| Title | Generating Fake Cyber Threat Intelligence Using Transformer-Based Models |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Ranade, Priyanka, Piplai, Aritran, Mittal, Sudip, Joshi, Anupam, Finin, Tim |
| Conference Name | 2021 International Joint Conference on Neural Networks (IJCNN) |
| Date Published | jul |
| Keywords | AI Poisoning, artificial intelligence, Cognition, Computer crime, cyber threat intelligence, cybersecurity, Data Poisoning Attack, Human Behavior, Neural networks, Open Source Software, pubcrawl, resilience, Resiliency, Scalability, Training, Transformers |
| Abstract | Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing their models to learn incorrect inputs to serve the attackers' malicious needs. In this paper, we show how to automatically generate fake CTI text descriptions using transformers. Given an initial prompt sentence, a public language model like GPT-2 with fine-tuning can generate plausible CTI text that can mislead cyber-defense systems. We use the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cyber-security professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI and authentic CTI as true. |
| DOI | 10.1109/IJCNN52387.2021.9534192 |
| Citation Key | ranade_generating_2021 |
Generating Fake Cyber Threat Intelligence Using Transformer-Based Models