Maanak Gupta,CharanKumar Akiri,Kshitiz Aryal,Eli Parker,Lopamudra Praharaj

2023-07-03

Abstract:Undoubtedly, the evolution of Generative AI (GenAI) models has been the highlight of digital transformation in the year 2022. As the different GenAI models like ChatGPT and Google Bard continue to foster their complexity and capability, it's critical to understand its consequences from a cybersecurity perspective. Several instances recently have demonstrated the use of GenAI tools in both the defensive and offensive side of cybersecurity, and focusing on the social, ethical and privacy implications this technology possesses. This research paper highlights the limitations, challenges, potential risks, and opportunities of GenAI in the domain of cybersecurity and privacy. The work presents the vulnerabilities of ChatGPT, which can be exploited by malicious users to exfiltrate malicious information bypassing the ethical constraints on the model. This paper demonstrates successful example attacks like Jailbreaks, reverse psychology, and prompt injection attacks on the ChatGPT. The paper also investigates how cyber offenders can use the GenAI tools in developing cyber attacks, and explore the scenarios where ChatGPT can be used by adversaries to create social engineering attacks, phishing attacks, automated hacking, attack payload generation, malware creation, and polymorphic malware. This paper then examines defense techniques and uses GenAI tools to improve security measures, including cyber defense automation, reporting, threat intelligence, secure code generation and detection, attack identification, developing ethical guidelines, incidence response plans, and malware detection. We will also discuss the social, legal, and ethical implications of ChatGPT. In conclusion, the paper highlights open challenges and future directions to make this GenAI secure, safe, trustworthy, and ethical as the community understands its cybersecurity impacts.

Cryptography and Security,Artificial Intelligence

Pasupuleti Rajesh,Christopher Mader,Ravi Vadapalli

DOI: https://doi.org/10.1109/SNAMS60348.2023.10375472

2023-11-21

Abstract:In recent years, Generative Artificial Intelligence (AI) and ChatGPT (Generative Pre-trained Transformer) models that are capable of generating realistic human-mimicked languages have gained progressive popularity. With the evolution of technology, there has been a significant increase in the availability and usage of artificial intelligence tools, such as ChatGPT and Generative AI, that will assist in shaping the future. However, this increasing popularity poses a potential risk if used inappropriately. Threats from AI pose special challenges for government, the private sector, and national security. In this paper, we address some of key concerns of significant cyber security issues and challenges related to Generative AI and ChatGPT. With careful consideration to application usage, organizations can implement appropriate security measures to mitigate these risks. We also incorporate recommendations about ChatGPT usage and its impact on society. It is important that researchers, developers, and policymakers (CIOs, CSOs) work together to mitigate these risks and to ensure that these models are used in a responsible and ethical manner.

Political Science,Computer Science

Siva Sai,Utkarsh Yashvardhan,Vinay Chamola,Biplab Sikdar

DOI: https://doi.org/10.1109/access.2024.3385107

IF: 3.9

2024-04-20

IEEE Access

Abstract:This research paper intends to provide real-life applications of Generative AI (GAI) in the cybersecurity domain. The frequency, sophistication and impact of cyber threats have continued to rise in today's world. This ever-evolving threat landscape poses challenges for organizations and security professionals who continue looking for better solutions to tackle these threats. GAI technology provides an effective way for them to address these issues in an automated manner with increasing efficiency. It enables them to work on more critical security aspects which require human intervention, while GAI systems deal with general threat situations. Further, GAI systems can better detect novel malware and threatening situations than humans. This feature of GAI, when leveraged, can lead to higher robustness of the security system. Many tech giants like Google, Microsoft etc., are motivated by this idea and are incorporating elements of GAI in their cybersecurity systems to make them more efficient in dealing with ever-evolving threats. Many cybersecurity tools like Google Cloud Security AI Workbench, Microsoft Security Copilot, SentinelOne Purple AI etc., have come into the picture, which leverage GAI to develop more straightforward and robust ways to deal with emerging cybersecurity perils. With the advent of GAI in the cybersecurity domain, one also needs to take into account the limitations and drawbacks that such systems have. This paper also provides some of the limitations of GAI, like periodically giving wrong results, costly training, the potential of GAI being used by malicious actors for illicit activities etc.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shivani Metta,Isaac Chang,Jack Parker,Michael P. Roman,Arturo F. Ehuan

2024-05-03

Abstract:The dawn of Generative Artificial Intelligence (GAI), characterized by advanced models such as Generative Pre-trained Transformers (GPT) and other Large Language Models (LLMs), has been pivotal in reshaping the field of data analysis, pattern recognition, and decision-making processes. This surge in GAI technology has ushered in not only innovative opportunities for data processing and automation but has also introduced significant cybersecurity challenges.

Cryptography and Security

Yagmur Yigit,William J Buchanan,Madjid G Tehrani,Leandros Maglaras

DOI: https://doi.org/10.48550/arXiv.2403.08701

2024-03-19

Abstract:Over the last decade, Artificial Intelligence (AI) has become increasingly popular, especially with the use of chatbots such as ChatGPT, Gemini, and DALL-E. With this rise, large language models (LLMs) and Generative AI (GenAI) have also become more prevalent in everyday use. These advancements strengthen cybersecurity's defensive posture and open up new attack avenues for adversaries as well. This paper provides a comprehensive overview of the current state-of-the-art deployments of GenAI, covering assaults, jailbreaking, and applications of prompt injection and reverse psychology. This paper also provides the various applications of GenAI in cybercrimes, such as automated hacking, phishing emails, social engineering, reverse cryptography, creating attack payloads, and creating malware. GenAI can significantly improve the automation of defensive cyber security processes through strategies such as dataset construction, safe code development, threat intelligence, defensive measures, reporting, and cyberattack detection. In this study, we suggest that future research should focus on developing robust ethical norms and innovative defense mechanisms to address the current issues that GenAI creates and to also further encourage an impartial approach to its future application in cybersecurity. Moreover, we underscore the importance of interdisciplinary approaches further to bridge the gap between scientific developments and ethical considerations.

Cryptography and Security

Md Mashrur Arifin,Md Shoaib Ahmed,Tanmai Kumar Ghosh,Ikteder Akhand Udoy,Jun Zhuang,Jyh-haw Yeh

2024-09-20

Abstract:With the proliferation of Artificial Intelligence, there has been a massive increase in the amount of data required to be accumulated and disseminated digitally. As the data are available online in digital landscapes with complex and sophisticated infrastructures, it is crucial to implement various defense mechanisms based on cybersecurity. Generative Adversarial Networks (GANs), which are deep learning models, have emerged as powerful solutions for addressing the constantly changing security issues. This survey studies the significance of the deep learning model, precisely on GANs, in strengthening cybersecurity defenses. Our survey aims to explore the various works completed in GANs, such as Intrusion Detection Systems (IDS), Mobile and Network Trespass, BotNet Detection, and Malware Detection. The focus is to examine how GANs can be influential tools to strengthen cybersecurity defenses in these domains. Further, the paper discusses the challenges and constraints of using GANs in these areas and suggests future research directions. Overall, the paper highlights the potential of GANs in enhancing cybersecurity measures and addresses the need for further exploration in this field.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Garima Agrawal,Amardeep Kaur,Sowmya Myneni

DOI: https://doi.org/10.3390/electronics13020322

IF: 2.9

2024-01-12

Electronics

Abstract:The ability of deep learning to process vast data and uncover concealed malicious patterns has spurred the adoption of deep learning methods within the cybersecurity domain. Nonetheless, a notable hurdle confronting cybersecurity researchers today is the acquisition of a sufficiently large dataset to effectively train deep learning models. Privacy and security concerns associated with using real-world organization data have made cybersecurity researchers seek alternative strategies, notably focusing on generating synthetic data. Generative adversarial networks (GANs) have emerged as a prominent solution, lauded for their capacity to generate synthetic data spanning diverse domains. Despite their widespread use, the efficacy of GANs in generating realistic cyberattack data remains a subject requiring thorough investigation. Moreover, the proficiency of deep learning models trained on such synthetic data to accurately discern real-world attacks and anomalies poses an additional challenge that demands exploration. This paper delves into the essential aspects of generative learning, scrutinizing their data generation capabilities, and conducts a comprehensive review to address the above questions. Through this exploration, we aim to shed light on the potential of synthetic data in fortifying deep learning models for robust cybersecurity applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Bharat Bhushan,Kuldeep,Keshaw Kumar

DOI: https://doi.org/10.1109/ICCCIS60361.2023.10425069

2023-11-03

Abstract:In 2023, the rapid advancement of Generative AI (GenAI) models, including ChatGPT and Google Bard, has reshaped the digital landscape. GenAI tools are now used both defensively and offensively, raising crucial questions about their societal, ethical, and privacy implications. Artificial Intelligence (AI) plays a pivotal role in the Fourth Industrial Revolution, enhancing the security of computer networks. This study investigates these connections, finding that e-Governance partially mediates the link between AI and cybersecurity, with stakeholders influencing this dynamic. AI's increasing integration into daily life, spanning healthcare, finance, and surveillance, emphasizes the importance of data privacy. The handling of extensive datasets by AI systems brings about unique privacy and ethical challenges, necessitating stringent safeguards. This concise abstract underscore the profound impact of GenAI models on cybersecurity in 2023, emphasizing their implications for society, ethics, and privacy. It highlights nuanced relationships between AI, e-Governance, and cybersecurity, while acknowledging the need for robust privacy protection. The paper calls attention to the potential of advanced techniques to fortify cybersecurity against ever-evolving threats.

Computer Science

Muhammad Rehan Naeem,Rashid Amin,Muhammad Farhan,Faiz Abdullah Alotaibi,Mrim M Alnfiai,Gabriel Avelino Sampedro,Vincent Karovič

DOI: https://doi.org/10.7717/peerj-cs.2264

2024-09-20

Abstract:Collective intelligence systems like Chat Generative Pre-Trained Transformer (ChatGPT) have emerged. They have brought both promise and peril to cybersecurity and privacy protection. This study introduces novel approaches to harness the power of artificial intelligence (AI) and big data analytics to enhance security and privacy in this new era. Contributions could explore topics such as: leveraging natural language processing (NLP) in ChatGPT-like systems to strengthen information security; evaluating privacy-enhancing technologies to maximize data utility while minimizing personal data exposure; modeling human behavior and agency to build secure and ethical human-centric systems; applying machine learning to detect threats and vulnerabilities in a data-driven manner; using analytics to preserve privacy in large datasets while enabling value creation; crafting AI techniques that operate in a trustworthy and explainable manner. This article advances the state-of-the-art at the intersection of cybersecurity, privacy, human factors, ethics, and cutting-edge AI, providing impactful solutions to emerging challenges. Our research presents a revolutionary approach to malware detection that leverages deep learning (DL) based methodologies to automatically learn features from raw data. Our approach involves constructing a grayscale image from a malware file and extracting features to minimize its size. This process affords us the ability to discern patterns that might remain hidden from other techniques, enabling us to utilize convolutional neural networks (CNNs) to learn from these grayscale images and a stacking ensemble to classify malware. The goal is to model a highly complex nonlinear function with parameters that can be optimized to achieve superior performance. To test our approach, we ran it on over 6,414 malware variants and 2,050 benign files from the MalImg collection, resulting in an impressive 99.86 percent validation accuracy for malware detection. Furthermore, we conducted a classification experiment on 15 malware families and 13 tests with varying parameters to compare our model to other comparable research. Our model outperformed most of the similar research with detection accuracy ranging from 47.07% to 99.81% and a significant increase in detection performance. Our results demonstrate the efficacy of our approach, which unlocks the hidden patterns that underlie complex systems, advancing the frontiers of computational security.

Raza Nowrozy,David Jam

2024-03-18

Abstract:The rapid advancement of generative Artificial Intelligence (AI) technologies, particularly Generative Pre-trained Transformer (GPT) models such as ChatGPT, has the potential to significantly impact cybersecurity. In this study, we investigated the impact of GPTs, specifically ChatGPT, on tertiary education in cybersecurity, and provided recommendations for universities to adapt their curricula to meet the evolving needs of the industry. Our research highlighted the importance of understanding the alignment between GPT's ``mental model'' and human cognition, as well as the enhancement of GPT capabilities to human skills based on Bloom's taxonomy. By analyzing current educational practices and the alignment of curricula with industry requirements, we concluded that universities providing practical degrees like cybersecurity should align closely with industry demand and embrace the inevitable generative AI revolution, while applying stringent ethics oversight to safeguard responsible GPT usage. We proposed a set of recommendations focused on updating university curricula, promoting agility within universities, fostering collaboration between academia, industry, and policymakers, and evaluating and assessing educational outcomes.

Computers and Society,Artificial Intelligence

Polra Victor Falade

DOI: https://doi.org/10.32628/CSEIT2390533

2023-10-09

Abstract:In the ever-evolving realm of cybersecurity, the rise of generative AI models like ChatGPT, FraudGPT, and WormGPT has introduced both innovative solutions and unprecedented challenges. This research delves into the multifaceted applications of generative AI in social engineering attacks, offering insights into the evolving threat landscape using the blog mining technique. Generative AI models have revolutionized the field of cyberattacks, empowering malicious actors to craft convincing and personalized phishing lures, manipulate public opinion through deepfakes, and exploit human cognitive biases. These models, ChatGPT, FraudGPT, and WormGPT, have augmented existing threats and ushered in new dimensions of risk. From phishing campaigns that mimic trusted organizations to deepfake technology impersonating authoritative figures, we explore how generative AI amplifies the arsenal of cybercriminals. Furthermore, we shed light on the vulnerabilities that AI-driven social engineering exploits, including psychological manipulation, targeted phishing, and the crisis of authenticity. To counter these threats, we outline a range of strategies, including traditional security measures, AI-powered security solutions, and collaborative approaches in cybersecurity. We emphasize the importance of staying vigilant, fostering awareness, and strengthening regulations in the battle against AI-enhanced social engineering attacks. In an environment characterized by the rapid evolution of AI models and a lack of training data, defending against generative AI threats requires constant adaptation and the collective efforts of individuals, organizations, and governments. This research seeks to provide a comprehensive understanding of the dynamic interplay between generative AI and social engineering attacks, equipping stakeholders with the knowledge to navigate this intricate cybersecurity landscape.

Cryptography and Security

Zhen Ling Teo,Chrystie Wan Ning Quek,Joy Le Yi Wong,Daniel Shu Wei Ting

DOI: https://doi.org/10.1016/j.apjo.2024.100091

2024-08-28

Abstract:Generative Artificial Intelligence (GenAI) are algorithms capable of generating original content. The ability of GenAI to learn and generate novel outputs alike human cognition has taken the world by storm and ushered in a new era. In this review, we explore the role of GenAI in healthcare, including clinical, operational, and research applications, and delve into the cybersecurity risks of this technology. We discuss risks such as data privacy risks, data poisoning attacks, the propagation of bias, and hallucinations. In this review, we recommend risk mitigation strategies to enhance cybersecurity in GenAI technologies and further explore the use of GenAI as a tool in itself to enhance cybersecurity across the various AI algorithms. GenAI is emerging as a pivotal catalyst across various industries including the healthcare domain. Comprehending the intricacies of this technology and its potential risks will be imperative for us to fully capitalise on the benefits that GenAI can bring.

Abenezer Golda,Kidus Mekonen,Amit Pandey,Anushka Singh,Vikas Hassija,Vinay Chamola,Biplab Sikdar

DOI: https://doi.org/10.1109/access.2024.3381611

IF: 3.9

2024-04-09

IEEE Access

Abstract:Generative Artificial Intelligence (GAI) has sparked a transformative wave across various domains, including machine learning, healthcare, business, and entertainment, owing to its remarkable ability to generate lifelike data. This comprehensive survey offers a meticulous examination of the privacy and security challenges inherent to GAI. It provides five pivotal perspectives essential for a comprehensive understanding of these intricacies. The paper encompasses discussions on GAI architectures, diverse generative model types, practical applications, and recent advancements within the field. In addition, it highlights current security strategies and proposes sustainable solutions, emphasizing user, developer, institutional, and policymaker involvement.

computer science, information systems,telecommunications,engineering, electrical & electronic

Andrei Kucharavy,Zachary Schillaci,Loïc Maréchal,Maxime Würsch,Ljiljana Dolamic,Remi Sabonnadiere,Dimitri Percia David,Alain Mermoud,Vincent Lenders

DOI: https://doi.org/10.48550/arXiv.2303.12132

2023-03-21

Computation and Language

Abstract:Generative Language Models gained significant attention in late 2022 / early 2023, notably with the introduction of models refined to act consistently with users' expectations of interactions with AI (conversational models). Arguably the focal point of public attention has been such a refinement of the GPT3 model -- the ChatGPT and its subsequent integration with auxiliary capabilities, including search as part of Microsoft Bing. Despite extensive prior research invested in their development, their performance and applicability to a range of daily tasks remained unclear and niche. However, their wider utilization without a requirement for technical expertise, made in large part possible through conversational fine-tuning, revealed the extent of their true capabilities in a real-world environment. This has garnered both public excitement for their potential applications and concerns about their capabilities and potential malicious uses. This review aims to provide a brief overview of the history, state of the art, and implications of Generative Language Models in terms of their principles, abilities, limitations, and future prospects -- especially in the context of cyber-defense, with a focus on the Swiss operational environment.

Yusuf Usman,Aadesh Upadhyay,Prashnna Gyawali,Robin Chataut

2024-08-23

Abstract:In an era where digital threats are increasingly sophisticated, the intersection of Artificial Intelligence and cybersecurity presents both promising defenses and potent dangers. This paper delves into the escalating threat posed by the misuse of AI, specifically through the use of Large Language Models (LLMs). This study details various techniques like the switch method and character play method, which can be exploited by cybercriminals to generate and automate cyber attacks. Through a series of controlled experiments, the paper demonstrates how these models can be manipulated to bypass ethical and privacy safeguards to effectively generate cyber attacks such as social engineering, malicious code, payload generation, and spyware. By testing these AI generated attacks on live systems, the study assesses their effectiveness and the vulnerabilities they exploit, offering a practical perspective on the risks AI poses to critical infrastructure. We also introduce Occupy AI, a customized, finetuned LLM specifically engineered to automate and execute cyberattacks. This specialized AI driven tool is adept at crafting steps and generating executable code for a variety of cyber threats, including phishing, malware injection, and system exploitation. The results underscore the urgency for ethical AI practices, robust cybersecurity measures, and regulatory oversight to mitigate AI related threats. This paper aims to elevate awareness within the cybersecurity community about the evolving digital threat landscape, advocating for proactive defense strategies and responsible AI development to protect against emerging cyber threats.

Cryptography and Security,Artificial Intelligence

Yuntao Wang,Yanghe Pan,Miao Yan,Zhou Su,Tom H. Luan

DOI: https://doi.org/10.48550/arXiv.2305.18339

2023-05-25

Computers and Society

Abstract:With the widespread use of large artificial intelligence (AI) models such as ChatGPT, AI-generated content (AIGC) has garnered increasing attention and is leading a paradigm shift in content creation and knowledge representation. AIGC uses generative large AI algorithms to assist or replace humans in creating massive, high-quality, and human-like content at a faster pace and lower cost, based on user-provided prompts. Despite the recent significant progress in AIGC, security, privacy, ethical, and legal challenges still need to be addressed. This paper presents an in-depth survey of working principles, security and privacy threats, state-of-the-art solutions, and future challenges of the AIGC paradigm. Specifically, we first explore the enabling technologies, general architecture of AIGC, and discuss its working modes and key characteristics. Then, we investigate the taxonomy of security and privacy threats to AIGC and highlight the ethical and societal implications of GPT and AIGC technologies. Furthermore, we review the state-of-the-art AIGC watermarking approaches for regulatable AIGC paradigms regarding the AIGC model and its produced content. Finally, we identify future challenges and open research directions related to AIGC.

Subash Neupane,Ivan A. Fernandez,Sudip Mittal,Shahram Rahimi

2023-06-23

Abstract:Generative Artificial Intelligence (GenAI) has emerged as a powerful technology capable of autonomously producing highly realistic content in various domains, such as text, images, audio, and videos. With its potential for positive applications in creative arts, content generation, virtual assistants, and data synthesis, GenAI has garnered significant attention and adoption. However, the increasing adoption of GenAI raises concerns about its potential misuse for crafting convincing phishing emails, generating disinformation through deepfake videos, and spreading misinformation via authentic-looking social media posts, posing a new set of challenges and risks in the realm of cybersecurity. To combat the threats posed by GenAI, we propose leveraging the Cyber Kill Chain (CKC) to understand the lifecycle of cyberattacks, as a foundational model for cyber defense. This paper aims to provide a comprehensive analysis of the risk areas introduced by the offensive use of GenAI techniques in each phase of the CKC framework. We also analyze the strategies employed by threat actors and examine their utilization throughout different phases of the CKC, highlighting the implications for cyber defense. Additionally, we propose GenAI-enabled defense strategies that are both attack-aware and adaptive. These strategies encompass various techniques such as detection, deception, and adversarial training, among others, aiming to effectively mitigate the risks posed by GenAI-induced cyber threats.

Cryptography and Security,Artificial Intelligence

Andreas Tsamados,Luciano Floridi,Mariarosaria Taddeo

DOI: https://doi.org/10.48550/arXiv.2311.09224

2023-09-25

Abstract:The widespread integration of autoregressive-large language models (AR-LLMs), such as ChatGPT, across established applications, like search engines, has introduced critical vulnerabilities with uniquely scalable characteristics. In this commentary, we analyse these vulnerabilities, their dependence on natural language as a vector of attack, and their challenges to cybersecurity best practices. We offer recommendations designed to mitigate these challenges.

Computers and Society,Artificial Intelligence,Computation and Language,Machine Learning

Hari Hayagreevan,Souvik Khamaru

2024-10-15

Abstract:This whitepaper highlights the dual importance of securing generative AI (genAI) platforms and leveraging genAI for cybersecurity. As genAI technologies proliferate, their misuse poses significant risks, including data breaches, model tampering, and malicious content generation. Securing these platforms is critical to protect sensitive data, ensure model integrity, and prevent adversarial attacks. Simultaneously, genAI presents opportunities for enhancing security by automating threat detection, vulnerability analysis, and incident response. The whitepaper explores strategies for robust security frameworks around genAI systems, while also showcasing how genAI can empower organizations to anticipate, detect, and mitigate sophisticated cyber threats.

Cryptography and Security,Artificial Intelligence