36 research outputs found
Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports
Open-Source Projects and Libraries are being used in software development
while also bearing multiple security vulnerabilities. This use of third party
ecosystem creates a new kind of attack surface for a product in development. An
intelligent attacker can attack a product by exploiting one of the
vulnerabilities present in linked projects and libraries.
In this paper, we mine threat intelligence about open source projects and
libraries from bugs and issues reported on public code repositories. We also
track library and project dependencies for installed software on a client
machine. We represent and store this threat intelligence, along with the
software dependencies in a security knowledge graph. Security analysts and
developers can then query and receive alerts from the knowledge graph if any
threat intelligence is found about linked libraries and projects, utilized in
their products
Risks to Zero Trust in a Federated Mission Partner Environment
Recent cybersecurity events have prompted the federal government to begin
investigating strategies to transition to Zero Trust Architectures (ZTA) for
federal information systems. Within federated mission networks, ZTA provides
measures to minimize the potential for unauthorized release and disclosure of
information outside bilateral and multilateral agreements. When federating with
mission partners, there are potential risks that may undermine the benefits of
Zero Trust. This paper explores risks associated with integrating multiple
identity models and proposes two potential avenues to investigate in order to
mitigate these risks
AI Security Threats against Pervasive Robotic Systems: A Course for Next Generation Cybersecurity Workforce
Robotics, automation, and related Artificial Intelligence (AI) systems have
become pervasive bringing in concerns related to security, safety, accuracy,
and trust. With growing dependency on physical robots that work in close
proximity to humans, the security of these systems is becoming increasingly
important to prevent cyber-attacks that could lead to privacy invasion,
critical operations sabotage, and bodily harm. The current shortfall of
professionals who can defend such systems demands development and integration
of such a curriculum. This course description includes details about seven
self-contained and adaptive modules on "AI security threats against pervasive
robotic systems". Topics include: 1) Introduction, examples of attacks, and
motivation; 2) - Robotic AI attack surfaces and penetration testing; 3) -
Attack patterns and security strategies for input sensors; 4) - Training
attacks and associated security strategies; 5) - Inference attacks and
associated security strategies; 6) - Actuator attacks and associated security
strategies; and 7) - Ethics of AI, robotics, and cybersecurity
CAPoW: Context-Aware AI-Assisted Proof of Work based DDoS Defense
Critical servers can be secured against distributed denial of service (DDoS)
attacks using proof of work (PoW) systems assisted by an Artificial
Intelligence (AI) that learns contextual network request patterns. In this
work, we introduce CAPoW, a context-aware anti-DDoS framework that injects
latency adaptively during communication by utilizing context-aware PoW puzzles.
In CAPoW, a security professional can define relevant request context
attributes which can be learned by the AI system. These contextual attributes
can include information about the user request, such as IP address, time,
flow-level information, etc., and are utilized to generate a contextual score
for incoming requests that influence the hardness of a PoW puzzle. These
puzzles need to be solved by a user before the server begins to process their
request. Solving puzzles slow down the volume of incoming adversarial requests.
Additionally, the framework compels the adversary to incur a cost per request,
hence making it expensive for an adversary to prolong a DDoS attack. We include
the theoretical foundations of the CAPoW framework along with a description of
its implementation and evaluation.Comment: 8 page