Generating Fake Cyber Threat Intelligence Using Transformer-Based Models

02/08/2021
by   Priyanka Ranade, et al.
17

Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true.

READ FULL TEXT

page 1

page 6

research
04/10/2022

A review of knowledge graph application scenarios in cyber security

Facing the dynamic complex cyber environments, internal and external cyb...
research
03/05/2023

Cyber Vaccine for Deepfake Immunity

Deepfakes pose an evolving threat to cybersecurity, which calls for the ...
research
08/02/2022

Recognizing and Extracting Cybersecurtity-relevant Entities from Text

Cyber Threat Intelligence (CTI) is information describing threat vectors...
research
10/18/2022

Controllable Fake Document Infilling for Cyber Deception

Recent works in cyber deception study how to deter malicious intrusion b...
research
07/23/2021

Automatically generating models of IT systems

Information technology system (ITS), informally, is a set of workstation...
research
04/21/2021

Evidential Cyber Threat Hunting

A formal cyber reasoning framework for automating the threat hunting pro...
research
09/14/2021

A Crawler Architecture for Harvesting the Clear, Social, and Dark Web for IoT-Related Cyber-Threat Intelligence

The clear, social, and dark web have lately been identified as rich sour...

Please sign up or login with your details

Forgot password? Click here to reset