres (SOC) operators, while the threats increase as much as the masses of data to be processed. We are trying to fill this gap with artificial intelligence (AI), but attackers, for their part, are also investing in this area. We then understand the imperative of AI methods in SOCs, but data scientists are too often absent.

French and European sovereignty in cyber intelligence

Recently, the French Land and Air-Land Defense and Security Industries Association (GICAT) proposed creating a sovereign technological response in the area of digital surveillance (Cluster Data Intelligence). A cluster of companies will merge the know-how of large industrial groups, SMEs and start-ups.
Cyblex Technologies shares the desire of ANSSI, GICAT and the European Commission to federate public-private partners to meet cybersecurity challenges by highlighting the technological potential that arises from its mergers. Besides, the recommendation to create 3IA research centres, resulting from the Villani report on the national AI research strategy, aims to curb the French backwardness in this area. It has generated the launch of four poles of excellence within which we see possible collaborations, particularly in our region of origin, in Toulouse, with the ANITI project dedicated to research on hybrid AI, more reliable, mixing different methods and technologies. By our size, we know that it is futile to fight alone in the face of the cyber hurricane announced in the Montaigne Institute report on cyber threats (2018). However, we have already launched a research and development focus on machine learning for cybersecurity.

Towards an open, multidisciplinary, transparent and innovative community

We believe that GICAT and the 3IA clusters alone will not meet the challenge of cybercrime. Through an open platform, we want to aggregate the intelligence of various actors such as companies, research laboratories, communities and individuals, including ethical white hats.

Through an open platform, we want to aggregate the intelligence of various actors.

In addition to these actors’ necessary diversity, there is that of multi-sectoral data that will feed the platform as it develops. Beyond the interest of creating this wealth while testing the detection methods on a particular corpus, we will build a shared and widely distributed knowledge base, including both the source data and a wide variety of attack models. This knowledge base will help contribute to standardisation efforts and propose standards for exchanging these flows.

The platform will rely on a third founding pillar: a wide choice of detection methods. They generally relate to the AI’s world since they come to support the human operator if not replace.

In cybersecurity, many hypotheses remain to be tested. Supervised learning is too costly in terms of indexing malicious and benign corpora, and the unsupervised approach, which is easier to implement, generates too many false positives. Other detection methods are even more risky, such as neural networks, but they have not been proven. The platform will offer to test the most promising research results, for example, active learning.

We know it is pointless to fight alone in the face of a cyber hurricane.

In Monaco, Guillaume Poupard recalled that “the open-source approach is essential, and requires everyone’s involvement even the smallest players”. We believe that only the free software model can lead to the success of this vision. We must open the black boxes presented to customers as magic software and shed light on their content. If we do not apply the principles of open source, they will remain closed. Publishing and delivering results transparently is not always natural, but the potential gains are real when providing services to the cybersecurity market.

Therefore, our proposal incorporates the fact that decision-makers cannot make choices without understanding the results of attack detection software. The platform will offer new types of applications to test, evaluate and compare the results of detection methods in a pragmatic way. We must focus our approach on uses, as Anaël Beaugnon does in her recent thesis (Supervised learning and detection systems: an end-to-end approach involving security experts).

In the field of cybersecurity, no current system offers tools to understand and characterise the results of AI engines, any more than really adapted ergonomic interfaces. In this regard, the representation space for malicious flows is not yet sufficiently defined. What’s more, since the attacker/defender war risks employing the same AI weapons, human arbitration is essential. Therefore, the platform will be based on the diversity of actors, data and detection methods in a multi-sector, transversal and transparent approach. It will not achieve our goals without innovation in terms of pedagogical and ergonomic tools as it also needs to be engaging to attract talents. Its mission will be to reduce the digital divide that can arise from the inappropriate application of AI in cybersecurity.

Through this adaptive, iterative, reactive and transparent approach, our intention is to pool means to prevent suffering.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.