In the PIRAT\’); team, we aim at addressing the whole attack chain to draw a holistic picture of the threat landscape and propose innovative counter-measures that can, for some of them, be quickly transferred to the industry.

This holistic approach asks for gathering in the same team the skills that are important to understand, detect or resist to various attacks. To this aim, programming languages, operating systems, networks, distributed systems, artificial intelligence count among the required skills. Capitalizing on the multiple skills of the members of the team enables to study all steps of the kill chain. For instance, a malicious code as a ransomware exploiting a system vulnerability should be studied from different perspectives: its code, the generated events leading to its detection at the network and operating system levels, its interaction with regular security tools, its interactions with the attacker infrastructures, its place in the kill chain. The study results would have consequences at organization level for the targeted company.

Research directions

• Comprehension of attacks: our goal is to collect up-to-date attack data, representative of current malicious activities, and eventually that can be shared to the community and to propose tools and approaches to build representations of complex attack scenarios. These representations should be useful for an expert in charge of analyzing a compromised system, even for large scale ones.
• Detection of attacks: our goal is to propose distributed and collaborative detection systems, and to propose AI-based detection models, on the one hand with human-in-the-loop and on the other hand self-configurable and self-adaptive.
• Resistance to attacks: our goal is to build automatic cyber-ranges, to strengthen security tools, particularly machine learning-driven threat detection and classification tools, and to provide justified and irrefutable evidence of undesirable behaviors to allow correct parties to ignore these behaviors.