Computers & Security最新文献

筛选
英文 中文
Survey of source code vulnerability analysis based on deep learning 基于深度学习的源代码漏洞分析调查
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-03 DOI: 10.1016/j.cose.2024.104098
Chen Liang, Qiang Wei, Jiang Du, Yisen Wang, Zirui Jiang
{"title":"Survey of source code vulnerability analysis based on deep learning","authors":"Chen Liang,&nbsp;Qiang Wei,&nbsp;Jiang Du,&nbsp;Yisen Wang,&nbsp;Zirui Jiang","doi":"10.1016/j.cose.2024.104098","DOIUrl":"10.1016/j.cose.2024.104098","url":null,"abstract":"<div><p>Amidst the rapid development of the software industry and the burgeoning open-source culture, vulnerability detection within the software security domain has emerged as an ever-expanding area of focus. In recent years, the rapid advancement of artificial intelligence, particularly the notable progress in deep learning for pattern recognition and natural language processing, has catalyzed a surge in research endeavors exploring the integration of deep learning for the enhancement of vulnerability detection techniques. In this paper, we investigate contemporary deep learning-based source code analysis methods, with a concentrated emphasis on those pertaining to static code vulnerability detection. We categorize these methods based on various representations of source code employed during the preprocessing stage, including token-based and graph-based representations of source code, and further subdivided based on the types of deep learning algorithms or graph representations employed. We summarize the basic processes of model training and vulnerability detection under these different representation formats. Furthermore, we explore the limitations inherent in current approaches and provide insights into future trends and challenges for research in this field.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104098"},"PeriodicalIF":4.8,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142163025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
MoSFPAD: An end-to-end ensemble of MobileNet and Support Vector Classifier for fingerprint presentation attack detection MoSFPAD:移动网络和支持向量分类器的端到端组合,用于指纹演示攻击检测
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-02 DOI: 10.1016/j.cose.2024.104069
Anuj Rai, Somnath Dey, Pradeep Patidar, Prakhar Rai
{"title":"MoSFPAD: An end-to-end ensemble of MobileNet and Support Vector Classifier for fingerprint presentation attack detection","authors":"Anuj Rai,&nbsp;Somnath Dey,&nbsp;Pradeep Patidar,&nbsp;Prakhar Rai","doi":"10.1016/j.cose.2024.104069","DOIUrl":"10.1016/j.cose.2024.104069","url":null,"abstract":"<div><div>Automatic fingerprint recognition systems are the most extensively used systems for person authentication although they are vulnerable to Presentation attacks. Artificial artifacts created with the help of various materials are used to deceive these systems causing a threat to the security of fingerprint-based applications. This paper proposes a novel end-to-end model to detect fingerprint Presentation attacks. The proposed model incorporates MobileNet as a feature extractor and a Support Vector Classifier as a classifier to detect presentation attacks in cross-material and cross-sensor paradigms. The feature extractor’s parameters are learned with the loss generated by the support vector classifier. The proposed model eliminates the need for intermediary data preparation procedures, unlike other static hybrid architectures. The performance of the proposed model has been validated on benchmark LivDet 2011, 2013, 2015, 2017, and 2019 databases, and overall accuracy of 98.64%, 99.50%, 97.23%, 95.06%, and 95.20% are achieved on these databases, respectively. The performance of the proposed model is compared with state-of-the-art methods and is able to reduce the average classification error of 3.63%, 1.86%, 1.83%, 0.05%, 0.93% on LivDet 2011, 2013, 2015, 2017, and 2019 databases, respectively for same and cross material protocols in intra-sensor paradigm. The proposed method also reduced the average classification error of 1.59%, 1.41%, and 2.29% for LivDet 2011, 2013, and 2017 databases, respectively for the cross-sensor paradigm. It is evident from the results that the proposed method outperforms state-of-the-art methods in intra-sensor as well as cross-sensor paradigms in terms of average classification error.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104069"},"PeriodicalIF":4.8,"publicationDate":"2024-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142311596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A new generation cyber-physical system: A comprehensive review from security perspective 新一代网络物理系统:从安全角度全面审视
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-02 DOI: 10.1016/j.cose.2024.104095
Sita Rani , Aman Kataria , Sachin Kumar , Vinod Karar
{"title":"A new generation cyber-physical system: A comprehensive review from security perspective","authors":"Sita Rani ,&nbsp;Aman Kataria ,&nbsp;Sachin Kumar ,&nbsp;Vinod Karar","doi":"10.1016/j.cose.2024.104095","DOIUrl":"10.1016/j.cose.2024.104095","url":null,"abstract":"<div><p>Cyber-physical systems (CPSs) are essential to the contemporary industrial landscape, performing a central role in improving productivity, mechanization, and innovation across several sectors. These systems are the conflux of physical processes and digital mechanics, developing a symbiotic integration with numerous benefits. Communication technologies play a very significant role in CPSs by facilitating real-time data exchange, coordination, and coherent integration. 5G and Beyond communication technologies are contributing significantly to CPS by facilitating ultra-fast, low-latency connectedness. They also improve real-time transfer, enabling better control and supervision of physical processes. In this paper, the authors emphasized the security aspects of 5G and beyond CPSs. The significance of the domain is derived by studying the various application domains of the CPSs and literature published on CPS security. The major threats attempted on 5G and beyond CPS are discussed in detail along with the taxonomy of the exiting security solutions by covering the aspects of assessment of cyber-attacks emanation, CPS attack prototyping, attack identification, and development of security architectures. The authors also presented the major challenges occurring in the deployment of CPS applications, key research domains, and major issues in 5G and beyond CPS security. The security landscape of 6G CPS applications is also discussed in brief with key challenges.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104095"},"PeriodicalIF":4.8,"publicationDate":"2024-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142148686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An automated dynamic quality assessment method for cyber threat intelligence 网络威胁情报的自动动态质量评估方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-01 DOI: 10.1016/j.cose.2024.104079
Libin Yang , Menghan Wang , Wei Lou
{"title":"An automated dynamic quality assessment method for cyber threat intelligence","authors":"Libin Yang ,&nbsp;Menghan Wang ,&nbsp;Wei Lou","doi":"10.1016/j.cose.2024.104079","DOIUrl":"10.1016/j.cose.2024.104079","url":null,"abstract":"<div><div>The emergence of cyber threat intelligence (CTI) is a promising approach for alleviating malicious activities. However, the effectiveness of CTIs is heavily dependent on their quality. Current literature develops the CTI quality assessment ontology mainly from the perspective of CTI source or content separately, regardless of their availability in practice. In this paper, we propose an automated CTI quality assessment method that synthesizes the trustworthiness of CTI sources and the availability of CTI contents. Specifically, we model the interactions of CTI feeds as a correlation graph and propose an iterative algorithm to well discriminate the feeds’ trustworthiness. We elaborate a CTI content assessment together with a machine learning algorithm to automatically classify CTIs’ availability from a set of content metrics. A comprehensive CTI quality assessment is proposed by jointly considering the feed trustworthiness and content availability. Extensive experimental results on real datasets demonstrate that our proposed method can quantitatively as well as effectively assess CTI quality.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104079"},"PeriodicalIF":4.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532337","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Dynamically stabilized recurrent neural network optimized with intensified sand cat swarm optimization for intrusion detection in wireless sensor network 利用强化沙猫群优化技术优化的动态稳定递归神经网络,用于无线传感器网络的入侵检测
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-09-01 DOI: 10.1016/j.cose.2024.104094
A. Punitha , P. Ramani , Ezhilarasi P , Sridhar S
{"title":"Dynamically stabilized recurrent neural network optimized with intensified sand cat swarm optimization for intrusion detection in wireless sensor network","authors":"A. Punitha ,&nbsp;P. Ramani ,&nbsp;Ezhilarasi P ,&nbsp;Sridhar S","doi":"10.1016/j.cose.2024.104094","DOIUrl":"10.1016/j.cose.2024.104094","url":null,"abstract":"<div><p>Wireless Sensor Networks (WSNs) are susceptible to various security threats owing to its deployment in hostile environments. Intrusion detection system (IDS) contributes a critical role on securing WSNs by identifying malevolent activities and ensuring data integrity. Traditional IDS techniques often struggle with the dynamic and resource-constrained nature of WSNs. In this paper, Dynamically Stabilized Recurrent Neural Network Optimized with Intensified Sand Cat Swarm Optimization for Wireless Sensor Network Intrusion identification (DSRNN-ISCOA-ID-WSN) is proposed. Initially, the input data is amassed from WSN-DS dataset. After that, the pre-processing segment receives the data. In pre-processing stage, redundant and biased records are removed from input data with the help of Adaptive multi-scale improved differential filter (AMSIDF). Then the optimal are selected by utilizing Wolf-Bird Optimization Algorithm (WBOA). DSRNN is used to classify the data as Normal, Grey hole, Black hole, Time division multiple access (TDMA), and Flooding attacks. Then Intensified Sand Cat Swarm Optimization (ISCOA) is employed to optimize the weight parameters of DSRNN for accuracte classification. The proposed DSRNN-ISCOA-ID-WSN technique is implemented Python. The performance of the proposed DSRNN-ISCOA-ID-WSN approach attains 29.24 %, 33.45 %, and 28.73 % high accuracy; 30.53 %, 27.64 %, and 26.25 % higher precision when compared with existing method such as Machine Learning-Powered Stochastic Gradient Descent Intrusions Detection System for WSN Attacks (SGDA-ID-WSN), An updated dataset to identify threats in WSN (CNN-ID-WSN) and Denial-of-Service attack detection in WSN: a Low-Complexity Machine Learning Model (DTA-ID-WSN) respectively.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104094"},"PeriodicalIF":4.8,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142172865","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
MDD-FedGNN: A vertical federated graph learning framework for malicious domain detection MDD-FedGNN:用于恶意域检测的垂直联合图学习框架
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-08-31 DOI: 10.1016/j.cose.2024.104093
Sanfeng Zhang , Qingyu Hao , Zijian Gong , Fengzhou Zhu , Yan Wang , Wang Yang
{"title":"MDD-FedGNN: A vertical federated graph learning framework for malicious domain detection","authors":"Sanfeng Zhang ,&nbsp;Qingyu Hao ,&nbsp;Zijian Gong ,&nbsp;Fengzhou Zhu ,&nbsp;Yan Wang ,&nbsp;Wang Yang","doi":"10.1016/j.cose.2024.104093","DOIUrl":"10.1016/j.cose.2024.104093","url":null,"abstract":"<div><p>The domain name system (DNS) serves as a fundamental component of the Internet infrastructure, but it is also exploited by attackers in various cyber-crimes, underscoring the significance of malicious domain detection (MDD). Recent advances show that graph-based models exhibit potential for inferring malicious domains and demonstrate superior performance. However, acquiring large-scale and high-quality graph datasets for MDD proves challenging for individual security institutes. Hence, a promising research direction involves employing vertical federated graph learning scheme to unite diverse security institutes and enhance local datasets resulting in more robust and powerful detection models. Nonetheless, directly applying vertical federated graph neural networks for MDD confronts challenges posed by noisy labels and noisy edges among security institutes, which ultimately diminish detection performance. This paper introduces a novel vertical federated learning framework, called MDD-FedGNN, that applies contrastive learning with two different encoders to deal with noisy labels and employs a new loss function based on the information bottleneck theory to handle noisy edges. Comparative experiments are conducted on a publicly available DNS dataset to evaluate the effectiveness of MDD-FedGNN in addressing the challenges of noisy labels and edges in vertical federated graph learning. The results demonstrate that MDD-FedGNN outperforms baseline methods, confirming the feasibility of training more powerful malicious domain detection models through data sharing and vertical federated learning among different security agencies.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"147 ","pages":"Article 104093"},"PeriodicalIF":4.8,"publicationDate":"2024-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142150053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
GCN-MHSA: A novel malicious traffic detection method based on graph convolutional neural network and multi-head self-attention mechanism GCN-MHSA:基于图卷积神经网络和多头自我关注机制的新型恶意流量检测方法
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-08-30 DOI: 10.1016/j.cose.2024.104083
Jinfu Chen , Haodi Xie , Saihua Cai , Luo Song , Bo Geng , Wuhao Guo
{"title":"GCN-MHSA: A novel malicious traffic detection method based on graph convolutional neural network and multi-head self-attention mechanism","authors":"Jinfu Chen ,&nbsp;Haodi Xie ,&nbsp;Saihua Cai ,&nbsp;Luo Song ,&nbsp;Bo Geng ,&nbsp;Wuhao Guo","doi":"10.1016/j.cose.2024.104083","DOIUrl":"10.1016/j.cose.2024.104083","url":null,"abstract":"<div><p>With the increasing size and complexity of network, network traffic becomes more and more correlated with each other, and the traditional manner of presenting network traffic in a Euclidean structure is difficult to effectively capture the correlation information of network traffic. In contrast, graph structured data has gained much attention in recent years due to its ability to represent the correlation between different traffic flows; In addition, models and algorithms related to <u>G</u>raph <u>C</u>onvolution <u>N</u>eural network (GCN) have been used for malicious traffic detection. However, existing GCN-based malicious traffic detection methods still suffer from incomplete description of the flow-level features of network traffic, imperfect traffic correlation establishment mechanism and failure to distinguish the importance of features during model training. Based on this, this study proposes a malicious traffic detection method called GCN-MHSA based on <u>G</u>raph <u>C</u>onvolutional <u>N</u>eural network and <u>M</u>ulti-<u>H</u>ead <u>S</u>elf-<u>A</u>ttention mechanism. Firstly, the flow-level features of network traffic are populated and more information close to the features are selected to describe the network traffic; And then, the link homogeneity is used to establish the correlations between network traffic; Moreover, multi-head self-attention mechanism is introduced in the GCN model to provide larger weight to important features; Finally, an improved GCN is used as a deep learning model to detect malicious traffic. Extensive experimental results on three publicly available network traffic datasets and a real network traffic dataset show that the proposed GCN-MHSA method performs better than five baselines in terms of detection effect and stability, with an improvement of about 2.4% in accuracy, recall and F1-measure as well as an improvement of about 2.1% in precision.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"147 ","pages":"Article 104083"},"PeriodicalIF":4.8,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142128397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Examining the factors that impact the severity of cyberattacks on critical infrastructures 研究影响关键基础设施网络攻击严重程度的因素
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-08-29 DOI: 10.1016/j.cose.2024.104074
Yaman Roumani , Mais Alraee
{"title":"Examining the factors that impact the severity of cyberattacks on critical infrastructures","authors":"Yaman Roumani ,&nbsp;Mais Alraee","doi":"10.1016/j.cose.2024.104074","DOIUrl":"10.1016/j.cose.2024.104074","url":null,"abstract":"<div><p>In light of the rising threats of cyberattacks on critical infrastructures, cybersecurity has become a high priority for government agencies worldwide. In particular, the severity of cyberattacks could lead to devastating consequences for national security, economic growth, and public health and safety. While earlier studies have examined several factors related to detecting, preventing, and predicting cyberattacks on critical infrastructures, they have largely neglected to consider the severity aspect of these attacks. This study aims to bridge this research gap by examining the factors that influence the severity of cyberattacks on critical infrastructures. To achieve this, we analyze 897 reported attacks on critical infrastructures to examine the impact of incident type, ransomware, zero-day vulnerability, attacker type, conflict type, initial access vector, and the number of targeted countries on the severity of these cyberattacks. The results show that cyberattacks employing ransomware and initiated by nation-state actors have the most impact on severity. On the contrary, cyberattacks that include data theft, disruption, hijacking with or without misuse, involve multiple types of conflict, and target the energy and finance sectors have the least impact on the severity of attacks. To gain further insight into these results, we perform sub-analyses on the metrics that makeup severity. Findings show that cyberattacks on the health sector are more vulnerable to data theft of sensitive information compared to other sectors. Also, nation-state-led attacks are more likely to involve data theft of sensitive information and long-term disruptions. Finally, as years progress, the results generally indicate a decreasing likelihood of attacks involving data theft of sensitive information and hijacking with misuse.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104074"},"PeriodicalIF":4.8,"publicationDate":"2024-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142148683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
RSSI-based attacks for identification of BLE devices 基于 RSSI 的 BLE 设备识别攻击
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-08-28 DOI: 10.1016/j.cose.2024.104080
Guillaume Gagnon , Sébastien Gambs , Mathieu Cunche
{"title":"RSSI-based attacks for identification of BLE devices","authors":"Guillaume Gagnon ,&nbsp;Sébastien Gambs ,&nbsp;Mathieu Cunche","doi":"10.1016/j.cose.2024.104080","DOIUrl":"10.1016/j.cose.2024.104080","url":null,"abstract":"<div><p>To prevent tracking, the Bluetooth Low Energy (BLE) protocol integrates privacy mechanisms such as address randomization. However, as highlighted by previous researches address randomization is not a silver bullet and can be circumvented by exploiting other types of information disclosed by the protocol such as counters or timing. In this work, we propose two novel attack to break address randomization in BLE exploiting side information in the form of Received Signal Strength Indication (RSSI). More precisely, we demonstrate how RSSI measurements, extracted from received BLE advertising packets, can be used to link together the traces emitted by the same device or directly re-identify it despite address randomization. The proposed attacks leverage the distribution of RSSI to create a fingerprint of devices with an empirical evaluation on various scenarios demonstrating their effectiveness. For instance in the static context, in which devices remain at the same position, the proposed approach yields a re-identification accuracy of up to 97%, which can even be boosted to perfect accuracy by increasing the number of receivers controlled by the adversary. We also discuss the factors influencing the success of the attacks and evaluate two possible countermeasures whose effectiveness is limited, highlighting the difficulty in mitigating this threat.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"147 ","pages":"Article 104080"},"PeriodicalIF":4.8,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003857/pdfft?md5=88953779b10e7f0c6639a7004b3ee630&pid=1-s2.0-S0167404824003857-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142136838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Unleashing offensive artificial intelligence: Automated attack technique code generation 释放攻击性人工智能:自动生成攻击技术代码
IF 4.8 2区 计算机科学
Computers & Security Pub Date : 2024-08-28 DOI: 10.1016/j.cose.2024.104077
Eider Iturbe , Oscar Llorente-Vazquez , Angel Rego , Erkuden Rios , Nerea Toledo
{"title":"Unleashing offensive artificial intelligence: Automated attack technique code generation","authors":"Eider Iturbe ,&nbsp;Oscar Llorente-Vazquez ,&nbsp;Angel Rego ,&nbsp;Erkuden Rios ,&nbsp;Nerea Toledo","doi":"10.1016/j.cose.2024.104077","DOIUrl":"10.1016/j.cose.2024.104077","url":null,"abstract":"<div><p>Artificial Intelligence (AI) technology is revolutionizing the digital world and becoming the cornerstone of the modern digital systems. The capabilities of cybercriminals are expanding as they adopt new technologies like zero-day exploits or new business models such as hacker-as-a-service. While AI capabilities can improve cybersecurity measures, this same technology can also be utilized as an offensive cyber weapon to create sophisticated and intricate cyber-attacks. This paper describes an AI-powered mechanism for the automatic generation of attack techniques, ranging from initial attack vectors to impact-related actions. It presents a comprehensive analysis of simulated attacks by highlighting the attack tactics and techniques that are more likely to be generated using AI technology, specifically Large Language Model (LLM) technology. The work empirically demonstrates that LLM technology can be easily used by cybercriminals for attack execution. Moreover, the solution can complement Breach and Attack Simulation (BAS) platforms and frameworks that automate the security assessment in a controlled manner. BAS could be enhanced with AI-powered attack simulation by bringing forth new ways to automatically program multiple attack techniques, even multiple versions of the same attack technique. Therefore, AI-enhanced attack simulation can assist in ensuring digital systems are bulletproof and protected against a great variety of attack vectors and actions.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"147 ","pages":"Article 104077"},"PeriodicalIF":4.8,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003821/pdfft?md5=50584419d0d6a55d9170eea75a91154b&pid=1-s2.0-S0167404824003821-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142122065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信