Subash Neupane,Ivan A. Fernandez,Sudip Mittal,Shahram Rahimi

2023-06-23

Abstract:Generative Artificial Intelligence (GenAI) has emerged as a powerful technology capable of autonomously producing highly realistic content in various domains, such as text, images, audio, and videos. With its potential for positive applications in creative arts, content generation, virtual assistants, and data synthesis, GenAI has garnered significant attention and adoption. However, the increasing adoption of GenAI raises concerns about its potential misuse for crafting convincing phishing emails, generating disinformation through deepfake videos, and spreading misinformation via authentic-looking social media posts, posing a new set of challenges and risks in the realm of cybersecurity. To combat the threats posed by GenAI, we propose leveraging the Cyber Kill Chain (CKC) to understand the lifecycle of cyberattacks, as a foundational model for cyber defense. This paper aims to provide a comprehensive analysis of the risk areas introduced by the offensive use of GenAI techniques in each phase of the CKC framework. We also analyze the strategies employed by threat actors and examine their utilization throughout different phases of the CKC, highlighting the implications for cyber defense. Additionally, we propose GenAI-enabled defense strategies that are both attack-aware and adaptive. These strategies encompass various techniques such as detection, deception, and adversarial training, among others, aiming to effectively mitigate the risks posed by GenAI-induced cyber threats.

Cryptography and Security,Artificial Intelligence

Siva Sai,Utkarsh Yashvardhan,Vinay Chamola,Biplab Sikdar

DOI: https://doi.org/10.1109/access.2024.3385107

IF: 3.9

2024-04-20

IEEE Access

Abstract:This research paper intends to provide real-life applications of Generative AI (GAI) in the cybersecurity domain. The frequency, sophistication and impact of cyber threats have continued to rise in today's world. This ever-evolving threat landscape poses challenges for organizations and security professionals who continue looking for better solutions to tackle these threats. GAI technology provides an effective way for them to address these issues in an automated manner with increasing efficiency. It enables them to work on more critical security aspects which require human intervention, while GAI systems deal with general threat situations. Further, GAI systems can better detect novel malware and threatening situations than humans. This feature of GAI, when leveraged, can lead to higher robustness of the security system. Many tech giants like Google, Microsoft etc., are motivated by this idea and are incorporating elements of GAI in their cybersecurity systems to make them more efficient in dealing with ever-evolving threats. Many cybersecurity tools like Google Cloud Security AI Workbench, Microsoft Security Copilot, SentinelOne Purple AI etc., have come into the picture, which leverage GAI to develop more straightforward and robust ways to deal with emerging cybersecurity perils. With the advent of GAI in the cybersecurity domain, one also needs to take into account the limitations and drawbacks that such systems have. This paper also provides some of the limitations of GAI, like periodically giving wrong results, costly training, the potential of GAI being used by malicious actors for illicit activities etc.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaozhong Liu,Yu‐Ru Lin,Zhuoren Jiang,Qunfang Wu

DOI: https://doi.org/10.1002/pra2.1103

2024-01-01

Proceedings of the Association for Information Science and Technology

Abstract:ABSTRACTGenerative AI (GAI) technologies have demonstrated human‐level performance on a vast spectrum of tasks. However, recent studies have also delved into the potential threats and vulnerabilities posed by GAI, particularly as they become increasingly prevalent in sensitive domains such as elections and education. Their use in politics raises concerns about manipulation and misinformation. Further exploration is imperative to comprehend the social risks associated with GAI across diverse societal contexts. In this panel, we aim to dissect the impact and risks posed by GAI on our social fabric, examining both technological and societal perspectives. Additionally, we will present our latest investigations, including the manipulation of ideologies using large language models (LLMs), the potential risk of AI self‐consciousness, the application of Explainable AI (XAI) to identify patterns of misinformation and mitigate their dissemination, as well as the influence of GAI on the quality of public discourse. These insights will serve as catalysts for stimulating discussions among the audience on this crucial subject matter, and contribute to fostering a deeper understanding of the importance of responsible development and deployment of GAI technologies.

Yusuf Usman,Aadesh Upadhyay,Prashnna Gyawali,Robin Chataut

2024-08-23

Abstract:In an era where digital threats are increasingly sophisticated, the intersection of Artificial Intelligence and cybersecurity presents both promising defenses and potent dangers. This paper delves into the escalating threat posed by the misuse of AI, specifically through the use of Large Language Models (LLMs). This study details various techniques like the switch method and character play method, which can be exploited by cybercriminals to generate and automate cyber attacks. Through a series of controlled experiments, the paper demonstrates how these models can be manipulated to bypass ethical and privacy safeguards to effectively generate cyber attacks such as social engineering, malicious code, payload generation, and spyware. By testing these AI generated attacks on live systems, the study assesses their effectiveness and the vulnerabilities they exploit, offering a practical perspective on the risks AI poses to critical infrastructure. We also introduce Occupy AI, a customized, finetuned LLM specifically engineered to automate and execute cyberattacks. This specialized AI driven tool is adept at crafting steps and generating executable code for a variety of cyber threats, including phishing, malware injection, and system exploitation. The results underscore the urgency for ethical AI practices, robust cybersecurity measures, and regulatory oversight to mitigate AI related threats. This paper aims to elevate awareness within the cybersecurity community about the evolving digital threat landscape, advocating for proactive defense strategies and responsible AI development to protect against emerging cyber threats.

Cryptography and Security,Artificial Intelligence

Yagmur Yigit,William J Buchanan,Madjid G Tehrani,Leandros Maglaras

DOI: https://doi.org/10.48550/arXiv.2403.08701

2024-03-19

Abstract:Over the last decade, Artificial Intelligence (AI) has become increasingly popular, especially with the use of chatbots such as ChatGPT, Gemini, and DALL-E. With this rise, large language models (LLMs) and Generative AI (GenAI) have also become more prevalent in everyday use. These advancements strengthen cybersecurity's defensive posture and open up new attack avenues for adversaries as well. This paper provides a comprehensive overview of the current state-of-the-art deployments of GenAI, covering assaults, jailbreaking, and applications of prompt injection and reverse psychology. This paper also provides the various applications of GenAI in cybercrimes, such as automated hacking, phishing emails, social engineering, reverse cryptography, creating attack payloads, and creating malware. GenAI can significantly improve the automation of defensive cyber security processes through strategies such as dataset construction, safe code development, threat intelligence, defensive measures, reporting, and cyberattack detection. In this study, we suggest that future research should focus on developing robust ethical norms and innovative defense mechanisms to address the current issues that GenAI creates and to also further encourage an impartial approach to its future application in cybersecurity. Moreover, we underscore the importance of interdisciplinary approaches further to bridge the gap between scientific developments and ethical considerations.

Cryptography and Security

Maanak Gupta,CharanKumar Akiri,Kshitiz Aryal,Eli Parker,Lopamudra Praharaj

2023-07-03

Abstract:Undoubtedly, the evolution of Generative AI (GenAI) models has been the highlight of digital transformation in the year 2022. As the different GenAI models like ChatGPT and Google Bard continue to foster their complexity and capability, it's critical to understand its consequences from a cybersecurity perspective. Several instances recently have demonstrated the use of GenAI tools in both the defensive and offensive side of cybersecurity, and focusing on the social, ethical and privacy implications this technology possesses. This research paper highlights the limitations, challenges, potential risks, and opportunities of GenAI in the domain of cybersecurity and privacy. The work presents the vulnerabilities of ChatGPT, which can be exploited by malicious users to exfiltrate malicious information bypassing the ethical constraints on the model. This paper demonstrates successful example attacks like Jailbreaks, reverse psychology, and prompt injection attacks on the ChatGPT. The paper also investigates how cyber offenders can use the GenAI tools in developing cyber attacks, and explore the scenarios where ChatGPT can be used by adversaries to create social engineering attacks, phishing attacks, automated hacking, attack payload generation, malware creation, and polymorphic malware. This paper then examines defense techniques and uses GenAI tools to improve security measures, including cyber defense automation, reporting, threat intelligence, secure code generation and detection, attack identification, developing ethical guidelines, incidence response plans, and malware detection. We will also discuss the social, legal, and ethical implications of ChatGPT. In conclusion, the paper highlights open challenges and future directions to make this GenAI secure, safe, trustworthy, and ethical as the community understands its cybersecurity impacts.

Cryptography and Security,Artificial Intelligence

Meet Ashokkumar Joshi

DOI: https://doi.org/10.2139/ssrn.4735175

2024-01-01

SSRN Electronic Journal

Abstract:Generative Manufactured Insights (AI) frameworks, competent of creating human-like yields such as content, pictures, and recordings, have seen surprising progressions in later a long time. Whereas these frameworks offer different benefits in inventive assignments, amusement, and robotization, they moreover posture noteworthy security dangers. This paper looks at the security suggestions of generative AI advances, centering on potential dangers and vulnerabilities they present over diverse spaces. We talk about the abuse of generative AI for pernicious purposes, counting the creation of modern fake substance, pantomime assaults, and the spread of disinformation and purposeful publicity. Furthermore, we analyze the challenges in recognizing and moderating these dangers, given the quick advancement and complexity of generative AI models. Besides, we investigate the moral contemplations encompassing the advancement and arrangement of generative AI, emphasizing the significance of capable AI administration and direction to address security concerns. By highlighting these dangers, this paper points to raise mindfulness among analysts, policymakers, and specialists to create proactive techniques for overseeing the security challenges postured by generative AI advances.

Shivani Metta,Isaac Chang,Jack Parker,Michael P. Roman,Arturo F. Ehuan

2024-05-03

Abstract:The dawn of Generative Artificial Intelligence (GAI), characterized by advanced models such as Generative Pre-trained Transformers (GPT) and other Large Language Models (LLMs), has been pivotal in reshaping the field of data analysis, pattern recognition, and decision-making processes. This surge in GAI technology has ushered in not only innovative opportunities for data processing and automation but has also introduced significant cybersecurity challenges.

Cryptography and Security

Zhen Ling Teo,Chrystie Wan Ning Quek,Joy Le Yi Wong,Daniel Shu Wei Ting

DOI: https://doi.org/10.1016/j.apjo.2024.100091

2024-08-28

Abstract:Generative Artificial Intelligence (GenAI) are algorithms capable of generating original content. The ability of GenAI to learn and generate novel outputs alike human cognition has taken the world by storm and ushered in a new era. In this review, we explore the role of GenAI in healthcare, including clinical, operational, and research applications, and delve into the cybersecurity risks of this technology. We discuss risks such as data privacy risks, data poisoning attacks, the propagation of bias, and hallucinations. In this review, we recommend risk mitigation strategies to enhance cybersecurity in GenAI technologies and further explore the use of GenAI as a tool in itself to enhance cybersecurity across the various AI algorithms. GenAI is emerging as a pivotal catalyst across various industries including the healthcare domain. Comprehending the intricacies of this technology and its potential risks will be imperative for us to fully capitalise on the benefits that GenAI can bring.

Polra Victor Falade

DOI: https://doi.org/10.32628/CSEIT2390533

2023-10-09

Abstract:In the ever-evolving realm of cybersecurity, the rise of generative AI models like ChatGPT, FraudGPT, and WormGPT has introduced both innovative solutions and unprecedented challenges. This research delves into the multifaceted applications of generative AI in social engineering attacks, offering insights into the evolving threat landscape using the blog mining technique. Generative AI models have revolutionized the field of cyberattacks, empowering malicious actors to craft convincing and personalized phishing lures, manipulate public opinion through deepfakes, and exploit human cognitive biases. These models, ChatGPT, FraudGPT, and WormGPT, have augmented existing threats and ushered in new dimensions of risk. From phishing campaigns that mimic trusted organizations to deepfake technology impersonating authoritative figures, we explore how generative AI amplifies the arsenal of cybercriminals. Furthermore, we shed light on the vulnerabilities that AI-driven social engineering exploits, including psychological manipulation, targeted phishing, and the crisis of authenticity. To counter these threats, we outline a range of strategies, including traditional security measures, AI-powered security solutions, and collaborative approaches in cybersecurity. We emphasize the importance of staying vigilant, fostering awareness, and strengthening regulations in the battle against AI-enhanced social engineering attacks. In an environment characterized by the rapid evolution of AI models and a lack of training data, defending against generative AI threats requires constant adaptation and the collective efforts of individuals, organizations, and governments. This research seeks to provide a comprehensive understanding of the dynamic interplay between generative AI and social engineering attacks, equipping stakeholders with the knowledge to navigate this intricate cybersecurity landscape.

Cryptography and Security

Gouri Ginde

2024-12-10

Abstract:Generative Artificial Intelligence (GenAI) advances have led to new technologies capable of generating high-quality code, natural language, and images. The next step is to integrate GenAI technology into various aspects while conducting research or other related areas, a task typically conducted by researchers. Such research outcomes always come with a certain risk of liability. This paper sheds light on the various research aspects in which GenAI is used, thus raising awareness of its legal implications to novice and budding researchers. In particular, there are two risks: data protection and copyright. Both aspects are crucial for GenAI. We summarize key aspects regarding our current knowledge that every software researcher involved in using GenAI should be aware of to avoid critical mistakes that may expose them to liability claims and propose a checklist to guide such awareness.

Software Engineering

Pasupuleti Rajesh,Christopher Mader,Ravi Vadapalli

DOI: https://doi.org/10.1109/SNAMS60348.2023.10375472

2023-11-21

Abstract:In recent years, Generative Artificial Intelligence (AI) and ChatGPT (Generative Pre-trained Transformer) models that are capable of generating realistic human-mimicked languages have gained progressive popularity. With the evolution of technology, there has been a significant increase in the availability and usage of artificial intelligence tools, such as ChatGPT and Generative AI, that will assist in shaping the future. However, this increasing popularity poses a potential risk if used inappropriately. Threats from AI pose special challenges for government, the private sector, and national security. In this paper, we address some of key concerns of significant cyber security issues and challenges related to Generative AI and ChatGPT. With careful consideration to application usage, organizations can implement appropriate security measures to mitigate these risks. We also incorporate recommendations about ChatGPT usage and its impact on society. It is important that researchers, developers, and policymakers (CIOs, CSOs) work together to mitigate these risks and to ensure that these models are used in a responsible and ethical manner.

Political Science,Computer Science

Harshaan Chugh

DOI: https://doi.org/10.22214/ijraset.2024.57827

2024-01-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: In the rapidly evolving landscape of artificial intelligence (AI) and cybersecurity, the increasing adoption of large language models has introduced both opportunities and challenges. The utilization of large generative AI models, such as GPT 3.5 and GPT 4.0 used in ChatGPT, has shown promising potential in various domains, including cybersecurity, software engineering, and human-computer interaction. However, alongside their benefits, these models raise concerns regarding transparency, interpretability, and ethical considerations. Furthermore, AI-driven cybersecurity has emerged as a critical defense against sophisticated cyber threats, but it faces issues related to accuracy, false positives, and the need for data-efficient techniques. The integration of AI in cybersecurity has also led to new attack vectors and vulnerabilities that require comprehensive solutions. To address these multifaceted challenges, a research survey paper is warranted to analyze the state-ofthe-art understanding of the use of generative AI in cybersecurity, addressing issues identified through statistical analysis, new attack vectors and vulnerabilities that have emerged, innovative solutions that may exist, and the current approach to promoting responsible and secure AI practices.

Iwona Chomiak-Orsa,Artur Rot,Bartosz Blaicke

DOI: https://doi.org/10.1007/978-3-030-28374-2_35

2019-01-01

Abstract:The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber kill chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber kill chain with other uses being deployed in the remaining steps.

Arun Chauhan

DOI: https://doi.org/10.54660/.ijmrge.2024.5.4.997-1002

2024-01-01

International Journal of Multidisciplinary Research and Growth Evaluation

Abstract:This research paper explores the intersection of generative AI and misinformation warfare, focusing on the sophisticated capabilities of AI technologies like Generative Adversarial Networks (GANs) and their potential misuse in creating deceptive content. Utilizing a mixed-methods approach, the study combines an extensive literature review with empirical data from a survey of 125 respondents, revealing high levels of awareness and concern about AI-generated misinformation. The findings indicate that AI-generated misinformation significantly impacts public opinion and societal trust, highlighting the urgent need for advanced detection mechanisms and comprehensive media literacy programs. The study underscores the importance of ethical guidelines and regulatory measures to manage the risks associated with generative AI. By providing a nuanced understanding of the technological and societal implications of AI-generated misinformation, this research contributes to the broader discourse on cybersecurity and information integrity, offering recommendations for future research and policy development to combat the pervasive threat of AI-enhanced misinformation.

Nahema Marchal,Rachel Xu,Rasmi Elasmar,Iason Gabriel,Beth Goldberg,William Isaac

2024-06-21

Abstract:Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of advanced AI systems to be exploited for malicious purposes. However, we still lack a concrete understanding of how GenAI models are specifically exploited or abused in practice, including the tactics employed to inflict harm. In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024. Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild.

Artificial Intelligence

Clark Barrett,Brad Boyd,Elie Bursztein,Nicholas Carlini,Brad Chen,Jihye Choi,Amrita Roy Chowdhury,Mihai Christodorescu,Anupam Datta,Soheil Feizi,Kathleen Fisher,Tatsunori Hashimoto,Dan Hendrycks,Somesh Jha,Daniel Kang,Florian Kerschbaum,Eric Mitchell,John Mitchell,Zulfikar Ramzan,Khawaja Shams,Dawn Song,Ankur Taly,Diyi Yang

DOI: https://doi.org/10.1561/3300000041

2023-01-01

Foundations and Trends® in Privacy and Security

Abstract:Every major technical invention resurfaces the dual-use dilemma—the new technology has the potential to be used for good as well as for harm. Generative AI (GenAI) techniques, such as large language models (LLMs) and diffusion models, have shown remarkable capabilities (e.g., in-context learning, code-completion, and text-to-image generation and editing). However, GenAI can be used just as well by attackers to generate new attacks and increase the velocity and efficacy of existing attacks. This monograph reports the findings of a workshop held at Google (co-organized by Stanford University and the University of Wisconsin-Madison) on the dual-use dilemma posed by GenAI. This work is not meant to be comprehensive, but is rather an attempt to synthesize some of the interesting findings from the workshop. We discuss short-term and long-term goals for the community on this topic. We hope this work provides both a launching point for a discussion on this important topic as well as interesting problems that the research community can work to address.

Emilio Ferrara

DOI: https://doi.org/10.1007/s42001-024-00250-1

2024-01-23

Abstract:Generative Artificial Intelligence (GenAI) and Large Language Models (LLMs) are marvels of technology; celebrated for their prowess in natural language processing and multimodal content generation, they promise a transformative future. But as with all powerful tools, they come with their shadows. Picture living in a world where deepfakes are indistinguishable from reality, where synthetic identities orchestrate malicious campaigns, and where targeted misinformation or scams are crafted with unparalleled precision. Welcome to the darker side of GenAI applications. This article is not just a journey through the meanders of potential misuse of GenAI and LLMs, but also a call to recognize the urgency of the challenges ahead. As we navigate the seas of misinformation campaigns, malicious content generation, and the eerie creation of sophisticated malware, we'll uncover the societal implications that ripple through the GenAI revolution we are witnessing. From AI-powered botnets on social media platforms to the unnerving potential of AI to generate fabricated identities, or alibis made of synthetic realities, the stakes have never been higher. The lines between the virtual and the real worlds are blurring, and the consequences of potential GenAI's nefarious applications impact us all. This article serves both as a synthesis of rigorous research presented on the risks of GenAI and misuse of LLMs and as a thought-provoking vision of the different types of harmful GenAI applications we might encounter in the near future, and some ways we can prepare for them.

Computers and Society,Artificial Intelligence,Computation and Language,Human-Computer Interaction

Garima Agrawal,Amardeep Kaur,Sowmya Myneni

DOI: https://doi.org/10.3390/electronics13020322

IF: 2.9

2024-01-12

Electronics

Abstract:The ability of deep learning to process vast data and uncover concealed malicious patterns has spurred the adoption of deep learning methods within the cybersecurity domain. Nonetheless, a notable hurdle confronting cybersecurity researchers today is the acquisition of a sufficiently large dataset to effectively train deep learning models. Privacy and security concerns associated with using real-world organization data have made cybersecurity researchers seek alternative strategies, notably focusing on generating synthetic data. Generative adversarial networks (GANs) have emerged as a prominent solution, lauded for their capacity to generate synthetic data spanning diverse domains. Despite their widespread use, the efficacy of GANs in generating realistic cyberattack data remains a subject requiring thorough investigation. Moreover, the proficiency of deep learning models trained on such synthetic data to accurately discern real-world attacks and anomalies poses an additional challenge that demands exploration. This paper delves into the essential aspects of generative learning, scrutinizing their data generation capabilities, and conducts a comprehensive review to address the above questions. Through this exploration, we aim to shed light on the potential of synthetic data in fortifying deep learning models for robust cybersecurity applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Marc Schmitt,Ivan Flechais

DOI: https://doi.org/10.48550/arXiv.2310.13715

2023-10-15

Cryptography and Security

Abstract:The advancement of Artificial Intelligence (AI) and Machine Learning (ML) has profound implications for both the utility and security of our digital interactions. This paper investigates the transformative role of Generative AI in Social Engineering (SE) attacks. We conduct a systematic review of social engineering and AI capabilities and use a theory of social engineering to identify three pillars where Generative AI amplifies the impact of SE attacks: Realistic Content Creation, Advanced Targeting and Personalization, and Automated Attack Infrastructure. We integrate these elements into a conceptual model designed to investigate the complex nature of AI-driven SE attacks - the Generative AI Social Engineering Framework. We further explore human implications and potential countermeasures to mitigate these risks. Our study aims to foster a deeper understanding of the risks, human implications, and countermeasures associated with this emerging paradigm, thereby contributing to a more secure and trustworthy human-computer interaction.