Large Language Models (LLMs) have revolutionized Generative Artificial Intelligence (GenAI) tasks, becoming an integral part of various applications in society, including text generation, translation, summarization, a...Large Language Models (LLMs) have revolutionized Generative Artificial Intelligence (GenAI) tasks, becoming an integral part of various applications in society, including text generation, translation, summarization, and more. However, their widespread usage emphasizes the critical need to enhance their security posture to ensure the integrity and reliability of their outputs and minimize harmful effects. Prompt injections and training data poisoning attacks are two of the most prominent vulnerabilities in LLMs, which could potentially lead to unpredictable and undesirable behaviors, such as biased outputs, misinformation propagation, and even malicious content generation. The Common Vulnerability Scoring System (CVSS) framework provides a standardized approach to capturing the principal characteristics of vulnerabilities, facilitating a deeper understanding of their severity within the security and AI communities. By extending the current CVSS framework, we generate scores for these vulnerabilities such that organizations can prioritize mitigation efforts, allocate resources effectively, and implement targeted security measures to defend against potential risks.展开更多
Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Tr...Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.展开更多
Modern automobiles are equipped with connectivity features to enhance the user's comfort.Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit.U...Modern automobiles are equipped with connectivity features to enhance the user's comfort.Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit.Upon pairing,the user could access the personal information on the phone through the automotive head unit with minimum distraction while driving.However,such connectivity introduces a possibility for privacy attacks.Hence,performing an in-depth analysis of the system with privacy constraints is extremely important to prevent unauthorized access to personal information.In this work,we perform a systematic analysis of the Bluetooth network of an automotive infotainment unit to exploit security and privacy-related vulnerabilities.We model the identifed threat with respect to privacy constraints of the system,emphasize the severity of attacks through a standardized rating metric and then provide potential countermeasures to prevent the attack.We perform System Theoretic Process Analysis for Privacy as a part of the systematic analysis and use the Common Vulnerability Scoring System to derive attack severity.The identifed vulnerabilities are due to design flaws and assumptions on Bluetooth protocol implementation on automotive infotainment systems.We then elicit the vulnerability by performing a privacy attack on the Automotive system in an actual vehicle.We use Android Open-Source Project to report our findings and propose defense strategies.展开更多
文摘Large Language Models (LLMs) have revolutionized Generative Artificial Intelligence (GenAI) tasks, becoming an integral part of various applications in society, including text generation, translation, summarization, and more. However, their widespread usage emphasizes the critical need to enhance their security posture to ensure the integrity and reliability of their outputs and minimize harmful effects. Prompt injections and training data poisoning attacks are two of the most prominent vulnerabilities in LLMs, which could potentially lead to unpredictable and undesirable behaviors, such as biased outputs, misinformation propagation, and even malicious content generation. The Common Vulnerability Scoring System (CVSS) framework provides a standardized approach to capturing the principal characteristics of vulnerabilities, facilitating a deeper understanding of their severity within the security and AI communities. By extending the current CVSS framework, we generate scores for these vulnerabilities such that organizations can prioritize mitigation efforts, allocate resources effectively, and implement targeted security measures to defend against potential risks.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.RS2022-II220961).
文摘Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.
文摘Modern automobiles are equipped with connectivity features to enhance the user's comfort.Bluetooth is one such communication technology that is used to pair a personal device with an automotive infotainment unit.Upon pairing,the user could access the personal information on the phone through the automotive head unit with minimum distraction while driving.However,such connectivity introduces a possibility for privacy attacks.Hence,performing an in-depth analysis of the system with privacy constraints is extremely important to prevent unauthorized access to personal information.In this work,we perform a systematic analysis of the Bluetooth network of an automotive infotainment unit to exploit security and privacy-related vulnerabilities.We model the identifed threat with respect to privacy constraints of the system,emphasize the severity of attacks through a standardized rating metric and then provide potential countermeasures to prevent the attack.We perform System Theoretic Process Analysis for Privacy as a part of the systematic analysis and use the Common Vulnerability Scoring System to derive attack severity.The identifed vulnerabilities are due to design flaws and assumptions on Bluetooth protocol implementation on automotive infotainment systems.We then elicit the vulnerability by performing a privacy attack on the Automotive system in an actual vehicle.We use Android Open-Source Project to report our findings and propose defense strategies.