释放攻击性人工智能:自动生成攻击技术代码

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-08-28 DOI:10.1016/j.cose.2024.104077
Eider Iturbe , Oscar Llorente-Vazquez , Angel Rego , Erkuden Rios , Nerea Toledo
{"title":"释放攻击性人工智能:自动生成攻击技术代码","authors":"Eider Iturbe ,&nbsp;Oscar Llorente-Vazquez ,&nbsp;Angel Rego ,&nbsp;Erkuden Rios ,&nbsp;Nerea Toledo","doi":"10.1016/j.cose.2024.104077","DOIUrl":null,"url":null,"abstract":"<div><p>Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"147 ","pages":"Article 104077"},"PeriodicalIF":4.8000,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003821/pdfft?md5=50584419d0d6a55d9170eea75a91154b&pid=1-s2.0-S0167404824003821-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Unleashing offensive artificial intelligence: Automated attack technique code generation\",\"authors\":\"Eider Iturbe ,&nbsp;Oscar Llorente-Vazquez ,&nbsp;Angel Rego ,&nbsp;Erkuden Rios ,&nbsp;Nerea Toledo\",\"doi\":\"10.1016/j.cose.2024.104077\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"147 \",\"pages\":\"Article 104077\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-08-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003821/pdfft?md5=50584419d0d6a55d9170eea75a91154b&pid=1-s2.0-S0167404824003821-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003821\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003821","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

人工智能(AI)技术正在彻底改变数字世界,并成为现代数字系统的基石。随着网络犯罪分子采用零日漏洞利用等新技术或黑客即服务等新商业模式,他们的能力正在不断扩大。虽然人工智能能力可以改善网络安全措施,但同样的技术也可以被用作进攻性网络武器,制造复杂而错综复杂的网络攻击。本文介绍了一种由人工智能驱动的自动生成攻击技术的机制,包括从初始攻击向量到与影响相关的行动。它对模拟攻击进行了全面分析,强调了使用人工智能技术(特别是大型语言模型(LLM)技术)更有可能生成的攻击战术和技术。这项工作通过经验证明,LLM 技术可被网络犯罪分子轻松用于执行攻击。此外,该解决方案还可以补充漏洞和攻击模拟(BAS)平台和框架,从而以受控方式自动进行安全评估。BAS 可以通过人工智能驱动的攻击模拟来增强,提出新的方法来自动编程多种攻击技术,甚至是同一攻击技术的多个版本。因此,人工智能增强型攻击模拟可帮助确保数字系统刀枪不入,免受各种攻击载体和行动的攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Unleashing offensive artificial intelligence: Automated attack technique code generation

Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Beyond the sandbox: Leveraging symbolic execution for evasive malware classification Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks PdGAT-ID: An intrusion detection method for industrial control systems based on periodic extraction and spatiotemporal graph attention Dynamic trigger-based attacks against next-generation IoT malware family classifiers Assessing cybersecurity awareness among bank employees: A multi-stage analytical approach using PLS-SEM, ANN, and fsQCA in a developing country context
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1