Predicting future threats on the Internet: Inria, International University of Rabat and Carnegie Mellon University are collaborating on the NATO-funded ThreatPredict project
The goal of ThreatPredict is to improve prediction of cyber security threats using a novel approach that combines artificial intelligence, big data and heterogeneous input data.
The results it produces will make it possible to best prepare for future attacks and limit their impact. It is funded by the North Atlantic Treaty Organisation (NATO) under the Science for Peace and Security (SPS) program.
“It is often difficult for a company to know whether it has been attacked, or is even currently under attack. As a result, we must dissect the malicious acts after the fact, once the harm has been done. Giving warning about a probable attack that is imminent or in progress will considerably reduce the damage caused. This may seem obvious, but it is extremely complex to implement because the forces involved are very well trained, agile and very often change modus operandi ,” explains Jérôme François , Inria researcher with Resist, a joint Inria-Loria research team.
The project’s main novelty lies in its combining technical data with societal and publicity data, and trends from social networks
Attackers have numerous motivations. During the recent election campaigns in France and the United States, there were attacks which highlighted the societal dimension of certain threats. “Major sporting or political events are often targeted. The impact of attacks can also have strong repercussions on a company’s business activity: monitoring political, societal or even economic indicators has real relevance and significant added value for cyber security, ” points out Ghita Mezzour , Assistant Professor at the International University of Rabat (UIR) in Morocco.
The major difficulty in the field is the number of sources to integrate, for each one is different. The challenge is to develop predictive models by combining technical data, such as those collected by security probes, for example, with non-technical data, particularly from social media.
Scientists, institutions and private partners give themselves three years for the challenge.
The three-year ThreatPredict project will bring together three major institutions in cybersecurity research until December 2020: Inria, through its RESIST team and the High Security Laboratory, both based in Nancy, France; the TICLab laboratory at the International University of Rabat in Morocco; and the Center for Computational Analysis of Social and Organizational Systems (CASOS) at Carnegie Mellon University in the United States.
The project is also supported by two public partners: the US Army Research Lab (Unites-States), General Directorate of Information System Security (Morocco), and one private partner: Thales (France). They play the role of end users by providing their views on the project’s results and direction.