A Cognitive Deception Model for Generating Fake Documents to Curb Data Exfiltration in Networks During Cyber-Attacks

Taofeek, Olayiwola Tokunbo; Alawida, Moatsum; Alabdulatif, Abdulatif; Omolara, Abiodun Esther; Abiodun, Oludare Isaac

doi:10.1109/access.2022.3166628

“…Social engineering is a deception technique that uses psychological manipulation to trick people into disclosing sensitive information or performing specific actions. This can be accomplished through a variety of methods, such as phishing scams, pretexting, and other forms of deception [49,50]. ChatGPT can be used to generate convincing messages for use in these kinds of scams.…”

Section: Social Engineering/phishingmentioning

confidence: 99%

Unveiling the Dark Side of ChatGPT: Exploring Cyberattacks and Enhancing User Awareness

Alawida,

Shawar,

Abiodun

et al. 2023

Preprint

View full text Add to dashboard Cite

The Chat Generative Pre-training Transformer (GPT), also known as ChatGPT, is a powerful generative AI model that can simulate human-like dialogues across a variety of domains. However, this popularity has attracted the attention of malicious actors who exploit ChatGPT to launch cyberattacks. This paper examines the tactics that adversaries use to leverage ChatGPT in a variety of cyberattacks. Attackers pose as regular users and manipulate ChatGPT’s vulnerability to malicious interactions, particularly in the context of cyber assault. The paper presents illustrative examples of cyberattacks that are possible with ChatGPT and discusses the realm of ChatGPT-fueled cybersecurity threats. The paper also investigates the extent of user awareness of the relationship between ChatGPT and cyberattacks. A survey of 253 participants was conducted, and their responses were measured on a three-point Likert scale. The results provide a comprehensive understanding of how ChatGPT can be used to improve business processes and identify areas for improvement. Over 80% of the participants agreed that cyber criminals use ChatGPT for malicious purposes. This finding underscores the importance of improving the security of this novel model. Organizations must take steps to protect their computational infrastructure. This analysis also highlights opportunities for streamlining processes, improving service quality, and increasing efficiency. Finally, the paper provides recommendations for using ChatGPT in a secure manner, outlining ways to mitigate potential cyberattacks and strengthen defenses against adversaries.

show abstract

“…Organizations created fake directories, files, or even entire file systems that look legitimate to attackers in a deceptive file system. Decoy files can consist of false or misleading data, decoy documents, 25 or strategically positioned triggers that notify security teams of any unauthorized access or suspicious activities. Another technique in this category is Deceptive password vaults which supports the creation of multiple password vaults.…”

Section: Related Workmentioning

confidence: 99%

RAKSHAM: Responsive approach to Knock‐off scavenging hackers and attack mitigation

Bhardwaj,

Dave

2023

Trans Emerging Tel Tech

0

View full text Add to dashboard Cite

With the increasing interconnectivity of devices and systems in the Internet of Things (IoT) landscape, the importance of cybersecurity has grown significantly. This work presents a comprehensive solution that combines deceptive techniques and AI‐based detection to strengthen the security of IoT networks against sophisticated cyber threats. Deceptive techniques, such as the utilization of honeypots, deceptive IoT devices, and deceptive network traffic, are deliberately employed with the aim of misleading potential attackers. However, the effectiveness of these systems is often challenged by highly skilled attackers and the complexities associated with allocating resources. To address these challenges, “RAKSHAM” is a unique approach to improving the security of IoT networks. It combines deceptive techniques with AI‐based detection mechanisms, minimizing false positives and operational outages in IoT networks. This approach utilizes Eigenvector Centrality (EVC) to identify nodes with a higher risk level. It also evaluates the performance of an AI‐based attack detection model. The AI model, which utilizes a Convolutional Neural Network (CNN), demonstrates exceptional efficacy in the detection of attacks with 99% accuracy and a minimal attack success probability rate of 0.10. RAKSHAM offers a pragmatic and efficient solution for securing IoT networks by accurately detecting attacks and minimizing false positives and operational outages.

show abstract

“…Social engineering is a deception technique that uses psychological manipulation to trick people into disclosing sensitive information or performing specific actions. This can be accomplished through a variety of methods, such as phishing scams, pretexting, and other forms of deception [27,28]. ChatGPT can be used to generate convincing messages for use in these kinds of scams.…”

Section: Social Engineering/phishingmentioning

confidence: 99%

Unveiling the Dark Side of ChatGPT: Exploring Cyberattacks and Enhancing User Awareness

Alawida,

Shawar,

Abiodun

et al. 2023

Preprint

0

View full text Add to dashboard Cite

The Chat Generative Pre-training Transformer (GPT), also known as ChatGPT, is a powerful generative AI model that can simulate human-like dialogues across a variety of domains. However, this popularity has attracted the attention of malicious actors who exploit ChatGPT to launch cyberattacks. This paper examines the tactics that adversaries use to leverage ChatGPT in a variety of cyberattacks. Attackers pose as regular users and manipulate ChatGPT’s vulnerability to malicious interactions, particularly in the context of cyber assault. The paper presents illustrative examples of cyberattacks that are possible with ChatGPT and discusses the realm of ChatGPT-fueled cybersecurity threats. The paper also investigates the extent of user awareness of the relationship between ChatGPT and cyberattacks. A survey of 253 participants was conducted, and their responses were measured on a three-point Likert scale. The results provide a comprehensive understanding of how ChatGPT can be used to improve business processes and identify areas for improvement. Over 80% of the participants agreed that cyber criminals use ChatGPT for malicious purposes. This finding underscores the importance of improving the security of this novel model. Organizations must take steps to protect their computational infrastructure. This analysis also highlights opportunities for streamlining processes, improving service quality, and increasing efficiency. Finally, the paper provides recommendations for using ChatGPT in a secure manner, outlining ways to mitigate potential cyberattacks and strengthen defenses against adversaries.

show abstract

A Cognitive Deception Model for Generating Fake Documents to Curb Data Exfiltration in Networks During Cyber-Attacks

Abstract: This paper is partially supported by the Center for Cyber Safety and Education, United States Internal Revenue segregated fund of (ISC)², Inc. Code. EIN: 45-2405127 through the (ISC)2 graduate cybersecurity scholarship award,

Cited by 12 publications

References 38 publications

Unveiling the Dark Side of ChatGPT: Exploring Cyberattacks and Enhancing User Awareness

Unveiling the Dark Side of ChatGPT: Exploring Cyberattacks and Enhancing User Awareness

RAKSHAM: Responsive approach to Knock‐off scavenging hackers and attack mitigation

Unveiling the Dark Side of ChatGPT: Exploring Cyberattacks and Enhancing User Awareness

Contact Info

Product

Resources

About