The SuperviZ project is part of the "system security" axis of the PEPR cybersecurity program. It addresses the field of "system, software and network security". More precisely, it targets the detection, response and remediation to computer attacks, subjects grouped under the name of "security supervision".

The digitization of all infrastructures makes it almost impossible today to secure all systems a priori, as it is too complex and too expensive. Supervision seeks to reinforce preventive security mechanisms and to compensate for their inadequacies.

Supervision is fundamental in the general context of enterprise systems and networks, and is just as important for the security of cyber-physical systems. Indeed, with "objects" that should eventually be all, or almost all, connected, the attack surface increases significantly. This makes security even more difficult to implement. The increase in the number of components to be monitored, as well as the growing heterogeneity of the capacities of these objects in terms of communication, storage and calculation, makes security supervision more complex.

In this context, we address challenges related to
  1. the increase in the number and diversity of objects to be supervised (which requires the development and adaptation of new detection mechanisms for heterogeneous environments, with false positive and negative rates that have not been achieved to date),
  2. the complexity of systems interconnected to form large critical infrastructures on a European scale (which requires new detection and supervision models that take into account the criticality and cyber-physical nature of these systems),
  3. the existence of increasingly complex and silent targeted attacks (which requires an observation of the global threat landscape, a capability model of the attackers and a significant improvement of the detection and reaction time), and
  4. the treatment of massive attacks which rapidly affect a significant number of victims (in order to limit the damage suffered by these victims).
Faced with these challenges, it is necessary to significantly improve the efficiency of the detection-reaction chain (response and remediation). The main objective of the project is therefore to provide new solutions and to advance the current scientific state of the art.

These contributions will come from almost all the national research forces in the field, which will be strengthened by this project and will see their links tightened, which is also an objective. Moreover, in coherence with the objectives of the PEPR, we also aim to prepare the transfer of our results to the national industrial community. To this end, the scientific work will lead to prototypes and demonstrators that will be deployed on platforms built within the project. These platforms will be accessible to industrial partners.

Coordinators: Hervé Debar (IMT) and Ludovic Mé (Inria)