The University of Strathclyde has announced that researchers at its Centre for Intelligent and Dynamic Communications are working on a cyber security solution that uses AI and deception to protect network systems.

Upon identifying a breach, “Lupovis” – a name derived from “lupus” (Latin for wolf) and “ovis” (sheep) – aims to convince a cyber attacker that they are inside the network. But, in reality, they are inside a decoy system, which mirrors the true infrastructure, but is designed to deceive and steer them away from key assets. As long as the hacker is inside the system, they will be monitored by the company’s Security Operations Centre.

A spin-out company is being formed to commercialise the technology, initially looking at the energy sector.

“Hackers are highly sophisticated and skilled, and so for Lupovis to succeed we need to build a convincing narrative.

“The system engages and understands their next moves through the network and what their behaviour patterns are, to divert them away from valuable assets and arrest the breach effectively.

“We respond to their behaviour and skills level by using incentives and gamifying vulnerabilities.

“The gamification aspect is important as you need to keep offering incentives if you want them to move down a particular path.

“The longer we keep them engaged, the longer we are keeping them away from assets and are blocking the malicious actions that would stop the network functioning, maintaining business and operational continuity.”

Principal investigator and entrepreneur Dr Xavier Bellekens from the University

According to Strathclyde’s Professor Ivan Andonovic, who will be a Director of the spin-out company:

“There are currently no similar solutions, as decoys are usually static and once a decoy is exploited by a cybercriminal, they can continue moving towards valuable assets in the network.”

He added: “Lupovis offers a dynamic system turning networks from a flock of sheep to a pack of predators.”