Generating Fake Cyber Threat Intelligence Using Transformer-Based Models

by   Priyanka Ranade, et al.

Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true.



There are no comments yet.


page 1

page 6


A review of knowledge graph application scenarios in cyber security

Facing the dynamic complex cyber environments, internal and external cyb...

RelExt: Relation Extraction using Deep Learning approaches for Cybersecurity Knowledge Graph Improvement

Security Analysts that work in a `Security Operations Center' (SoC) play...

Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence

Log-based cyber threat hunting has emerged as an important solution to c...

Automatically generating models of IT systems

Information technology system (ITS), informally, is a set of workstation...

A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence

Log-based cyber threat hunting has emerged as an important solution to c...

Attack Graph Obfuscation

Before executing an attack, adversaries usually explore the victim's net...

Using Deep Neural Networks to Translate Multi-lingual Threat Intelligence

The multilingual nature of the Internet increases complications in the c...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.