Vulnerability and Attack Injection Guided by Artificial Intelligence

The purpose of Vulnerability and Attack Injection Guided by Artificial Intelligence is to evaluate globally how the system copes with attacks and to assess specific security mechanisms in the target systems. Artificial Intelligence is used to aid the discovery of possible locations to inject vulnerabilities in the target system in a quick manner and to define the adequate attack load.

Vulnerability and Attack Injection Guided by Artificial Intelligence, like its base method, consists in injecting realistic vulnerabilities in a component exposed to the Internet and subsequently exploiting such vulnerabilities to launch attacks automatically in order to evaluate existing security mechanisms in the entire system. Vulnerability and Attack Injection Guided by Artificial Intelligence resorts to artificial intelligence to automate the process of defining where to inject vulnerabilities and which attacks to perform as to maximize coverage and reduce execution time when compared to a naïve approach (such as using static code analysis and regex pattern matching). Among the many existing artificial intelligence algorithms, Recurrent Neural Networks (RRNs) and Long Short Term Memory (LSTM) are the most promising techniques for learning the code modifications that are needed to inject a vulnerability (trained using the patches that have been used to fix real-world vulnerabilities) and then to attack these vulnerabilities.

  • Injects realistic vulnerabilities  
  • Attacks the vulnerabilities based on the characteristics of the vulnerabilities, like an attacker would do  
  • Allows testing security mechanisms in place  
  • Allows training security teams 
  • Vulnerabilities and attacks are chosen using artificial intelligence 
  • Needs to access the source code of the application or system  
  • Heavily dependent on the programming language of the target application  
Method Dimensions
In-the-lab environment
Experimental - Testing
Software
Operation, System testing
Thinking, Acting
Non-Functional - Security
V&V process criteria, SCP criteria
Relations
Contents

There are currently no items in this folder.