During the Assises de la Sécurité, in October in Monaco, Guillaume Poupard (DG ANSSI) proposed “to anticipate not to suffer any more and find solutions through a collective approach”. Two experts from Cyblex Technologies, Philippe Lepain, Chief Technology Officer, and Roberto Pasqua, Doctor of Computer Science, explained how pooling would consolidate cybersecurity through artificial intelligence.
The sophistication and scale of attacks on information systems make them increasingly destructive. Cybersecurity is a major economic issue due to the absolute need to protect data, companies’ information capital. A race has begun against pirates and ransomware who are ahead of the curve in this war.
While safeguarding cyberspace is the business of states and intergovernmental regulatory organisations (EU, OECD), it is also the business of companies, large and small, and users who are also consumers but not yet sufficiently aware of their vulnerability. In companies, this awareness must extend beyond CIOs and CISOs, to reach all decision-makers and employees. The risk analysis must match methods, tools and training.
Talent management and skills development
French and European sovereignty in cyber intelligence
Towards an open, multidisciplinary, transparent and innovative community
Through an open platform, we want to aggregate the intelligence of various actors.
In addition to these actors’ necessary diversity, there is that of multi-sectoral data that will feed the platform as it develops. Beyond the interest of creating this wealth while testing the detection methods on a particular corpus, we will build a shared and widely distributed knowledge base, including both the source data and a wide variety of attack models. This knowledge base will help contribute to standardisation efforts and propose standards for exchanging these flows.
The platform will rely on a third founding pillar: a wide choice of detection methods. They generally relate to the AI’s world since they come to support the human operator if not replace.
In cybersecurity, many hypotheses remain to be tested. Supervised learning is too costly in terms of indexing malicious and benign corpora, and the unsupervised approach, which is easier to implement, generates too many false positives. Other detection methods are even more risky, such as neural networks, but they have not been proven. The platform will offer to test the most promising research results, for example, active learning.
We know it is pointless to fight alone in the face of a cyber hurricane.
In Monaco, Guillaume Poupard recalled that “the open-source approach is essential, and requires everyone’s involvement even the smallest players”. We believe that only the free software model can lead to the success of this vision. We must open the black boxes presented to customers as magic software and shed light on their content. If we do not apply the principles of open source, they will remain closed. Publishing and delivering results transparently is not always natural, but the potential gains are real when providing services to the cybersecurity market.
Therefore, our proposal incorporates the fact that decision-makers cannot make choices without understanding the results of attack detection software. The platform will offer new types of applications to test, evaluate and compare the results of detection methods in a pragmatic way. We must focus our approach on uses, as Anaël Beaugnon does in her recent thesis (Supervised learning and detection systems: an end-to-end approach involving security experts).
In the field of cybersecurity, no current system offers tools to understand and characterise the results of AI engines, any more than really adapted ergonomic interfaces. In this regard, the representation space for malicious flows is not yet sufficiently defined. What’s more, since the attacker/defender war risks employing the same AI weapons, human arbitration is essential. Therefore, the platform will be based on the diversity of actors, data and detection methods in a multi-sector, transversal and transparent approach. It will not achieve our goals without innovation in terms of pedagogical and ergonomic tools as it also needs to be engaging to attract talents. Its mission will be to reduce the digital divide that can arise from the inappropriate application of AI in cybersecurity.
Through this adaptive, iterative, reactive and transparent approach, our intention is to pool means to prevent suffering.