Hackers turn hunted in new AI-based cyber security deception tool

The University of Strathclyde has announced that researchers at its Centre for Intelligent and Dynamic Communications are working on a cyber security solution that uses AI and deception to protect network systems.

Upon identifying a breach, “Lupovis” – a name derived from “lupus” (Latin for wolf) and “ovis” (sheep) – aims to convince a cyber attacker that they are inside the network. But, in reality, they are inside a decoy system, which mirrors the true infrastructure, but is designed to deceive and steer them away from key assets. As long as the hacker is inside the system, they will be monitored by the company’s Security Operations Centre.

A spin-out company is being formed to commercialise the technology, initially looking at the energy sector.

Principal investigator and entrepreneur Dr Xavier Bellekens from the University, said:

“Hackers are highly sophisticated and skilled, and so for Lupovis to succeed we need to build a convincing narrative.

“The system engages and understands their next moves through the network and what their behaviour patterns are, to divert them away from valuable assets and arrest the breach effectively.

“We respond to their behaviour and skills level by using incentives and gamifying vulnerabilities.

“The gamification aspect is important as you need to keep offering incentives if you want them to move down a particular path.

“The longer we keep them engaged, the longer we are keeping them away from assets and are blocking the malicious actions that would stop the network functioning, maintaining business and operational continuity.”

According to Strathclyde’s Professor Ivan Andonovic, who will be a Director of the spin-out company:

“There are currently no similar solutions, as decoys are usually static and once a decoy is exploited by a cybercriminal, they can continue moving towards valuable assets in the network.”

He added: “Lupovis offers a dynamic system turning networks from a flock of sheep to a pack of predators.”

 


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.