Published on Nov 25, 2023 at 12:04 p.m.
“When we started, in 2010, the university absolutely didn’t believe in it. So they put us in the bat…” mischievously mocks researcher Jean-Yves Marion as he shows us his “cyber-fortress” in the mazes of the University of Lorraine.
This place closed by a secure airlock, whose windows “were designed to withstand seven blows of an ax” and which houses “pieces of code that could be considered weapons of war”, is the High Security Laboratory ( LHS) from Loria (Lorraine computer science research laboratory and its applications), located in Nancy.
“It is one of the most important research centers dedicated to cybersecurity in France – with Rennes and Paris – and the first high security laboratory opened in the territory,” specifies the professor. Nearly fifteen years ago, at the beginning of the LHS, “we were still talking about viruses and worms” and “pimply hooded teenagers who were preparing cute cyberattacks from their garage”, remembers Jean-Yves Marion, almost nostalgic .
Those days are long gone! What we now call malicious programs, “malware” or “ransomware”, are remotely controlled by cybercriminal organizations sometimes close to the State, such as Russia or China. “They are almost companies, which place adver on the web, resell data on the black market, organize competitions to search for vulnerabilities…” describes the professor at the University of Lorraine.
A collection of 35 million malware
Faced with this evolving and growing threat – “the more devices are connected, the more the possibilities of attacks increase!” » -, a host of cybersecurity solutions have been launched on the market, whether by big names in the sector, such as Trellix, Microsoft or Symantec, or by start-ups taking advantage of the latest advances in artificial intelligence .
A very dynamic ecosystem, but where the academic world has its role to play. “Companies have a short-term timetable, at best medium-term when they have the means. While research can be devoted to the long term,” recalls Jean-Yves Marion, giving the example of the global phenomenon ChatGPT, resulting from several decades of laboratory research.
So, what would be the “ChatGPT” of Loria? In its “cyber fortress”, the laboratory has confined 35 million malicious programs, collected from the Internet. “We use the honeypot technique, which consists of pretending to be a vulnerable computer, to attract them,” slips the researcher.
This virus database is carefully dissected by the small team of researchers, to improve their knowledge of the state of cyberthreat, but not only that. They also managed to design a system capable of identifying any of these viruses, as well as any “strain” resulting from these viruses, even in the form of slightly modified “variants”.
Detect virus “strains”
A start-up, Cyber-Detect, was launched in 2017 to commercialize the tool. “All the antiviruses that we have on our computers today are faulty, because they are designed to identify viruses that are already known. As soon as a program leaves this perimeter, for example if it was built specifically to attack you, they no longer notice it,” points out Régis Lhoste, head of the start-up, which employs around ten people.
“For our part, we are not interested in the complete form of a virus but only in the small pieces of code, in the variants, which correspond to malicious pieces,” explains the entrepreneur, whose tool has already been adopted by around fifteen clients, half of which are in the public sector.
A budget of 5 million euros
If cyber still suffered from a problem of popularity among researchers a few years ago, because it was considered “too technical”, this academic path “has become more attractive” and “enormous resources have been put on the table at the gradually,” observed Jean-Yves Marion.
Like quantum which has benefited a financing plan of 1.8 billion euros in 2021, the cybersecurity sector was allocated an envelope of 65 million euros last year as part of the national PEPR Cybersecurity program, led by the CNRS, Inria and the CEA. From this sum, the Defmal project at the University of Lorraine – dedicated to malicious programs – obtained an unprecedented budget of 5 million euros, spread over six years.
Enough to mobilize a dozen researchers, and above all develop a multidisciplinary approach in the field. “An exchange platform must be set up to share our data with State services and industrial partners,” specifies the expert. Ultimately, the goal is to multiply the bridges between public and private to cover the multiple facets of the cybercriminal ecosystem, for example, he explains, by maintaining relationships with law enforcement, lawyers or sociologists.