Generating Fake Cyber Threat Intelligence Using Transformer-Based Models
- URL: http://arxiv.org/abs/2102.04351v1
- Date: Mon, 8 Feb 2021 16:54:35 GMT
- Title: Generating Fake Cyber Threat Intelligence Using Transformer-Based Models
- Authors: Priyanka Ranade, Aritran Piplai, Sudip Mittal, Anupam Joshi, Tim Finin
- Abstract summary: We show that a public language model like GPT-2 can generate plausible CTI text with the ability of corrupting cyber-defense systems.
We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus.
- Score: 2.9328913897054583
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Cyber-defense systems are being developed to automatically ingest Cyber
Threat Intelligence (CTI) that contains semi-structured data and/or text to
populate knowledge graphs. A potential risk is that fake CTI can be generated
and spread through Open-Source Intelligence (OSINT) communities or on the Web
to effect a data poisoning attack on these systems. Adversaries can use fake
CTI examples as training input to subvert cyber defense systems, forcing the
model to learn incorrect inputs to serve their malicious needs.
In this paper, we automatically generate fake CTI text descriptions using
transformers. We show that given an initial prompt sentence, a public language
model like GPT-2 with fine-tuning, can generate plausible CTI text with the
ability of corrupting cyber-defense systems. We utilize the generated fake CTI
text to perform a data poisoning attack on a Cybersecurity Knowledge Graph
(CKG) and a cybersecurity corpus. The poisoning attack introduced adverse
impacts such as returning incorrect reasoning outputs, representation
poisoning, and corruption of other dependent AI-based cyber defense systems. We
evaluate with traditional approaches and conduct a human evaluation study with
cybersecurity professionals and threat hunters. Based on the study,
professional threat hunters were equally likely to consider our fake generated
CTI as true.
Related papers
- Preventing Jailbreak Prompts as Malicious Tools for Cybercriminals: A Cyber Defense Perspective [1.083674643223243]
Jailbreak prompts pose a significant threat in AI and cybersecurity, as they are crafted to bypass ethical safeguards in large language models.
This paper analyzes jailbreak prompts from a cyber defense perspective, exploring techniques like prompt injection and context manipulation.
We propose strategies involving advanced prompt analysis, dynamic safety protocols, and continuous model fine-tuning to strengthen AI resilience.
arXiv Detail & Related papers (2024-11-25T18:23:58Z) - Is Generative AI the Next Tactical Cyber Weapon For Threat Actors? Unforeseen Implications of AI Generated Cyber Attacks [0.0]
This paper delves into the escalating threat posed by the misuse of AI, specifically through the use of Large Language Models (LLMs)
Through a series of controlled experiments, the paper demonstrates how these models can be manipulated to bypass ethical and privacy safeguards to effectively generate cyber attacks.
We also introduce Occupy AI, a customized, finetuned LLM specifically engineered to automate and execute cyberattacks.
arXiv Detail & Related papers (2024-08-23T02:56:13Z) - From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and
Privacy [0.0]
This research paper highlights the limitations, challenges, potential risks, and opportunities of GenAI in the domain of cybersecurity and privacy.
The paper investigates how cyber offenders can use the GenAI tools in developing cyber attacks.
We will also discuss the social, legal, and ethical implications of ChatGPT.
arXiv Detail & Related papers (2023-07-03T00:36:57Z) - Recognizing and Extracting Cybersecurtity-relevant Entities from Text [1.7499351967216343]
Cyber Threat Intelligence (CTI) is information describing threat vectors, vulnerabilities, and attacks.
CTI is often used as training data for AI-based cyber defense systems such as Cybersecurity Knowledge Graphs (CKG)
arXiv Detail & Related papers (2022-08-02T18:44:06Z) - Automating Privilege Escalation with Deep Reinforcement Learning [71.87228372303453]
In this work, we exemplify the potential threat of malicious actors using deep reinforcement learning to train automated agents.
We present an agent that uses a state-of-the-art reinforcement learning algorithm to perform local privilege escalation.
Our agent is usable for generating realistic attack sensor data for training and evaluating intrusion detection systems.
arXiv Detail & Related papers (2021-10-04T12:20:46Z) - Certifiers Make Neural Networks Vulnerable to Availability Attacks [70.69104148250614]
We show for the first time that fallback strategies can be deliberately triggered by an adversary.
In addition to naturally occurring abstains for some inputs and perturbations, the adversary can use training-time attacks to deliberately trigger the fallback.
We design two novel availability attacks, which show the practical relevance of these threats.
arXiv Detail & Related papers (2021-08-25T15:49:10Z) - Generating Cyber Threat Intelligence to Discover Potential Security
Threats Using Classification and Topic Modeling [6.0897744845912865]
Cyber Threat Intelligence (CTI) has been represented as one of the proactive and robust mechanisms.
Our goal is to identify and explore relevant CTI from hacker forums by using different supervised and unsupervised learning techniques.
arXiv Detail & Related papers (2021-08-16T02:30:29Z) - The Feasibility and Inevitability of Stealth Attacks [63.14766152741211]
We study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence systems.
In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself.
arXiv Detail & Related papers (2021-06-26T10:50:07Z) - A System for Efficiently Hunting for Cyber Threats in Computer Systems
Using Threat Intelligence [78.23170229258162]
We build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI.
ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, and (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors.
arXiv Detail & Related papers (2021-01-17T19:44:09Z) - A Targeted Attack on Black-Box Neural Machine Translation with Parallel
Data Poisoning [60.826628282900955]
We show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data.
We show that this attack can be realised practically via targeted corruption of web documents crawled to form the system's training data.
Our results are alarming: even on the state-of-the-art systems trained with massive parallel data, the attacks are still successful (over 50% success rate) under surprisingly low poisoning budgets.
arXiv Detail & Related papers (2020-11-02T01:52:46Z) - Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence [94.94833077653998]
ThreatRaptor is a system that facilitates threat hunting in computer systems using open-source Cyber Threat Intelligence (OSCTI)
It extracts structured threat behaviors from unstructured OSCTI text and uses a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities.
Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
arXiv Detail & Related papers (2020-10-26T14:54:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.