kth.sePublications
12345673 of 20
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Mitigating AI-Enabled Cyber Attacks on Hardware, Software, and System Users
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0001-7884-966x
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

This doctoral thesis addresses the rapidly evolving landscape of computer security threats posed by advancements in artificial intelligence (AI), particularly large language models (LLMs). We demonstrate how AI can automate and enhance cyberattacks to identify the most pressing dangers and present feasible mitigation strategies. The study is divided into two main branches: attacks targeting hardware and software systems and attacks focusing on system users, such as phishing. The first paper of the thesis identifies research communities within computer security red teaming. We created a Python tool to scrape and analyze 23,459 articles from Scopus's database, highlighting popular communities such as smart grids and attack graphs and providing a comprehensive overview of prominent authors, institutions, communities, and sub-communities. The second paper conducts red teaming assessments of connected devices commonly found in modern households, such as connected vacuum cleaners and door locks. Our experiments demonstrate how easily attackers can exploit different devices and emphasize the need for improved security measures and public awareness. The third paper explores the use of LLMs to generate phishing emails. The findings demonstrate that while human experts still outperform LLMs, a hybrid approach combining human expertise and AI significantly reduces the cost and time requirements to launch phishing attacks while maintaining high success rates. We further analyze the economic aspects of AI-enhanced phishing to show how LLMs affect the attacker's incentive for various phishing use cases. The fourth study evaluates LLMs' potential to automate and enhance cyberattacks on hardware and software systems. We create a framework for evaluating the capability of LLMs to conduct attacks on hardware and software and evaluate the framework by conducting 31 AI-automated cyberattacks on devices from connected households. The results indicate that while LLMs can reduce attack costs, they do not significantly increase the attacks' damage or scalability. We expect this to change with future LLM versions, but the findings present an opportunity for proactive measures to develop benchmarks and defensive tools to control the misuse of LLMs.

Abstract [sv]

Moderna cyberattacker förändras snabbt som följd av framsteg inom artificiell intelligent (AI), särskilt via stora språkmodeller (LLM:er). Vi demonstrerar hur AI kan automatisera och förbättra cyberattacker för att identifiera de största hoten och presenterar strategier för att motverka dem. Studien är uppdelad i två delar: attacker riktade mot hårdvaru- och mjukvarusystem samt attacker fokuserade på systemanvändare, likt phishing. Avhandlingens första artikel identifierar forskningsgrupper inom red teaming. Vi skapade ett Python-verktyg för att hämta och analysera 23,459 artiklar från Scopus databas, vilket gav en översikt av framstående författare, institutioner och utvecklingen av olika grupper och sub-grupper inom forskningsområdet. Avhandlingens andra artikel genomför red teaming-tester av uppkopplade enheter från moderna hushåll, exempelvis uppkopplade dammsugare och dörrlås. Våra experiment visar hur lätt angripare kan hitta sårbarheter i enheter och betonar behovet av förbättrade säkerhetsåtgärder och ökad allmän medvetenhet. Den tredje artikeln utforskar användningen av LLMs för att generera phishing-meddelanden. Resultaten visar att mänskliga experter fortfarande presterar bättre än LLMs, men en hybridmetod som kombinerar mänsklig expertis och AI reducerar kostnaderna och tiden som krävs för att lansera nätfiskeattacker och behåller hög kvalitet i meddelandena. Den fjärde studien utvärderar LLM:ers potential att automatisera och förbättra cyberattacker på hårdvaru- och mjukvarusystem. Vi skapar ett ramverk för att utvärdera LLM:ers förmåga att genomföra attacker mot hårdvara och mjukvara och utvärderar ramverket genom att genomföra 31 AI-automatiserade cyberattacker på enheter från uppkopplade hushåll. Resultaten indikerar att LLM:er kan minska attackkostnaderna, men de medför inte en märkvärd ökning av attackernas skada eller skalbarhet. Vi förväntar oss att detta kommer att förändras med framtida LLM-versioner, men resultaten presenterar en möjlighet för proaktiva åtgärder för att utveckla riktmärken och försvarsverktyg för att kontrollera skadlig användning av LLMs.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2024. , p. x, 71
Series
TRITA-EECS-AVL ; 2024:68
Keywords [en]
Computer security, Red teaming, phishing, artificial intelligence, large language models
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-353243OAI: oai:DiVA.org:kth-353243DiVA, id: diva2:1898666
Public defence
2024-10-10, https://kth-se.zoom.us/j/61272075034, D31, Lindstedtsvägen 9, Stockholm, 13:00 (English)
Opponent
Supervisors
Note

QC 20241004

Available from: 2024-09-19 Created: 2024-09-18 Last updated: 2024-10-04Bibliographically approved
List of papers
1. Research communities in cyber security vulnerability assessments: A comprehensive literature review
Open this publication in new window or tab >>Research communities in cyber security vulnerability assessments: A comprehensive literature review
2023 (English)In: Computer Science Review, ISSN 1574-0137, E-ISSN 1876-7745, Vol. 48, article id 100551Article, review/survey (Refereed) Published
Abstract [en]

Ethical hacking and vulnerability assessments are gaining rapid momentum as academic fields of study. Still, it is sometimes unclear what research areas are included in the categories and how they fit into the traditional academic framework. Previous studies have reviewed literature in the field, but the attempts use manual analysis and thus fail to provide a comprehensive view of the domain. To better understand how the area is treated within academia, 537,629 related articles from the Scopus database were analyzed. A Python script was used for data mining as well as analysis of the data, and 23,459 articles were included in the final synthesis. The publication dates of the articles ranged from 1975 to 2022. They were authored by 53,495 authors and produced an aggregated total of 836,956 citations. Fifteen research communities were detected using the Louvain community detection algorithm: (smart grids, attack graphs, security testing, software vulnerabilities, Internet of Things (IoT), network vulnerability, vulnerability analysis, Android, cascading failures, authentication, Software-Defined Networking (SDN), spoofing attacks, malware, trust models, and red teaming). In addition, each community had several individual subcommunities, constituting a total of 126. From the trends of the analyzed studies, it is clear that research interest in ethical hacking and vulnerability assessment is increasing.

Place, publisher, year, edition, pages
Elsevier BV, 2023
Keywords
Systematic literature review, SLR, Vulnerability assessment, Ethical hacking, Cybersecurity, Scopus, Penetration testing
National Category
Software Engineering
Identifiers
urn:nbn:se:kth:diva-326627 (URN)10.1016/j.cosrev.2023.100551 (DOI)000969160400001 ()2-s2.0-85151293888 (Scopus ID)
Note

QC 20230509

Available from: 2023-05-09 Created: 2023-05-09 Last updated: 2024-09-18Bibliographically approved
2. Penetration testing of connected households
Open this publication in new window or tab >>Penetration testing of connected households
2023 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 126, article id 103067Article in journal (Refereed) Published
Abstract [en]

Connected devices have become an integral part of modern homes and household devices, such as vac-uum cleaners and refrigerators, are now often connected to networks. This connectivity introduces an entry point for cyber attackers. The plethora of successful cyber attacks against household IoT indicates that the security of these devices, or the security of applications related to these devices, is often lacking. Existing penetration testing studies usually focus on individual devices, and recent studies often men-tion the need for more extensive vulnerability assessments. Therefore, this study investigates the cyber security of devices commonly located in connected homes. Systematic penetration tests were conducted on 22 devices in five categories related to connected homes: smart door locks, smart cameras, smart car adapters/garages, smart appliances, and miscellaneous smart home devices. In total, 17 vulnerabilities were discovered and published as new CVEs. Some CVEs received critical severity rankings from the National Vulnerability Database (NVD), reaching 9.8/10. The devices are already being sold and used worldwide, and the discovered vulnerabilities could lead to severe consequences for residents, such as an attacker gaining physical access to the house. In addition to the published CVEs, 52 weaknesses were discovered that could potentially lead to new CVEs in the future. To our knowledge, this is the most comprehensive study on penetration testing of connected household products.

Place, publisher, year, edition, pages
Elsevier BV, 2023
Keywords
Penetration testing, Ethical hacking, Internet of things, Connected households, Smart home, Pentest, Cyber security
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-324051 (URN)10.1016/j.cose.2022.103067 (DOI)000917439700001 ()2-s2.0-85144826963 (Scopus ID)
Note

QC 20230222

Available from: 2023-02-22 Created: 2023-02-22 Last updated: 2024-09-18Bibliographically approved
3. Devising and Detecting Phishing Emails Using Large Language Models
Open this publication in new window or tab >>Devising and Detecting Phishing Emails Using Large Language Models
Show others...
2024 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 12, p. 42131-42146Article in journal (Refereed) Published
Abstract [en]

AI programs, built using large language models, make it possible to automatically create phishing emails based on a few data points about a user. The V-Triad is a set of rules for manually designing phishing emails to exploit our cognitive heuristics and biases. In this study, we compare the performance of phishing emails created automatically by GPT-4 and manually using the V-Triad. We also combine GPT-4 with the V-Triad to assess their combined potential. A fourth group, exposed to generic phishing emails, was our control group. We use a red teaming approach by simulating attackers and emailing 112 participants recruited for the study. The control group emails received a click-through rate between 19-28%, the GPT-generated emails 30-44%, emails generated by the V-Triad 69-79%, and emails generated by GPT and the V-Triad 43-81%. Each participant was asked to explain why they pressed or did not press a link in the email. These answers often contradict each other, highlighting the importance of personal differences. Next, we used four popular large language models (GPT, Claude, PaLM, and LLaMA) to detect the intention of phishing emails and compare the results to human detection. The language models demonstrated a strong ability to detect malicious intent, even in non-obvious phishing emails. They sometimes surpassed human detection, although often being slightly less accurate than humans. Finally, we analyze of the economic aspects of AI-enabled phishing attacks, showing how large language models increase the incentives of phishing and spear phishing by reducing their costs.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2024
Keywords
Phishing, large language models, social engineering, artificial intelligence
National Category
Computer Sciences
Identifiers
urn:nbn:se:kth:diva-345143 (URN)10.1109/ACCESS.2024.3375882 (DOI)001192203500001 ()2-s2.0-85187996490 (Scopus ID)
Note

QC 20240408

Available from: 2024-04-08 Created: 2024-04-08 Last updated: 2024-09-18Bibliographically approved
4. A Framework for Evaluating Large Language Models’ Capability to Conduct Cyberattacks
Open this publication in new window or tab >>A Framework for Evaluating Large Language Models’ Capability to Conduct Cyberattacks
(English)Manuscript (preprint) (Other academic)
Abstract [en]

As large language models continue to evolve, they have the potential to automate and enhance various aspects of computer security, including red teaming assessments. In this article, we conduct 32 computer security attacks and compare their success rates when performed manually and with assistance from large language models. The security assessments target five connected devices commonly found in modern households (two door locks, one vacuum cleaner, one garage door, and one smart vehicle adapter). We use attacks such as denial-of-service attacks, Man-in-the-Middle, authentication brute force, malware creation, and other common attack types. Each attack was performed twice, once by a human and once by an LLM, and scored for damage, reproducibility, exploitability, affected users, and discoverability based on the DREAD framework for computer security risk assessments. For the LLM-assisted attacks, we also scored the LLM's capacity to perform the attack autonomously. LLMs regularly increased the reproducibility and exploitability of attacks, but no LLM-based attack enhanced the damage inflicted on the device, and the language models often required manual input to complete the attack. 

National Category
Computer Sciences
Identifiers
urn:nbn:se:kth:diva-353244 (URN)
Note

Submitted to the International Conference on Learning Representations (ICLR)

QC 20240918

Available from: 2024-09-13 Created: 2024-09-13 Last updated: 2024-09-18Bibliographically approved

Open Access in DiVA

Thesis_new(5046 kB)17 downloads
File information
File name FULLTEXT03.pdfFile size 5046 kBChecksum SHA-512
dc1a20308819b5d7f530de845713b542d2bb32a89661e26bbdaf5d9f2e2cc113f7c54a743f624d1211a632896839c4257a57b4cc11b1d5ae576583a2fbd0dbfe
Type fulltextMimetype application/pdf

Authority records

Heiding, Fredrik

Search in DiVA

By author/editor
Heiding, Fredrik
By organisation
Network and Systems Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 17 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 97 hits
12345673 of 20
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf