Proactive Security Auditing against AI-enhanced Cyberthreats: from Clouds to Internet of Things (IoT)

针对人工智能增强型网络威胁的主动安全审核：从云到物联网 (IoT)

• 批准号: RGPIN-2021-04106
• 负责人: Majumdar, Suryadipta
• 金额: $ 2.11万
• 依托单位: Concordia University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=750649
• 关键词: Proactive; Security; Auditing; against; AI

Artificial intelligence (AI) has ushered in many revolutionary changes in our lives, especially through its direct impacts on emerging technologies, such as cloud computing and Internet of Things (IoT). This digital transformation has also been rapidly changing the cybersecurity landscape. For instance, today's complex cloud and IoT systems reportedly suffer from various implementation flaws and misconfigurations, and adversaries frequently exploit those vulnerabilities to craft sophisticated and powerful cyberattacks by weaponizing the power of AI. As a result, the transparency and accountability of those systems often become questionable. To that end, security auditing (which verifies the security of a system), might be a promising solution, as it has been a popular choice in the industry for years. However, the traditional retroactive approach to security auditing has become insufficient against AI-enhanced cyberthreats to emerging technologies mainly due to: the lack of readily available security rules or models for auditing, need for a continuous security guarantee for the dynamic nature of those technologies, privacy concerns associated with data sharing, and resource constraints for conducting auditing in several technologies (e.g., IoT). The proposed research program seeks to defend against this new paradigm of AI-enhanced cyberthreats and build proactive security auditing solutions that can be applied to cloud and IoT systems. Our short-term objectives are to build techniques to: (i) derive actionable security rules and models for auditing by understanding AI-enhanced threats, (ii) proactively prepare for potential security breaches so that our auditing solution can prevent a breach at runtime, and (iii) overcome resource constraint and privacy concerns by distributing the auditing workload. In pursuit of these objectives, the proposed research will first build an automated technique to learn security rules from both high-level security standards and AI-enhanced cyberthreats. Second, it will develop a proactive approach that conducts auditing on predicted future changes as well as derived capabilities (i.e., what actions a component can perform) of each component in a system. Finally, it will devise a distributed and lightweight auditing technique that clusters similar components and then locally conducts auditing on each cluster. In summary, the proposed research will help advance the field of cybersecurity for cloud and IoT systems, especially against newer and stronger adversaries with AI capabilities, and provide the Canadian industry with implementable solutions in the near future with the ultimate aim of ensuring proactive security for emerging technologies.

人工智能（AI）为我们的生活带来了许多革命性的变化，特别是通过其对云计算和物联网（IoT）等新兴技术的直接影响。这种数字化转型也正在迅速改变网络安全格局。例如，据报道，当今复杂的云计算和物联网系统存在各种实施缺陷和错误配置，对手经常利用这些漏洞通过将人工智能的力量武器化来制造复杂而强大的网络攻击。因此，这些制度的透明度和问责制往往令人怀疑。为此，安全审计（验证系统的安全性）可能是一个很有前途的解决方案，因为它多年来一直是业界的热门选择。然而，传统的追溯性安全审计方法已经不足以应对新兴技术的人工智能增强的网络威胁，主要原因是：缺乏现成的安全规则或审计模型，需要为这些技术的动态性质提供持续的安全保证，与数据共享相关的隐私问题，以及在几种技术中进行审计的资源限制（例如，物联网）。拟议的研究计划旨在防御这种新的AI增强型网络威胁模式，并构建可应用于云和物联网系统的主动安全审计解决方案。我们的短期目标是建立技术：（i）通过理解AI增强的威胁来获得可操作的安全规则和审计模型，（ii）主动为潜在的安全漏洞做好准备，以便我们的审计解决方案可以在运行时防止漏洞，以及（iii）通过分配审计工作量来克服资源限制和隐私问题。为了实现这些目标，拟议的研究将首先建立一种自动化技术，从高级安全标准和人工智能增强的网络威胁中学习安全规则。其次，它将制定一种积极主动的方法，对预测的未来变化以及衍生能力（即，组件可以执行什么动作）。最后，设计了一种分布式的轻量级审计技术，将相似的组件聚集在一起，然后在每个集群上进行本地审计。总之，拟议的研究将有助于推进云和物联网系统的网络安全领域，特别是针对具有人工智能能力的更新和更强大的对手，并在不久的将来为加拿大行业提供可实施的解决方案，最终目标是确保新兴技术的主动安全。