Cybi: intelligent cybersecurity for predicting attacks

Cybi: picking up where Scuba left off

My name is Cybi, which stands for Cybersecurity Intelligence. I have just flown the nest in 2022, but I was in intensive research and development since many years ago. I started out as an idea in the dreams of four Inria researchers and was born in the corridors of RESIST. My project team, involving specialists in networks and cybersecurity at Inria and Loria, has an experimental platform used exclusively for studying and analysing vulnerabilities of connected devices. This is where Scuba was developed, the technology behind my creation. In 2019 Régis Lhoste, my future CEO, came into this room and discovered Scuba: “I had just been introduced to the team, and they showed me their work by attacking a commercial electric smart plug. After bouncing around, their attack chain ended up reaching an industrial logic controller. An attack on a simple connected electric plug was capable of impacting an entire production line.” 

Chain attacks

The IoT or Internet of Things has already introduced millions of connected objects into our lives: fridges, sockets, lamps, watches, etc. Frédéric Beck, an Inria research engineer and member of the RESIST project team, sees all of these objects as new ways of getting inside computer networks: “Manufacturers move fast to the market and often neglect the robustness of their programs. The connected electric plug which we used to demonstrate Scuba’s capacities was released in 2014 with software components dating back to 2011, and with known and old vulnerabilities.” 

RESIST developed its experimental platform in order to tackle this problem, allowing them to evaluate the security levels of products available on the market. They are also able to put them in real-world situations and into their running environments, interacting with other objects. For Frédéric Beck, working in context like this is crucial: “The majority of cyber-attacks nowadays employ the use of attack chains, moving from object to object in order to find bridges and points of entry. An object which has a high security score can also become a crossing point as soon as it interacts with other connected objects. I tested this out at home. My router has a very high score, but it was acting as a bridge for all of the attack scenarios.”

On the day of the demonstration in front of Régis Lhoste, Scuba worked to perfection, identifying all the necessary crossing points and every possible attack path. The technology also suggests which corrective actions ought to be prioritised. “Industrial Logic controllers are highly vulnerable, but they also can't be shut down without this interrupting production, and making their update hard, even impossible in some situations. Scuba showed that it was possible to take proactive actions on the detected chain in order to prevent attacks reaching them. In this case, the weak link turned out to be the connected plug.” In the future Scuba, a complex piece of technology, will give me a competitive advantage on the cybersecurity market.

AI for natural cybersecurity processing

In 2020, the scale and diversity of these attack chains prompted RESIST to file a patent for Scuba. At its core, artificial intelligence modules are capable of reading and learning. Abdelkader Lahmadi, an associate professor at the University of Lorraine and member of the RESIST project team, was one of my creators: “Known security vulnerabilities are listed and described textually in the CVE (Common Vulnerabilities and Exposures) databases. Each time a breach is discovered, often during a Bug Bounty campaign, where thousands of ethical hackers put systems to the test, manufacturers must correct that breach and document the solution, making this available free to access. The corpus of the CVE is made up of billions of lines of text. It’s informal: people write descriptions using their own words. The advantage of Scuba is that it is able to read and understand extremely quickly these descriptions.” 

That’s the secret to my success: my ability to automatically consult CVE online, copy them and correlate them in order to analyse the vulnerabilities and identify their respective causes and consequences.  Using this enriched information, I am then able to identify similarities in all systems and predict paths of attacks or intrusions. But Abdelkader Lahmadi doesn't see Scuba as a robot capable of handling cybersecurity on its own: “Scuba was developed in response to cybersecurity talent shortage to fight against online criminals. Security Operations Centres for major companies must handle dozens of new vulnerabilities and thousands of alerts every day, but they lack resources to correlate and prioritise all of them. What Cybi will provide is a decision support tool that will help them to predict attacks and to prioritise defence operations.” 

Cybi against Pegasus

In 2016 the Pegasus spy software was discovered, revealing the scale of the attack. My creators wanted to know what I could have done and so staged a rematch. The verdict? With Scuba, I could have predicted all of the attack chains for this dreadful malicious software. In 2016 I would have been able to read Pegasus’s intentions.

In another clash with the virus Puzzle-maker, I was even able to identify variants that were unknown at the time. Régis Lhoste will be the man responsible for presenting my victories to future clients: “We will be targeting the SOCs of major companies, presenting this disruptive innovation and offering them Scuba with its user licence. After a long maturation period, the stars are in alignment for launching Cybi on the market.” In 2018 four Inria researchers dreamt of setting out on an adventure. As Frédéric Beck puts it, “We wanted to see how far we could take our break room discussions.”

These discussions developed into something more concrete with support from Inria’s technology transfer unit, the University of Lorraine and the Incubateur Lorrain, who found me premises, oversaw my first steps, assisted me with my business model and helped me find funding. In 2018 I was just an idea around a coffee machine. In 2022 I will be at all cybersecurity expos and engaged in further battles against cyber-attacks.