Bibhu Dash,Meraj Farheen Ansari,Pawankumar Sharma,Azad Ali

DOI: https://doi.org/10.5121/ijsea.2022.13502

2022-09-30

International Journal of Software Engineering & Applications

Abstract:Internet usage has increased quickly, particularly in the previous decade. With the widespread use of the internet, cybercrime is growing at an alarming rate in our daily lives. However, with the growth of artificial intelligence (AI), businesses are concentrating more on preventing cybercrime. AI is becoming an essential component of every business, affecting individuals worldwide. Cybercrime is one of the most prominent domains where AI has begun demonstrating valuable inputs. As a result, AI is being deployed as the first line of defense in most firms' systems. Because AI can detect new assaults faster than humans, it is the best alternative for constructing better protection against cybercrime. AI technologies also offer more significant potential in the development of such technology. This paper discusses recent cyber intrusions and how the AI-enabled industry is preparing to defend itself in the long run.

Masike Malatji

DOI: https://doi.org/10.1109/ICDATE58146.2023.10248780

2023-07-14

Abstract:In recent years, the use of artificial intelligence (AI) has become increasingly prevalent in various industries, including cybersecurity. However, the same capabilities that make AI effective in protecting systems can also be used by attackers to launch sophisticated and complex cyberattacks. In this paper, the author conducted a systematic literature review to identify recent AI-driven cyberattacks and their characteristics, which could be used by cybersecurity experts to develop effective countermeasures. Preliminary findings indicate that some of the AI-driven attack types include data manipulation attacks (e.g. AI model data misclassification), access and penetration attacks (e.g. automated payload generation), and social engineering attacks (e.g. custom-made phishing). The paper also provides recommendations for policymakers, researchers, and practitioners to promote cybersecurity best practices, educate the public, and encourage international cooperation. Future research could delve deeper into the technical aspects of AI-driven cyberthreats and the strategies and techniques utilised to combat them. Overall, this paper emphasises the growing concern over offensive AI and adversarial AI and the need for continuous research and innovation to combat these evolving smart threats.

Computer Science

Philip Feldman,Aaron Dant,James R. Foulds

2024-06-17

Abstract:The accelerating advancements in Artificial Intelligence (AI) and Machine Learning (ML), highlighted by the development of cutting-edge Generative Pre-trained Transformer (GPT) models by organizations such as OpenAI, Meta, and Anthropic, present new challenges and opportunities in warfare and security. Much of the current focus is on AI's integration within weapons systems and its role in rapid decision-making in kinetic conflict. However, an equally important but often overlooked aspect is the potential of AI-based psychological manipulation at internet scales within the information domain. These capabilities could pose significant threats to individuals, organizations, and societies globally. This paper explores the concept of AI weapons, their deployment, detection, and potential countermeasures.

Computers and Society,Cryptography and Security,Machine Learning

Iwona Chomiak-Orsa,Artur Rot,Bartosz Blaicke

DOI: https://doi.org/10.1007/978-3-030-28374-2_35

2019-01-01

Abstract:The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber kill chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber kill chain with other uses being deployed in the remaining steps.

Yazan Alaya Al-Khassawneh

DOI: https://doi.org/10.17509/ijost.v8i1.52709

2022-09-20

Indonesian Journal of Science and Technology

Abstract:Artificial intelligence has the potential to address many societal, economic, and environmental challenges, but only if AI-enabled gadgets are kept secure. Many artificial intelligence (AI) models produced in recent years can be hacked by utilizing cutting-edge techniques. This issue has sparked intense research into adversarial AI to develop machine and deep learning models that can withstand various types of attacks. We provide a detailed summary of artificial intelligence in this paper to prove how adversarial attacks against AI applications can be mounted, covering topics such as confrontational knowledge and capabilities, existing methods for actually producing adversarial examples, and existing cyber defense models. In addition, we investigated numerous cyber countermeasures that could defend AI applications against these attacks and offered a systematic approach for demonstrating war strategies against machine learning and artificial intelligence. To safeguard AI applications, we emphasize the importance of understanding the intentions and methods of possible attackers. In the end, we list the biggest problems and most interesting research areas in the field of AI privacy and security.

Chinenye Cordelia Nnamani

DOI: https://doi.org/10.58578/ijemt.v2i3.3904

2024-10-05

Abstract:This Article thoroughly examines the revolutionary impact of Artificial Intelligence (AI) on improving threat detection and response tactics within the swiftly changing realm of cybersecurity. Conventional security measures, struggling against the complexity of contemporary cyber threats, fail to provide adequate protection. In response, AI, driven by machine learning algorithms and predictive analytics, becomes a dynamic and adaptive entity strengthening digital defenses. The investigation commences with a comprehensive analysis of the methods by which AI enhances danger detection. Behavioral analytics utilizes AI to assess user behaviors and network activity, creating a proactive baseline, while anomaly detection and predictive analysis harness machine learning to recognize deviations from the norm and forecast potential dangers. This comprehensive strategy enables organizations to remain proactive against emerging cyber threats. Moreover, the study explores the crucial function of AI in incident response. AI-driven automated incident analysis expedites reaction times by rapidly analyzing and prioritizing security warnings. The amalgamation of AI with threat intelligence streams guarantees a perpetually updated knowledge repository, enabling organizations to respond adeptly to emerging dangers. The dynamic flexibility of AI allows systems to evolve and learn from each incidence, hence enhancing their defensive capacities over time. The discourse recognizes the significant advantages of AI in cybersecurity while simultaneously addressing the obstacles associated with its application. False positives, a potential drawback, require a measured approach to prevent the perception of typical action as harmful. Ethical factors, including privacy concerns and responsible AI practices, highlight the necessity for a judicious and principled incorporation of AI in cybersecurity. The paper underscores the essential collaborative synergy between human expertise and AI technologies. The essay emphasizes the importance of continuous investment in AI training programs for cybersecurity professionals, acknowledging that AI is best successful when enhanced by human insights. Additionally, it advocates for routine security audits to assess and refine cybersecurity protocols, collaborative research efforts to tackle ethical issues, and user education activities to strengthen collective defenses. As the digital landscape evolves, the incorporation of AI in cybersecurity seems not as a cure-all but as a formidable ally. This partnership guarantees a robust protection against increasingly complex cyber-attacks, reinforcing the basis for a secure digital future.

Lukas Pöhler,Valentin Schrader,Alexander Ladwein,Florian von Keller

2024-03-23

Abstract:Potential malicious misuse of civilian artificial intelligence (AI) poses serious threats to security on a national and international level. Besides defining autonomous systems from a technological viewpoint and explaining how AI development is characterized, we show how already existing and openly available AI technology could be misused. To underline this, we developed three exemplary use cases of potentially misused AI that threaten political, digital and physical security. The use cases can be built from existing AI technologies and components from academia, the private sector and the developer-community. This shows how freely available AI can be combined into autonomous weapon systems. Based on the use cases, we deduce points of control and further measures to prevent the potential threat through misused AI. Further, we promote the consideration of malicious misuse of civilian AI systems in the discussion on autonomous weapon systems (AWS).

Computers and Society,Artificial Intelligence

Birgitta Dresp-Langley

DOI: https://doi.org/10.3389/frai.2023.1154184

2023-03-08

Frontiers in Artificial Intelligence

Abstract:Technological progress has brought about the emergence of machines that have the capacity to take human lives without human control. These represent an unprecedented threat to humankind. This paper starts from the example of chemical weapons, now banned worldwide by the Geneva protocol, to illustrate how technological development initially aimed at the benefit of humankind has, ultimately, produced what is now called the “Weaponization of Artificial Intelligence (AI)”. Autonomous Weapon Systems (AWS) fail the so-called discrimination principle, yet, the wider public is largely unaware of this problem. Given that ongoing scientific research on AWS, performed in the military sector, is generally not made available to the public domain, many of the viewpoints on this subject, expressed across different media, invoke common sense rather than scientific evidence. Yet, the implications of a potential weaponization of our work as scientists, especially in the field of AI, are reaching further than some may think. The potential consequences of a deployment of AWS for citizen stakeholders are incommensurable, and it is time to raise awareness in the public domain of the kind of potential threats identified, and to encourage legal policies ensuring that these threats will not materialize.

Yusuf Usman,Aadesh Upadhyay,Prashnna Gyawali,Robin Chataut

2024-08-23

Abstract:In an era where digital threats are increasingly sophisticated, the intersection of Artificial Intelligence and cybersecurity presents both promising defenses and potent dangers. This paper delves into the escalating threat posed by the misuse of AI, specifically through the use of Large Language Models (LLMs). This study details various techniques like the switch method and character play method, which can be exploited by cybercriminals to generate and automate cyber attacks. Through a series of controlled experiments, the paper demonstrates how these models can be manipulated to bypass ethical and privacy safeguards to effectively generate cyber attacks such as social engineering, malicious code, payload generation, and spyware. By testing these AI generated attacks on live systems, the study assesses their effectiveness and the vulnerabilities they exploit, offering a practical perspective on the risks AI poses to critical infrastructure. We also introduce Occupy AI, a customized, finetuned LLM specifically engineered to automate and execute cyberattacks. This specialized AI driven tool is adept at crafting steps and generating executable code for a variety of cyber threats, including phishing, malware injection, and system exploitation. The results underscore the urgency for ethical AI practices, robust cybersecurity measures, and regulatory oversight to mitigate AI related threats. This paper aims to elevate awareness within the cybersecurity community about the evolving digital threat landscape, advocating for proactive defense strategies and responsible AI development to protect against emerging cyber threats.

Cryptography and Security,Artificial Intelligence

Leroy Jacob Valencia

2024-05-10

Abstract:In the vast domain of cybersecurity, the transition from reactive defense to offensive has become critical in protecting digital infrastructures. This paper explores the integration of Artificial Intelligence (AI) into offensive cybersecurity, particularly through the development of an autonomous AI agent, ReaperAI, designed to simulate and execute cyberattacks. Leveraging the capabilities of Large Language Models (LLMs) such as GPT-4, ReaperAI demonstrates the potential to identify, exploit, and analyze security vulnerabilities autonomously. This research outlines the core methodologies that can be utilized to increase consistency and performance, including task-driven penetration testing frameworks, AI-driven command generation, and advanced prompting techniques. The AI agent operates within a structured environment using Python, enhanced by Retrieval Augmented Generation (RAG) for contextual understanding and memory retention. ReaperAI was tested on platforms including, Hack The Box, where it successfully exploited known vulnerabilities, demonstrating its potential power. However, the deployment of AI in offensive security presents significant ethical and operational challenges. The agent's development process revealed complexities in command execution, error handling, and maintaining ethical constraints, highlighting areas for future enhancement. This study contributes to the discussion on AI's role in cybersecurity by showcasing how AI can augment offensive security strategies. It also proposes future research directions, including the refinement of AI interactions with cybersecurity tools, enhancement of learning mechanisms, and the discussion of ethical guidelines for AI in offensive roles. The findings advocate for a unique approach to AI implementation in cybersecurity, emphasizing innovation.

Cryptography and Security,Artificial Intelligence

Roderic Broadhurst,Donald Maxim,Paige Brown,Harshit Trivedi,Joy Wang

DOI: https://doi.org/10.2139/ssrn.3407779

2019-01-01

SSRN Electronic Journal

Abstract:This review of the rapidly growing literature on the impact of artificial intelligence (AI) on crime and crime prevention outlines some of the likely limits and potential of AI applications as a crime enabler or crime fighter. In short, our focus is on the criminogenic potential as well as preventative role of AI.Investment and interest in developing machine learning (ML) technologies that underpin AI capabilities across industry, civil and military applications have grown exponentially in the past decade. This investment in AI research and development has boosted innovation and productivity as well as intensifying competition between states in the race to gain technological advantage. The scale of data acquisition and aggregation essential for the ‘training’ of effective AI via ML processes also poses broader associated risks to privacy and fairness as such technology shifts from a niche to general purpose technology. The potential weaponization of AI applications such as computational marketing, ‘deep’ fake images or news and enhanced surveillance, however, are pressing challenges to democracies and human rights. Poorly implemented ethical, accountability and regulatory measures will also provide opportunities for criminal activity as well as the potential of accidents, unreliability and other unintended consequences.AI is generally described as weak, medium or strong and it is widely understood that the AI currently in use can be classified as weak. This is because the underlying ML iterative processes are based on domain specific or limited ‘training’ particular to the problem or activity addressed and thus offer only narrow or highly focused AI applications. Five major functional areas have stimulated the civil development of AI and these are:● Voice and Speech Recognition● Computer Vision ● Extended Reality (XR)● Game Playing ● Natural Language Processing (NLP)We explore some of the concerns about AI as currently realised and argues that automated decision-making technology should not be relied upon as a sole decision-making tool. Scepticism is currently necessary when evaluating an AI’s performance. The United States White House’s Office of Science and Technology Policy has warned of the potential threat that AI poses to privacy, civil rights, and individual freedoms through the “Potential of encoding discrimination in automated decisions” (Executive Office of the US President, 2016, p. 45).The various ways in which AI can be used as a defensive or an offensive tool in respect to cybercrime are described and evaluate some of the opportunities and risks that arise when AI is employed either to defend and detect attacks against computer systems or to attack computer systems. A summary of the legal and regulatory dimensions of AI and discusses the extent to which existing laws are sufficiently technologically neutral or ‘future proof’ to incorporate the use and potential ‘misconduct’ or misuse of AI in decision-making.AI applications will also be used to enhance many existing surveillance systems incorporating and aggregating data from different sources including fusing individual biometric data with expenditure and activity transaction records to create ‘whole of life’ behavioural classifiers. PR China’s newly piloted social responsibility system is such a system that ‘scores’ an individual citizen’s conduct (e.g. by rating the ‘social worthiness’ of consumption and activities) so as to prioritise access to state-controlled activities or services (e.g. state offices/jobs, travel, educational or medical services). The ubiquitous melding of data to classify conduct and rate individuals driven by AI algorithms may emerge as the key method of the new surveillance state or corporation. In this sense, AI may also evolve as a self-preserving autonomous system. These new forms of total surveillance will also be a key target for manipulation by criminal actors and others.

Zarif Bin Akhtar,Ahmed Tajbiul Rawol

DOI: https://doi.org/10.59400/cai.v2i2.1485

2024-10-25

Abstract:The integration of artificial intelligence (AI) into cybersecurity has brought about transformative advancements in threat detection and mitigation, yet it also introduces new vulnerabilities and potential threats. This research exploration systematically investigates the critical issues surrounding AI within cybersecurity, focusing on specific vulnerabilities and the potential for AI systems to be exploited by malicious actors. The research aims to address these challenges by swotting and analyzing existing methodologies designed to mitigate such risks. Through a detailed exploration of modern scientific research, this manuscript identifies the dual-edged impact of AI on cybersecurity, emphasizing both the opportunities and the dangers. The findings highlight the need for strategic solutions that not only enhance digital security and user privacy but also address the ethical and regulatory aspects of AI in cybersecurity. Key contributions include a comprehensive analysis of emerging trends, challenges, and the development of AI-driven cybersecurity frameworks. The research also provides actionable recommendations for the future development of robust, reliable, and secure AI-based systems, bridging current knowledge gaps and offering valuable insights for academia and industry alike.

Ricardo Morla

DOI: https://doi.org/10.48550/arXiv.1912.06817

2019-12-14

Cryptography and Security

Abstract:With the turmoil in cybersecurity and the mind-blowing advances in AI, it is only natural that cybersecurity practitioners consider further employing learning techniques to help secure their organizations and improve the efficiency of their security operation centers. But with great fears come great opportunities for both the good and the evil, and a myriad of bad deals. This paper discusses ten issues in cybersecurity that hopefully will make it easier for practitioners to ask detailed questions about what they want from an AI system in their cybersecurity operations. We draw on the state of the art to provide factual arguments for a discussion on well-established AI in cybersecurity issues, including the current scope of AI and its application to cybersecurity, the impact of privacy concerns on the cybersecurity data that can be collected and shared externally to the organization, how an AI decision can be explained to the person running the operations center, and the implications of the adversarial nature of cybersecurity in the learning techniques. We then discuss the use of AI by attackers on a level playing field including several issues in an AI battlefield, and an AI perspective on the old cat-and-mouse game including how the adversary may assess your AI power.

Ayodeji Oseni,Nour Moustafa,Helge Janicke,Peng Liu,Zahir Tari,Athanasios Vasilakos

DOI: https://doi.org/10.48550/arXiv.2102.04661

2021-02-09

Cryptography and Security

Abstract:The increased adoption of Artificial Intelligence (AI) presents an opportunity to solve many socio-economic and environmental challenges; however, this cannot happen without securing AI-enabled technologies. In recent years, most AI models are vulnerable to advanced and sophisticated hacking techniques. This challenge has motivated concerted research efforts into adversarial AI, with the aim of developing robust machine and deep learning models that are resilient to different types of adversarial scenarios. In this paper, we present a holistic cyber security review that demonstrates adversarial attacks against AI applications, including aspects such as adversarial knowledge and capabilities, as well as existing methods for generating adversarial examples and existing cyber defence models. We explain mathematical AI models, especially new variants of reinforcement and federated learning, to demonstrate how attack vectors would exploit vulnerabilities of AI models. We also propose a systematic framework for demonstrating attack techniques against AI applications and reviewed several cyber defences that would protect AI applications against those attacks. We also highlight the importance of understanding the adversarial goals and their capabilities, especially the recent attacks against industry applications, to develop adaptive defences that assess to secure AI applications. Finally, we describe the main challenges and future research directions in the domain of security and privacy of AI technologies.

Mosa Sankaram,,Ms Roopesh,Sasank Rasetti,Nourin Nishat,,

DOI: https://doi.org/10.62304/jbedpm.v3i05.180

2024-07-10

Abstract:This literature review explores the transformative impact of artificial intelligence (AI) on enhancing cybersecurity measures across various domains. The study systematically examines the integration of AI in Intrusion Detection Systems (IDS), malware detection, phishing detection, threat intelligence, network security, and endpoint protection. Key findings reveal that AI-driven techniques significantly outperform traditional methods, particularly in real-time threat detection, accuracy, and adaptive response capabilities. Network-based IDS benefit from supervised and unsupervised learning algorithms, improving the identification of malicious network traffic and novel attack patterns. In malware detection, AI-enhanced static and dynamic analysis methods surpass signature-based approaches by detecting previously unknown malware and complex behaviors. Phishing detection has seen substantial improvements with AI applications in email filtering and URL analysis, reducing phishing incidents despite challenges like false positives. AI's role in threat intelligence is critical, automating data analysis to uncover hidden threats and employing predictive analytics to anticipate and mitigate cyber attacks. AI techniques in network security and endpoint protection enhance real-time monitoring and authentication processes, providing robust defenses against cyber intrusions. Despite these advancements, challenges such as handling high data volumes and the need for continuous learning to adapt to emerging threats remain. This review underscores the significant advancements, practical implementations, and ongoing challenges of leveraging AI in cybersecurity, highlighting its potential to fortify digital defenses and address the complexities of contemporary cyber threats.

Yupeng Hu,Wenxin Kuang,Zheng Qin,Kenli Li,Jiliang Zhang,Yansong Gao,Wenjia Li,Keqin Li

DOI: https://doi.org/10.1145/3487890

IF: 16.6

2023-01-31

ACM Computing Surveys

Abstract:In recent years, with rapid technological advancement in both computing hardware and algorithm, Artificial Intelligence (AI) has demonstrated significant advantage over human being in a wide range of fields, such as image recognition, education, autonomous vehicles, finance, and medical diagnosis. However, AI-based systems are generally vulnerable to various security threats throughout the whole process, ranging from the initial data collection and preparation to the training, inference, and final deployment. In an AI-based system, the data collection and pre-processing phase are vulnerable to sensor spoofing attacks and scaling attacks, respectively, while the training and inference phases of the model are subject to poisoning attacks and adversarial attacks, respectively. To address these severe security threats against the AI-based systems, in this article, we review the challenges and recent research advances for security issues in AI, so as to depict an overall blueprint for AI security. More specifically, we first take the lifecycle of an AI-based system as a guide to introduce the security threats that emerge at each stage, which is followed by a detailed summary for corresponding countermeasures. Finally, some of the future challenges and opportunities for the security issues in AI will also be discussed.

computer science, theory & methods

Sahil Girhepuje,Aviral Verma,Gaurav Raina

2024-09-27

Abstract:Artificial Intelligence (AI) has witnessed major growth and integration across various domains. As AI systems become increasingly prevalent, they also become targets for threat actors to manipulate their functionality for malicious purposes. This survey paper on offensive AI will comprehensively cover various aspects related to attacks against and using AI systems. It will delve into the impact of offensive AI practices on different domains, including consumer, enterprise, and public digital infrastructure. The paper will explore adversarial machine learning, attacks against AI models, infrastructure, and interfaces, along with offensive techniques like information gathering, social engineering, and weaponized AI. Additionally, it will discuss the consequences and implications of offensive AI, presenting case studies, insights, and avenues for further research.

Cryptography and Security,Artificial Intelligence

Henry Collier

DOI: https://doi.org/10.34190/eccws.23.1.2117

2024-06-21

Abstract:Abstract: Artificial intelligence (AI) is at the forefront of computer science today. Everyone is talking about AI and how it is the way of the future. Companies are using machine learning (ML)algorithms to enhance their business offerings, which is showing promise in the realm of improved efficiency. The potential benefit of a fully developed AI is exceptional, but so are the threats that AI poses. While the developers of the various forms of AI are eager to be the first to create a fully functional, truly intelligent AI, they do not always consider the negative possibilities that AI creates. ChatGPT was recently used to hack itself and exposed a vulnerability in its open-source library. In addition to using AI to create hacks and exploits, AI is also being used to support social engineering efforts by creating more convincing social engineering attacks. Whether the attack is using AI to duplicate a person's voice to convince a loved one to send a gift card to get them out of jail or if it is being used to simply scrape a person’s social media to develop a more precise method of attack, the concern that AI will be used for nefarious purposes is genuinely profound. This paper is a case study looking into how AI is and will be used to improve social engineering. A literature review was conducted to identify how researchers are already seeing how AI is being used and to project future threats. AI is here to stay, and the threats it brings are existential, and it is imperative that these threats are realized, and defensive measures are developed. This case study looks at how AI is and will be used to improve the efficacy of social engineering attacks.

Philip Feldman,Aaron Dant,Aaron Massey

DOI: https://doi.org/10.48550/arXiv.1905.03899

IF: 14.4

2019-05-10

Artificial Intelligence

Abstract:The integration of Artificial Intelligence (AI) into weapon systems is one of the most consequential tactical and strategic decisions in the history of warfare. Current AI development is a remarkable combination of accelerating capability, hidden decision mechanisms, and decreasing costs. Implementation of these systems is in its infancy and exists on a spectrum from resilient and flexible to simplistic and brittle. Resilient systems should be able to effectively handle the complexities of a high-dimensional battlespace. Simplistic AI implementations could be manipulated by an adversarial AI that identifies and exploits their weaknesses. In this paper, we present a framework for understanding the development of dynamic AI/ML systems that interactively and continuously adapt to their user's needs. We explore the implications of increasingly capable AI in the kill chain and how this will lead inevitably to a fully automated, always on system, barring regulation by treaty. We examine the potential of total integration of cyber and physical security and how this likelihood must inform the development of AI-enabled systems with respect to the "fog of war", human morals, and ethics.

Jin-Myeong Lee,Sangpil Yoon

DOI: https://doi.org/10.32473/flairs.v35i.130673

2022-05-04

The International FLAIRS Conference Proceedings

Abstract:While the legal framework for AI is under much discussion, we need to consider the future where AI will be adopted into every aspect of our daily lives. As a software package, AI cannot be perfect and is greatly influenced by the intent of its user or its creator. In this regard, AI can be used to breach or strengthen cybersecurity. As such, there has been much discussions on how to make use of AI technology for cybersecurity while adopting it at the same time. In fact, there are already many cases of using AI to identify vulnerabilities or using AI for hacking. So what are the most reasonable set of regulatory measures to ensure balanced use of AI? This research seeks to identify the legal challenges of dealing with AI hacking. To accomplish this objective, we need to deduce elements of AI hacking from cybersecurity properties of AI technology and find real cases to analyze. Based on analysis of these real cases, this paper will propose the possible legal challenges and tasks ahead.