Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true.
more »
« less
Knowledge, Skills, and Abilities for Specialized Curricula in Cyber Defense: Results from Interviews with Cyber Professionals
More specialized cybersecurity education programs are needed to address workforce needs, but it is unclear which knowledge, skills, and abilities (KSAs) fulfil industry needs. We interviewed 48 professionals within four cyber defense specialty areas: (1) Cyber Network Defense Analysis, (2) Cyber Network Defense Infrastructure Support, (3) Incident Response, and (4) Vulnerability Assessment and Management. The professionals rated a number of specialized KSAs along two dimensions: how important the KSA was to their job and how difficult the KSA was to learn. Overall, communication and other non-technical skills were rated as being very important for all cyber defense jobs. Findings indicated that, for some specialty areas, technical knowledge and skills vary considerably between jobs and so the ability to teach oneself is more valuable than proficiency in any one KSA. Findings may be used to inform the development of general cybersecurity curricula, as well as curricula that focus on Cyber Network Defense Analysis, Cyber Network Defense Infrastructure Support, or Vulnerability Assessment and Management.
more »
« less
- PAR ID:
- 10281814
- Date Published:
- Journal Name:
- ACM Transactions on Computing Education
- Volume:
- 20
- Issue:
- 4
- ISSN:
- 1946-6226
- Page Range / eLocation ID:
- 1 to 25
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Create and Host Cyber Competition Using the Preliminary Persistent Cyber Training Environment (PCTE)null (Ed.)As the world becomes more interconnected and our lives increasingly depend on the cyber world, the increasing threat of cyberattacks and cybercrimes make it critical for us to provide better and practical training of the cybersecurity workforce. In recent years, cybersecurity competition has become one of the most effective and attractive way for educating and training college students or professionals. In this paper, we first systematically introduce in details the step-by-step procedure and technical knowledge on how we take use of the ongoing DoD cyber-range environment called Persistent Cyber Training Environment (PCTE) to set up cyber competition virtualization environment, configure and install operating systems and popular services with various well-representative vulnerabilities, and set up the participant’s access and scoring system. Then we introduce the cybersecurity competition successfully organized by us in I/ITSEC 2019 conference, and the experience and lessons learned from this real-world competition event. The technical details and knowledge presented in this paper could help other researchers and educators to set up their own cyber competition environment or event to better train the future cybersecurity workforce.more » « less
-
Cyber defense exercises are an important avenue to understand the technical capacity of organizations when faced with cyber-threats. Information derived from these exercises often leads to finding unseen methods to exploit vulnerabilities in an organization. These often lead to better defense mechanisms that can counter previously unknown exploits. With recent developments in cyber battle simulation platforms, we can generate a defense exercise environment and train reinforcement learning (RL) based autonomous agents to attack the system described by the simulated environment. In this paper, we describe a two-player game-based RL environment that simultaneously improves the performance of both the attacker and defender agents. We further accelerate the convergence of the RL agents by guiding them with expert knowledge from Cybersecurity Knowledge Graphs on attack and mitigation steps. We have implemented and integrated our proposed approaches into the CyberBattleSim system.more » « less
-
The ongoing workforce shortage of skilled and diverse cybersecurity professionals coupled with the continued upward trend of cybercrime has led to an increased number of funding opportunities from the federal government to support projects focused on technical skills development. Significant emphasis is placed on academic transfer pathways and education-to-career pathways for students from K-12 to community college and beyond. Utilizing funding from multiple sources, faculty have intertwined grant project activities to increase awareness of cybersecurity careers and academic pathways, emphasizing digital forensics and incident response. The two grant projects, Cyber Up! and GenCyber Girls, aimed to develop college-level curriculum and cybersecurity workshops for female high school students. Project activities were synthesized to create a summer camp for high school students based on the curriculum developed for the college programs in digital forensics and incident response. The synergy between the projects has shown an increase in female participation in the digital forensics course and helped build interest in cybersecurity careers among K-12 students.more » « less
-
The imperative factors of cybersecurity within institutions have become prevalent due to the rise of cyber-attacks. Cybercriminals strategically choose their targets and develop several different techniques and tactics that are used to exploit vulnerabilities throughout an entire institution. With the thorough analysis practices being used in recent policy and regulation of cyber incident reports, it has been claimed that data breaches have increased at alarming rates rapidly. Thus, capturing the trends of cyber-attacks strategies, exploited vulnerabilities, and reoccurring patterns as insight to better cybersecurity. This paper seeks to discover the possible threats that influence the relationship between the human component and cybersecurity posture. Along with this, we use the Vocabulary for Event Recording and Incident Sharing (VERIS) database to analyze previous cyber incidents to advance risk management that will benefit the institutional level of cybersecurity. We elaborate on the rising concerns of external versus internal factors that potentially put institutions at risk for exploiting vulnerabilities and conducting an exploratory data analysis that articulates the understanding of detrimental monetary and data loss in recent cyber incidents. The human component of this research attributes to the perceptive of the most common cause within cyber incidents, human error. With these concerns on the rise, we found contributing factors with the use of a risk-based approach and thorough analysis of databases, which will be used to improve the practical consensus of cybersecurity. Our findings can be of use to all institutions in search of useful insight to better their risk-management planning skills and failing elements of their cybersecurity.more » « less