Autore Topic: How AI Can Be Applied To Cyberattacks  (Letto 384 volte)

0 Utenti e 1 Visitatore stanno visualizzando questo topic.

Offline Flavio58

How AI Can Be Applied To Cyberattacks
« Risposta #1 il: Luglio 27, 2018, 08:29:10 pm »
Advertisement
Nowadays, artificial intelligence is a kind of a de facto standard. One would be hard-pressed to find an industry where AI or machine learning found no applications. AI projects are popping up everywhere -- from law to medicine, farming to the space industry.

Cybersecurity is not an exception. As early as 2013, pioneer companies such as Cylance, Darktrace and Wallarm have released AI-based cybersecurity products. Since then, the number of security startups using some sort of machine learning has grown year after year. These are cyber threat defenders armed with AI, but what about AI-powered attackers?

It would be foolish to assume that attackers and intruders would forgo such an effective tool as AI to make their exploits better and their attacks more intelligent. It’s especially true now when it’s so easy to use so many machine learning technologies out of the box, leveraging open-source frameworks like TensorFlow, Torch or Caffe. Not being an attacker, I can still speculate what these AI-generated exploits might look like, when we can expect them to materialize and how we can protect us from these threats.


We got our first glimpse of what AI-powered attacks would look like from the DARPA’s Cyber Grand Challenge -- the world’s first all-machine cyber hacking tournament that happened two years ago in 2016. That contest proved that it was possible to fully automate practical cybersecurity aspects like exploit generation, attack launch and patch generation processes. We can pinpoint this event as the beginning of the era of fully automated cybersecurity.

To understand how machine learning works regarding cyberattacks, we need to understand the attack process a little better by formalizing it. I'll attempt to explain what happens from a technical perspective when we hear about a data breach. All the successful attacks that lead to data breaches can be divided into several stages that should be passed by attackers to make the breach happen:

 vulnerability discovery

• exploitation

• post-exploitation (discovery and exploitation of other vulnerabilities inside)

• data theft

This is my own way to simplify the famous kill chain model. Let’s look at what happens at each stage to understand how the AI can be applied there.

Vulnerability Discovery

An attacker should find some issues inside the system to break it. Primarily, there are two different ways to discover vulnerabilities: 1) check for known issues by known payloads and 2) generate new payloads by fuzzing to discover new issues. The first approach is as simple as following a checklist. The vulnerability tool, in this case, should check all the items one by one. The second one is more interesting. The attack tool tries to generate some unusual behavior like putting some unusual data in request fields to cause an abnormal response from the target service. This is where neural networks really shine. Artificial intelligence, trained by already discovered payloads for existing vulnerabilities, can suggest new payloads to discover new issues with better probability.

This vulnerability discovery phase, in fact, looks pretty similar to picking a lock. At this phase, a thief would need to find the right pick from a set of different lockpicks. As I showed earlier, AI tools already can generate new types and variants of these lockpicks automatically.

Exploitation

At the exploitation phase, attackers apply all their knowledge and experience to gain access or cause another adverse impact by using a previously discovered vulnerability. This process can be automated by simply coding each particular exploit step by step for well-known issues. But what if the vulnerability was discovered for the first type? In this case, an attacker -- whether it be human or machine -- should find the right way to generate an exploit to penetrate a particular system/application/infrastructure/environment configured in a particular way. AI can help, at this phase, to adapt an exploit for the particular environment faster than a human just because it can generate exploit variants and run them much faster.

According to our lockpicking analogy, this phase is similar to the door opening. A thief would apply the proper lockpick right way to open the door and come inside.

Post-Exploitation

This process is often recursive. After exploiting the first issue and gaining some access because of the exploitation phase, an attacker would go deeper by discovering new issues and, in turn, exploiting them. This happens because any reasonably designed infrastructure is organized into separate isolated layers. By compromising one layer, an attacker will be able to repeat the same discovery -> exploitation -> post exploitation -> data theft phases for the new layer that was not accessible before.

This is the same as a thief in the real world who will find some new locks on safes after they get through the front door.

Data Theft

The paydirt part for attackers is the data-stealing phase of the attack. They are finding and downloading some sweet data like user emails and passwords, credit cards, SSNs, etc. Sometimes it's not so easy to steal a lot of data because of the amount and the number of outbound filters installed inside victim's infrastructure. At the same time, data search and classification are important at this stage as well. And AI is historically good when it comes to searching.

Thieves would find the most valuable things and steal them first -- AI can also help them decide what to steal faster.

Summary

AI exploits are not only able to find new ways to discover vulnerabilities, but they can also identify which data is more important to a breach. And sooner rather than later they will be available to generate new ways to exploit these issues, unlike the present-day situation when they are able to speed up a step-by-step attack scenario defined by humans.

https://www.forbes.com/sites/forbestechcouncil/2018/03/22/how-ai-can-be-applied-to-cyberattacks/#709ec20d49e3


Consulente in Informatica dal 1984

Software automazione, progettazione elettronica, computer vision, intelligenza artificiale, IoT, sicurezza informatica, tecnologie di sicurezza militare, SIGINT. 

Facebook:https://www.facebook.com/flaviobernardotti58
Twitter : https://www.twitter.com/Flavio58

Cell:  +39 366 3416556

f.bernardotti@deeplearningitalia.eu

#deeplearning #computervision #embeddedboard #iot #ai

 

Related Topics

  Oggetto / Aperto da Risposte Ultimo post
0 Risposte
108 Visite
Ultimo post Aprile 21, 2018, 04:11:15 am
da Flavio58
0 Risposte
104 Visite
Ultimo post Giugno 19, 2018, 02:02:45 pm
da Flavio58
0 Risposte
217 Visite
Ultimo post Giugno 26, 2018, 10:02:31 am
da Flavio58
0 Risposte
90 Visite
Ultimo post Giugno 29, 2018, 04:05:37 am
da Flavio58
0 Risposte
1 Visite
Ultimo post Febbraio 11, 2020, 12:22:38 pm
da Flavio58

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326