American Journal of Research, Education and Development 2 ISSN 2471-9986 2019/4
American Journal of Research, Education and Development 3 ISSN 2471-9986 2019/4 CONTENT Application possibilities of decentralizitaion and blockchain technology using computer vision and atificial intelligence in defense management, military and police organizatons Viktor Dénes Huszár; Imre Négyesi National University of Public Service, Hungary IoT attacks and recommendation for protection solutions András Tóth; Péter Török National University of Public Service, Hungary Artificial Intelligence in cyberspace 2. Realizing cyber attacks with AI Fehér András National University of Public Service, Hungary
American Journal of Research, Education and Development 4 ISSN 2471-9986 2019/4 Application possibilities of decentralizitaion and blockchain technology using computer vision and atificial intelligence in defense management, military and police organizatons Viktor Dénes Huszár; Imre Négyesi National University of Public Service, Hungary Abstract Military science has faced new challenges in the end of the 20th century with the emergence of the Internet. Challenges and threats to traditional security got a new interpretation with a new concept as cybersecurity, which leads to an organic transformation of military engineering and IT. As the Internet has fundamentally changed the way the world works, new technologies have emerged on the network that can revolutionize the multitude of industries. Such innovation is Distributed Ledger Technology (DLT) and Blockchain Technology supplemented with Artificial Intelligence and machine vision. The potential uses of the block chain represent a multitude of military technical scientific challenges. The technology makes it possible to co-operate freely with cryptographic procedures on distributed networks without state control, but can also serve military and defense management purposes. Keywords: decentralization, blockchain technology, machine learning, artificial intelligence
American Journal of Research, Education and Development 5 ISSN 2471-9986 2019/4 Introduction Information technology is constantly evolving and transforming. As early as 1995, Christensen highlighted the importance of \"disruptive\" innovations that can affect the overall operation of companies, governments [1]. Floppy disk, CD, internet were all such innovations. However, on the ubiquitous information network a revolutionary innovation appeared based on blockchain technology [2]. Most people identify the technology with bitcoin cryptocurrency, but it is much more than a new currency. The blockchain is clearly a disruptive technology that changes the way the world works in economic, legal and, above all, IT terms [3]. It will have a significant impact on IT systems, but less attention has been paid to the opportunities and dangers of the blockchain in defense administration. Problem identification The potential applications of the blockchain raise numerous military technical scientific issues. The technology allows voluntary, distributed networks to be cryptographically deployed in a robust manner, without state control. In addition to banking systems, virtual money and the development of Smart Contract [4], real estate sales, exchange of assets and movable property are also emerging. However, military applications are even more interesting, as data security must be a priority in defense administration and in the daily communication of authorities. For blockchain-based military use [5], there are several scientific problems depending on the protocol. The need for a centralized data storage and uncontrolled security management system should be explored for the efficient use of resources. The problem extends to the artificial isolation of such system and the military risks of „awaking” machine-learning or programmed artificial intelligence. Science should investigate how data security, data integration, and isolation of the artificial intelligence decision-making environment and the framework for authorization levels can be achieved in such an automated distributed network-based military environment. Currently, due to centralized data storage and central control, breakable data communication between departments is a major problem. The most important aspect in terms of the degree of vulnerability is the activity of the user or the organization and - closely related to this - the value of their data. Particularly popular targets of attackers are financial institutions and organizations dealing with state or official secrets [6]. Blockchain technology also raises the issue of user profiling. The problem is that the long- term use of the blockchain may allow monitoring of user behavior and the use of profiling. The
American Journal of Research, Education and Development 6 ISSN 2471-9986 2019/4 Authority is of the opinion that this issue can only be judged on the basis of a full knowledge of a specific system, the personal data it processes and the related data processing operations [7]. Reducing illegal activities through appropriate regulation when switching from traditional means of payment to cryptocurrency may be an interesting issue for national defense. It is easier to filter the purpose of the cash flow so that no illegal drugs or weapons can be obtained with cryptocurrency payment. One side says that blockchain and cryptocurrencies like bitcoin are of course completely public, but they have to be anonymous. On the other hand, the argument is that the analysis of public blocking needs to be coupled with banks and KYC processes (which are increasingly propagated by regulators) to allow the identification and exclusion of prohibited operators [8]. In the case of image analysis, the data structure changes: images become image descriptions. Shape recognition uses image descriptions to create object classes. Finally, the purpose of computer vision is to create three-dimensional models based on images or videos [9]. This requires processing, analysis, and recognition, both of which require high computing power, so current image analysis methodologies are often slow and do not operate in real time. Already in 2013, all mining computers had a combined computing capacity of 250 times the capacity of the 500 largest supercomputers [10], and the mining community's aggregate consumption in 2017 was higher than the average annual electricity demand of 159 countries [11]. It is legitimate to use blockchain-based technologies to help machine vision, thus reducing expensive hardware and resource requirements. The price of the Zalaegerszeg (Hungary) automotive test track, which is under construction, shows how expensive the implementation of innovative machine vision based R&D results is [12]. For this reason, in this article, I present the background of blockchain technology, the advantages and disadvantages of decentralization, and the applications that have already been implemented or are under development. Blockchain technology Blockchain in IT is a distributed data storage approach, a kind of distributed database that stores a list of sorted entries organized into ever-growing blocks. Each block contains a link to the preceding block on each node that stores the block chain. A basic feature of blockchain systems is the storage of blockchain nodes in all sorted entries and agreeing on the current state using a consensus approach. This approach to distributed storage has been made well known and popular in Bitcoin's distributed \"cryptocurrency\" system, but today many systems exist and are under development which follow the same principle but differ fundamentally from bitcoin in their purpose
American Journal of Research, Education and Development 7 ISSN 2471-9986 2019/4 and key technology. However, these systems are collectively referred to – not very precisely – as blockchain technology. Many people believe that Blockchain technology will be the next technological revolution [13] that will impact our lives at least as well as the Internet. It will affect, for example, the financial sector but also artificial intelligence. The importance of blockchain - distributed fault tolerance, seamless transaction - has already been recognized by the industry and research is under way on how to possibly migrate various existing systems to a blockhain basis, in whole or in part. It is worth considering blockchain-based technologies as implementing a distributed ledger [14]. In the context of blockchain technologies, the ledger is an entry repository where entries can be stored and cannot be modified once they are in the repository (this ledger may also have a narrow \"ledger\" semantics depending on the blockchain technologies and their application, but this is not nearly a regularity). Blockchain technologies implement distributed ledger by keeping it in sync with nodes in the distributed network, which can be geographically distant or owned by different companies, so each node has its own equivalent copy of the ledger. Any changes to the ledger - and the rest of the nodes in the network agree - will appear within minutes on other nodes, even seconds on some solutions, and will allow any trusted central monitoring body to access the information stored in the entries, without involving its internal processes and rules [15]. The ledger is maintained by distributed network nodes - based on some sort of consensus algorithm - that heavily use cryptography to store and verify transactions. This allows the network to remain functional even with a large number of defective nodes, provided that the number of defective nodes is below the maximum number of defective nodes. IT knows and applies a great deal from the distributed consensus algorithm or, more generally, from the distributed consensus protocol. In a given application context, the selection of the consensus protocol is influenced by factors such as hypothesized failure modes, maximum system size, consensus response time, and synchronization requirements. Accordingly, it is not surprising that different blockchain technologies also use a number of different consensus protocols. However, what is common in blockchain technologies is that the problem of distributed consensus is addressed by some protocol.
American Journal of Research, Education and Development 8 ISSN 2471-9986 2019/4 ... (N)th • Hash of the block (N-1)th block • Timestamp • Transactions (N+1)th • Hash of the block (N)th block • Timestamp • Transactions (N+2)th • Hash of the block (N+1)th block • Timestamp • Transactions ... Figure 1. Structure of blockchain Almost independently of blockchain technology, the blockchain has a common structure. In a sense, blockchain is a transaction log (journal) whose entries are stored in blocks in a strictly chronological order. As shown in Figure 1, these blocks are time-stamped and identified by some suitably selected cryptographic hash. Each block contains a reference to the block preceding it. In this way, the blocks are organized into a backward-chained list, which, at worst, can be processed from the first block to clearly determine the current state of the distributed database (of course, when there is consensus between nodes on the blockchain). If the consensus protocol is \"strong\", then it is not possible to change or delete an earlier operation without the client that is aware of enough nodes in the system to notice it. The decentralized nature of blockchain technology (Figure 2) means that it does not rely on a central entity, a checkpoint. The lack of authority makes the system fairer and more secure. The way in which data is recorded on the blockchain reflects the value of decentralization [16]. Instead of relying on a central authority to secure transactions with other users, blockchain uses innovative consensus protocols on the node network to authenticate transactions and record data in an unbiased manner. Thus, the blockchain is not stored by a central data controller, but practically all users store it on their own computers.
American Journal of Research, Education and Development 9 ISSN 2471-9986 2019/4 Figure 2. Representation of different (centralized, distributed, decentralized) systems [17] Blockchain technology is also extremely useful in national defense applications. I have collected applications of this kind in which blockchain has an operational and support role. Computer Protection: Data Integrity Cybersecurity is the closest low-cost but high-paying application of blockchain technology. Blockchain technology is independent of secrets and trusts, just like the previous systems based on it. Blockchain retains its credibility in two ways. First, it ensures that digital events are widespread and transmitted to other nodes in the network. Then, by consensus, these events are entered into databases that can never be modified by a third party. In addition, blockchain enhances the perimeter security strategy of computer security, not by keeping walls, but by constantly monitoring walls and all information inside. The increasing complexity of modern systems, including weapon systems, makes vulnerability more likely and less perceptible. A typical American warship, like an Arleigh Burke-class destroyer, combines more than ninety missile launchers with its radar systems, two independent Phalanx defense systems and six torpedo launchers, not to mention many other weapon systems. [18] The challenge is for all these combat systems to work together. The secret to the success of the US Navy is system integration, which is currently being implemented by the Aegis Combat System. This is a centralized command-
American Journal of Research, Education and Development 10 ISSN 2471-9986 2019/4 and-control (CCS) system that establishes a proper connection between sensors and weapons, just as a boxing brain connects eyes and fists. But centralization is the weak point, when the brain shuts down, the whole system fails. That is why the blockchain can be used. The Navy can use a blockchain database architecture to structure its next-generation combat systems around decentralized decision nodes. This speeds up fire control, thereby (greatly) improving survival. Artificial intelligence processors loaded into different weapon systems can coordinate their activities and verify that they are working from the same data. In the 20th century, processing power was expensive, but data was cheap. That is why, in 1969, it made sense to centralize on-board decision-making in a single Aegis brain. Today, processing power is cheap and data is more expensive. Therefore, twenty-first century naval combat systems are likely to use blockchain technology [19]. Supply chain management Many industry organizations are working to use blockchain technologies in supply chain logistics and management. There is increasing concern about security systems supply chain management, which is increasingly using commercial off-the-shelf (COTS) [20] components for embedded software systems. The problem is that these components may contain intentional vulnerabilities that the opponent can exploit at the time of his choice. This threat has been made sensational by the novelty of Ghost Fleet, in which China has banned the entire fleet of F-35 aircraft by deliberately embedded commodity circuit board error [21]. Blockchain offers a solution that tracks the life of every circuit board, processor, and software component from production to user. The card design company can use blockchains to log the design iteration of each circuit. Manufacturers may report all models and serial numbers of each card manufactured. Finally, distributors can announce the sale of circuits to system integrators, who can log the distribution of circuits to a particular aircraft assembly, etc. In this context, blockchains maintain a permanent record of transfers of assets between owners, thereby creating a derivative. Many weapon systems are designed with a life span of 30 years or more. However, the computing technologies used by these systems have rarely been made for more than a decade. As a result, replacing obsolete parts becomes more difficult over time. Furthermore, in several countries, it is prohibited by law to use a component whose origin cannot be ascertained. Loss of ownership makes some parts unusable, even if they are functional and in high demand. This would give the
American Journal of Research, Education and Development 11 ISSN 2471-9986 2019/4 resellers an economic incentive to track their identified off-the-shelf commercial components in a block to retain their origin, which in turn adds value. Decentralized technologies are not dealt with separately in the Hungarian Defense Forces, but international research and development is already underway. However, NATO's C4ISR and the US Department of Defense (DARPA - DoD) have already launched their own blockchain programs [22], developing a secure, decentralized messaging application for the military under the name SBIR 2016.2. Flexible communication Bitcoin uses a peer-to-peer messaging model that delivers every message to every active node in the world in seconds. All nodes in the Bitcoin network contribute to this service, including smartphones. If a node's terrestrial, wireless, or satellite Internet service is interrupted, a bitcoin message can be sent through alternative channels such as high-frequency radio, fax, or even barcode- based and manually. Upon receipt, the service node checks the message and forwards it to each associated participant. Nodes can independently aggregate messages into new blocks [23]. Finally, the consensus mechanism ensures that invalid messages and blocks generated by rogue operators are ignored. Together, these protocols ensure that the traffic of authenticated messages can be reliably relayed anywhere in the world, even though communication paths, individual nodes, or the blockchain itself are attacked. Cyber superiority is not individually maintained by the nodes, but the network system can be kept controlled with current and expected data [24]. Machine learning and artificial intelligence The Maven project has been running since April last year. The program, called the Algorithmic Warfare Cross-Functional Team (AWCFT), is designed to scan machine-generated digital photos and videos of drones with machine learning, as well as blurred patches of cancer on x- rays or skin lesions [25]. In this case, the task is to identify objects in the still and motion pictures, such as cars. The amount of footage that drones carry is so large that human analysts can no longer cope. That is why artificial intelligence is being used for this purpose, which, thanks to machine learning, will be better at recognizing and classifying objects. For many years, artificial intelligence [26] has been more effective than humans. Today, at least 90 countries have drones, including 16 armed drones, including many non- state groups. Many of them are not very sophisticated in robotics, but most are remotely controlled.
American Journal of Research, Education and Development 12 ISSN 2471-9986 2019/4 Autonomy is becoming increasingly apparent in the management of different vehicles. For example, the Guardium, developed by G-NIUS, is an Israeli unmanned ground vehicle (UGV) used for combat and defense along the Gaza border. The vehicle is self-propelled, but people are responsible for the weapons on it. Paul Scharre (US Security Expert) also believes that Artificial Intelligence applications do not require major modifications to military tasks and can be integrated into weapon systems just as easily as civilian solutions [27]. Combining the planned camera system [28] with blockchain and artificial intelligence would be really effective. To do this, we should also take advantage of machine vision enhancements using image recognition and image analysis. This would make it easier to prevent terrorist or other crimes and to perform other national security tasks. Identifying crimes and persons wanted would not require so much time and resources. Countries with limited financial and infrastructural resources (like Hungary) realised the need to develop information operation developments. Such a system could be a cost efficient implementation to increase crime prevention performance. Conclusions Blockchain technology reverses the computer security paradigm. First of all, it is reliable because both internal and external users have to compromise on the network. Second, it is transparently secure and does not rely on malfunctioning nodes, but rather on a cryptographic data structure that makes manipulation extremely complex and immediately apparent. Finally, blockchain networks are fault tolerant, coordinate trusted nodes, and reject untrusted ones. As a result, blockchain networks not only reduce the likelihood of failure, but also significantly increase the cost to the enemy to reach. Decentralized blockchain technology is only a decade old. This means that its full potential is currently unknown. Accordingly, it is recommended to develop organic expertise in blockchain technologies within the Central Defense Management Authorities. It is worth looking for partnerships with the industry to develop synergies for the development of blockchain-based technologies and the mutual benefits they bring.
American Journal of Research, Education and Development 13 ISSN 2471-9986 2019/4 REFERENCES [1] BOWER, J. L., CHRISTENSEN C. M.: Disruptive Technologies: Catching the Wave. Harward Business Review, 1995 Január-Február. [2] HABER, S., STORNETTA, W. S.: How to time-stamp a digital document. Journal of Cryptology. 3 (2): 99– 111., 1991 Január. doi:10.1007/bf00196791. [3] Blockchains: The great chain of being sure about things. The Economist. 2015. október 31. [4] SZABO, N.: Formalizing and securing, Relationships on public networks. First Monday, Volume 2, Number 9, 1997. szeptember 1. [5] NÉGYESI I.: Informatikai rendszerek és alkalmzások a védelmi szférában, Informatika Korszerű Tedhnikái Konferencia 2010 konferencia-kiadvány, pp. 1-10., Dunaújvárosi Főiskola, 2010, ISBN: 9789639915381 [6] FOLLÁTH J., HUSZTI A., PETHŐ A.: Informatikai biztonság és kriptográfia, A veszélyeztetettséget befolyásoló tényezők. Kempelen Farkas Hallgatói Információs Központ, 2011. [7] PÉTERFALVI, A.: A Nemzeti Adatvédelmi és Információszabadság Hatóság állásfoglalása a blokklánc („blockchain”) technológia adatvédelmi összefüggéseivel kapcsolatban, 2017. július 18. [8] CUEN, L.: Most Crypto Exchanges Still Don't Have Clear KYC Policies: Report. CoinDesk, 2019 május 27. [9] DMITRIJ, Cs.: Digitális képelemzés alapvető algoritmusai, ELTE, 2015. [10] COHEN, R.: Global Bitcoin Computing Power Now 256 Times Faster Than Top 500 Supercomputers, Combined!, Forbes, 2013. november 28. [11] WILLIAMS-GRUT, O.: The electricity used to mine bitcoin this year is bigger than the annual usage of 159 countries, Business Insider, 2017. november 27. [12] Mintegy 40 milliárd forintból épül járműipari tesztpálya Zalaegerszegen, Autószektor, 2016. http://www.autoszektor.hu/hu/content/mintegy-40-milliard-forintbol-epul- jarmuipari-tesztpalya-zalaegerszegen (Letöltve: 2019. január 15.) [13] TAPSCOTT, D., TAPSCOTT A.: Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the World. Penguin, 2016 [14] KAKAVAND, H., De SEVRES N. K.: The Blockchain Revolution: An Analysis of Regulation and Technology Related to Distributed Ledger Technologies. 2016. [15] PINNA, A., RUTTENBERG, W.: Distributed ledger technologies in securities posttrading revolution or evolution? ECB Occasional Paper, 2016. 172. sz. [16] BUTERIN, V.: A next-generation smart contract and decentralized application platform. Ethereum white paper, 2014. p. 6. [17] DWYER, G. P.: The Economics of Bitcoin and Other Private Digital Currencies. University of Carlos III, Madrid, ECO 2010-17158 Project, 2014. p. 2. [18] MaidSafe: Evolving Terminology with Evolved Technology: Decentralized versus Distributed, Medium, 2015. december 4.
American Journal of Research, Education and Development 14 ISSN 2471-9986 2019/4 [19] Naval Technology: Arleigh Burke-Class (Aegis) Destroyer, https://www.naval-technology.com/projects/burke/ [20] NÉGYESI I.: Die überprüfung der voraussetzungen von COTS systemen, Hadmérnök VII. évf. 2. szám, pp 371- 376, 2012, ISSN 1788-1929 [21] BABONES, S.: Smart 'Blockchain Battleships' Are Right Around the Corner. The National Interest, May 17, 2018. https://nationalinterest.org/feature/smart- battleships-are-right-around-the-corner-25872 [22] THATCHER, C.: Technology’s dilemmas: Are we wired to respond? Vanguard, 2015. május 11. [23] MALIK, A. A., MAHLBOOB, A., KHAN, A., ZIBAIRI, J.: Application of Cyber Security in Emerging C4ISR Systems. Crisis Management: Concepts, Methodologies, Tools, and Applications, 2013, pp. 1705-1738. doi: 10.4018/978-1-4666-4707-7.ch086 [24] SWAN, M.: Blockchain - Blueprint for a new economy, ch.6., O’Reilly, 2015. [25] ZS. HAIG: Connections between cyber warfare and information operations, Academic and Applied Research in Military Science, VIII. évfolyam. 2009/2. 329-337. o. ISSN 1788-0017 [26] Négyesi Imre: A mesterséges intelligencia és a hadsereg, Hadtudomány XXIX. évf. 3. szám, pp 71-79, 2019, DOI 10.17047/HADTUD.2019.29.3.71 [27] BERTA, S.: Maven projekt - a Google könnyen pótolható, Sg.hu, 2018. június 6. [28] SCHARRE, P.: Killer Robots and Autonomous Weapons With Paul Scharre, Podcast, 2018. június 1. https://www.cfr.org/podcasts/killer-robots-and-autonomous -weapons-paul-scharre
IoT attacks and recommendation for protection solutions András Tóth; Péter Török National University of Public Service, Hungary Abstract: The Internet of Things (IoT) implies billions of different smart devices and equipment such as sensors, cameras, industrial components, cars and other every day used objects using wireless technologies to connect to the Internet. They transform the way of our life, our work, our communication and daily routine. The expansion of the IoT has led to several different appliances in the medical, civil, marine, military and domestic domains. In all of these domains there is one common requirement and challenge, which is the security. In the past few years there were several hacking activities against IoT devices, as a result of them they were infected and worked as bot clients, and caused huge issues in different industrial and non-industrial networks and systems with for instance distributed denial-of-service (DDoS) attacks. This paper shows a potential danger for military systems and environments which can be attacked by compromised IoT devices and how they can influence the information dominance. Keywords: IoT, security, network connected devices, ENISA
American Journal of Research, Education and Development 16 ISSN 2471-9986 2019/4 Introduction Information of things is a method for providing appliances for users to connect smart devises to the Internet. It means that these equipment and/or systems can be operated, monitored and controlled remotely. Unfortunately, the safety and integrity of these devices are still widely ignored, and there are more and more cases of them of being hacked and used as part of a botnet. Also problem that the people, who use smart homes, smart vehicles or intelligent automotive, do not have adequate security awareness or information security knowledge, so their devices easily can be potential targets for cyber attackers. In the last few years the attackers realized this, and they executed sophisticated attacks against IoT appliances. Daniel Markuson, the digital privacy expert at NordVPN, said: “Things that were once the plot for a science fiction movie, such as household appliances being hacked and turned against humanity, now became a reality. IoT hacking can be extremely effective, producing DDoS attacks that can cripple our infrastructure, systems, and way of life…“ “If you have multiple devices connected to the same network in your home or office, and a hacker gets access to one device, they could break into all of them.” A good example is the Dyn cyberattack gathered the connective devices to install within smart cities and gathered them as botnets i.e. Zombie Army through middleware known as Mirai in 2016. According to an Intel report from 2016, the number of the IoT objects can reach the 200 billion in 2020. It means that the number of the attacks can be also growing, and our systems may be in much greater danger. In my research I focus to the vulnerabilities and potential threats of the IoT devices and networks. I show three type of IoT attacks, and analyze the recommendations to prevent and react these attacks. IoT devices and potential attacks Over the Internet [1] now we can easily use and control our smart devices like smart televisions, cars, refrigerators, routers, cameras, rice makers, baby monitors etc. IoT technology. The IoT communication technologies has evolved from machine-to-machine (M2M) communication. The M2M communication means the technology that connects machines that are distant from one another using software controlled wired or wireless connections to allow machines, sensors, and controllers to communicate.
American Journal of Research, Education and Development 17 ISSN 2471-9986 2019/4 Picture 1: Evolution from M2M to IoT (Source: https://iot.xtendbusiness.com/technology/difference-iot-m2m/) M2M and IoT together can be very beneficial to our devices and networks to send and receive information to/from the cloud or client system. But unfortunately, the bigger our network spreads, the more vulnerable it becomes. [2] As I mentioned above, according to an Intel report there will be about 200 billion IoT objects in the world’s networks. It can cause a big vulnerability for our everyday life, for businesses, governments and militaries. Recently there were some IoT hacks which demonstrate the current vulnerabilities in IoT. IP cameras More and more cameras have been put up inside/outside of homes, offices, shops, companies etc. for peace of mind. Yet, a camera that’s constantly sending footage over the Internet can become a security disaster if outsiders gain access to it. These cameras are usually unsecured do they are a favorite target of hackers, hoaxers and voyeurs. They can have easily access to live video streaming everywhere in the world among the massive global network of unsecured cameras. Usually the hacked cameras and webcams feeds are streamed in dedicated websites. [3] One example for a hackable flaw is the Devil's Ivy, a vulnerability in a piece of code called gSOAP1. It is widely used in physical security products, potentially allowing faraway attackers to fully disable or take over thousands of models of internet-connected devices from security cameras to sensors to access-card readers. This vulnerability is used by the Rube Goldberg Attacks, and in these attacks the following steps are used: 1 gSOAP: it offers a type-safe and transparent approach to develop XML applications that has proven to be quicker to develop (by auto-coding), safer (by XML validation and type-safety), more reliable (by auto-generation of XML test messages and warnings), and higher performing (by efficient sterilizers and XML parsers generated in C/C++)
American Journal of Research, Education and Development 18 ISSN 2471-9986 2019/4 the Senrio attack starts by targeting a security camera that is vulnerable to an inveterate IoT bug known as Devil’s Ivy; the attacker finds such a vulnerable camera that’s on the public internet to start the attack; the attackers uses the Devil’s Ivy exploit to factory reset the camera and take over root access, giving them full control over it. once the attacker has taken over the camera, they can view the feed; with a compromised camera, the attacker can find out the router’s IP address and its model number to help determine whether it has any vulnerabilities; once the attacker can control the router and change network rules; since an attacker would have access to the live video feed coming from the IP camera, they could watch, say, a corporate building’s front door from inside, showing the entryway from behind the front desk. Even if the feed is too blurry for an attacker to read what’s on a receptionist’s screen, they can still analyze the employee’s keystrokes as they type—and perhaps make out general shapes on the screen to determine what services they are accessing—and begin to pull out credentials. Exploiting an IP camera not only gives an attacker a toehold on a network, it also gives them a literal video feed inside the company. [4] TRENDnet marketed their SecurView cameras as being perfect for a wide range of uses. They provided home security cameras including baby monitors as well. According to a report from the United States Federal Trade Commission (US FTC) these cameras were hacked, and anyone who was able to find the IP address of any of these devices could easily look through it, and sometimes the attackers were also able to capture audio. The US FTC said: „TRENDnet marketed its SecurView cameras for various uses ranging from home security to baby monitoring and claimed they were secure. However, they had faulty software that let anyone who obtained a camera's IP address look through it -- and sometimes listen as well. Further, from at least April 2010, TRENDnet transmitted user login credentials in clear, readable text over the Internet, and its mobile apps for the cameras stored consumers' login information in clear, readable text on their mobile devices” [5][6] We can read an announcement on the TRENDnet’s webpage, that upon awareness of the TRENDnet IP camera hack in 2012, they immediately initiated every effort to respond to and resolve the hack. They immediately released updated firmware which eliminated the published hack for related product models. Product shipments were stopped and corrective firmware updates were performed for all affected models.
American Journal of Research, Education and Development 19 ISSN 2471-9986 2019/4 That was one of the best solutions to avoid further potential attacks, and make safer the hacked cameras. But unfortunately, there are several types of cameras and webcams, in which the firmware is not updatable, so if there is a bug in their firmware it will be open always for the attackers. These cameras are the most potential targets for the IoT attacks. [7] IoT toys IoT toys, also called internet-connected toys, can collect, use, and share information via the Internet, and they are connected to an online server or platform. IoT toys are designed for a child’s entertainment, development, and education. All of these toys connect to the Internet either directly or indirectly: Wi-Fi is used for direct connections to wireless access points; Bluetooth is used for indirect connections by connecting at toy to an Android or iOS device that has access to the Internet. The Internet connection gives for the toys many capabilities to interact with children, this key feature of them also raises many privacy and security concerns. Moreover, a toy’s connection to online servers or platform appears to be an easy target for cyber attackers. [8] In 2017, the FBI published a public service announcement for consumer to notice that the Internet-connected toys could present privacy and contact concerns for children. They wrote: „Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions. These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.” „The cyber security measures used in the toy, the toy’s partner applications, and the Wi-Fi network on which the toy connects directly impacts the overall user security. Communications connections where data is encrypted between the toy, Wi-Fi access points, and Internet servers that store data or interact with the toy are crucial to mitigate the risk of hackers exploiting the toy or possibly eavesdropping on conversations/audio messages. Bluetooth-connected toys that do not have authentication requirements (such as PINs or passwords) when pairing with the mobile devices could pose a risk for unauthorized access to the toy and allow communications with a child user. It could also be possible for unauthorized users to remotely gain access to the toy if the security measures used for these connections are insufficient or the device is compromised.” [9] The main vulnerabilities of connected toys usually lie in the following:
American Journal of Research, Education and Development 20 ISSN 2471-9986 2019/4 insecure communications and/or Internet connections; hardware and firmware bugs; software weaknesses; lack of authentication or its weaknesses; improper protection of collected data. Network-connected printers For many organizations, their cyber-attack surface area is increasing as connected IoT endpoints proliferate. These include both legacy and the new breed of smart printers and multifunction printers (MFPs). Successful hacks of printers have allowed hackers to siphon off the printer’s memory to access print jobs containing sensitive information like confidential reports, contracts, and patient information. The security threat from print devices is like that of any network- attached device, all of which are increasingly referred to as IoT devices. There are three main IoT related threats: 1. The device may be used as a network ingress point. In many cases printers may be poorly secured, firmware does not get updated and access credentials are easily compromised, for example because defaults are never changed or because access is shared between multiple administrators. 2. Second, sabotaging IoT devices may be an easy way to target and disrupt an organization’s business processes. 3. Thirdly, IoT devices, including printers, may be recruited to botnets which are then used to perpetrate DDoS and other attacks that can benefit from access to lots of free processing power. [10] In 2017, roughly 150,000 internet-connected printers across the world began spitting out ASCII art and messages informing their owners that their machines were \"part of a flaming botnet.\" The attack was called \"Stackoverflowin\", and a variety of popular printer brands have been affected. The attacker used the LPD protocol (port 515), IPP (port 631), and raw print jobs on port 9100, which ports were open and the users did not change the admin password of devices.
American Journal of Research, Education and Development 21 ISSN 2471-9986 2019/4 Picture 2: The Stackoverflowin message (Source: https://nexusconsultancy.co.uk/blog/printer-part-flaming-botnet/) From the above mentioned IoT hacks we can see that the IoT devices can be very vulnerable especially when the users' security awareness is inadequate. Usually it would be enough to avoid the attacks if the users use security setups on the devices to reduce the vulnerability which are typically the following: weak, guessable passwords; insecure default settings; insecure or outdated components; insecure network services, data transfer and storage; insecure ecosystem interfaces; lack of secure update mechanisms, device management, physical hardening; insufficient privacy protection. When our equipment or system has one or more of these vulnerabilities, we can be easily a victim of an IoT attack. It happened in 2016, when the Mirai botnet appeared and spread. Mirai is a malware that infected IoT devices and corralled them into a DDoS botnet. Mirai scans for telnet, and then uses the pre-configured credentials with 61 username/password combos that are frequently used as the default for these devices and never changed. With the credentials the attackers attempted to
American Journal of Research, Education and Development 22 ISSN 2471-9986 2019/4 brute-force access to the device – which could be IP cameras, DVRs, routers or other connected hardware. When one device was infected it immediately started to scan the Internet in search of other exposed IoT devices to compromise. In a very short time Mirai grew a peak of 600k infections and was largest DDoS attacks in history with 620 Gbps speed. To reach these, there were two main components to Mirai. The first was the virus itself and the second was the command and control center running on. The virus contained the attack vectors, the Mirai had ten vectors that it could launch, and a scanner process that actively seeked other devices to compromise. The CnC was a separate image that controlled the compromised devices (BOT) sending them instructions to launch one of the attacks against one or more victims. The attack was conducted against Dyn, the largest DNS providers in the world, it attack was devastating and created disruption for many major sites, including AirBnB, Netflix, PayPal, Visa, Amazon, The New York Times, Reddit, and GitHub. Picture 3: Working methods of Mirai botnet (Source: https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy- servers.html)
American Journal of Research, Education and Development 23 ISSN 2471-9986 2019/4 As we can see the IoT promises to change our everyday life, but at the same time, it poses severe security risks. Therefore, we should stay aware and learn how to protect devices against cyber- attacks. ENISA2’s recommendations In 2017, the ENISA published a study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. The aim of the document is to provide security requirements of IoT, mapping critical assets and relevant threats, assessing possible attacks and identifying potential good practices and security measures to apply in order to protect IoT systems. It also contains detailed recommendations such as: promote harmonization of IoT security initiatives and regulations; raise awareness for the need for IoT cybersecurity; define secure software/hardware development lifecycle guidelines for IoT; achieve consensus for interoperability across the IoT ecosystem; foster economic and administrative incentives for IoT security; establishment of secure IoT product/service lifecycle management; clarify liability among IoT stakeholders. [11] In the beginning of this year, ENISA released “Your must-have IoT security checklist” with an online tool aimed at guiding IoT operators and industries of IoT and Smart Infrastructure when conducting risk assessments. The tool specifies the key points of security what the users, organizations, industries must focus when implementing IoT, and makes comparisons between different IoT sectors. The key points are the following: What are the threat groups from which you want to protect your organization? What are the security domains you want to cover? What security measures categories are you looking for? Which security standards and best practices would you like to take into account when securing IoT in your organization?
American Journal of Research, Education and Development 24 ISSN 2471-9986 2019/4 In the good practice tool everybody can find the necessary security measures, the security domains and threat groups which are affected, and the specific standards which can be used. The recommended measures: authentication and authorization; cryptography; data protection and compliance; secure interfaces and network services, software / firmware updates, input and output handling; secure and trusted communications; system safety and reliability; hardware security; management of security vulnerabilities and/or incidents; access control - physical and environmental security; human resource security training and awareness; monitoring and auditing; logging. [12] Using these recommendations the risk of a possible attack can be decreased, but most of them require to employ highly qualified, well-trained information security specialists. In the smart homes the average users will not be able to setup, install and use the above mentioned tools, so they can still be potential targets for attackers. Conclusion In the last few years the number of IoT devices increased, and the usage of them widespread in our daily lives. Unfortunately, the safety and integrity of these devices are still widely ignored, and there are more and more cases of them of being hacked and used as part of a botnet. In the past years there were thousands and thousands attacks against IoT objects, and attackers could get information from individuals, companies or organizations. It also happened plenty of times when the hackers used the IoT equipment as bot armies to attack servers, webpages and service providers. We can find well prepared good practice documents and tools to prevent these attacks. Unfortunately these recommendations can be adopted and used just by specialist inside an organization, they cannot solve the problem for individual average users. They are not well-prepared
American Journal of Research, Education and Development 25 ISSN 2471-9986 2019/4 to for instance closed ports on routers, printers, use cryptography tools, or secure interfaces and network services. As I see it is needed to lay the foundations of the mandatory protection solutions that manufacturers must incorporate into their products worldwide, so the users cannot buy IoT devices with the issues that the software and firmware what they use are not updateable, the communications among the equipment not secured and trusted. It should be also mandatory to lay down the legal and regulatory environment in national and international level to save the individuals, the organizations and the government against the cyber-attacks using the weakness of the IoT objects.
American Journal of Research, Education and Development 26 ISSN 2471-9986 2019/4 REFERENCES [1] NÉGYESI I.: CHANGING ROLE OF THE INTERNET IN THE LIGHT OF AN INTERNATIONAL CONFERENCE, Hadmérnök III. évf. 3. szám pp 147-153, 2008, ISSN 1788-1919 [2] Cyber security challenges for IoT-based smart grid networks, International Journal of Critical Infrastructure Protection, Volume 25, June 2019, Pages 36-49, https://doi.org/10.1016/j.ijcip.2019.01.001 [3] FARKAS T.; HRONYECZ E.: The infocommunication system requirements and analysis of the communication of the deployable rapid diagnostic laboratory support „sampling group” II., Academic and applied research in public management science XIV:1, pp. 53-61., 2015 [4] NEWMAN L. H.: An Elaborate Hack Shows How Much Damage IoT Bugs Can Do, URL: https://www.wired.com/story/elaborate-hack-shows-damage-iot-bugs-can-do/ [5] ADHIKARI, R.: Webcam Maker Takes FTC's Heat for Internet-of-Things Security Failure, Sep 5, 2013, URL: https://www.technewsworld.com/story/78891.html [6] NÉGYESI I.: Az információgyűjtés jövőképe, Hadtudományi Szemle, I. évf. 3. sz., pp 95-100, 2008, ISSN 2060-0437 [7] AL-ALI, A. R., ABURUKBA, R.: Role of Internet of Things in the smart grid technology Journal of Computer and Communications, vol. 3, pp. 229–233, 2015. doi:10.4236/jcc.2015.35029. [8] BRYK A.: IoT Toys: A New Vector for Cyber Attacks, URL: https://www.apriorit.com/dev-blog/521-iot-toy- attacks [9] FBI Internet Crime Complaint Center (IC3): Consumer notice: Internet-connected toys could present privacy and contact concerns for children, URL: https://www.ic3.gov/media/2017/170717.aspx [10] FERNANDES L.: Global Print Security Landscape 2019, Quocirca report [11] ENISA: Baseline Security Recommendations for IoT, in the context of Critical Information Infrastructures, ISBN: 978-92-9204-236-3, doi: 10.2824/03228, 2017 [12] ENISA Good practices for IoT and Smart Infrastructures Tool, URL: https://www.enisa.europa.eu/topics/iot- and-smart-infrastructures/iot/good-practices-for-iot-and-smart-infrastructures-tool/results#IoT
Artificial Intelligence in cyberspace 2. Realizing cyber attacks with AI Fehér András National University of Public Service, Hungary Abstract The Artificial Intelligence (hereinafter called AI) technology, has many many uses. Here we introduce some concrete examples of AI-based cyber-attacks. In the first part of this article we look at the expected AI-based cyberattack directions, and in the third part we will look at AI cyber defense options. We show that since AI has become inevitable, the realistic and practical way of applying the technology in the Hungarian Defense Forces must be constantly reconsidered. Keywords:
AI-Based Cyber attacks In the previous section of this article, we reviewed the general information about AI technology and the methodology of the study series. There are seven ideas about the expected use of AI in cyberspace, which we will take a look at in a few words: As for asymmetric attacks, we have seen that AI multiplies the asymmetry of cyberspace so far. With the advancement of technology, the digital attack surface has increased, and the larger surface has the advantage of AI. So far, vulnerability management needs to be rethought by vulnerability databases. The very existence of AI can be exploited, since the AI-teaching dataset itself is a threat and its acquisition can cause serious damage. Attacks will be more sophisticated and personalized, and social engineering got wings by AI. Finally, we have mentioned that completely new methods based entirely on AI are expected to emerge and that AI will break through previously proven defenses. Below, we would like to give you some concrete examples for the last two points. These examples highlights the novelty and dangers of AI. Examples of brand new, entirely AI based methods Below we will illustrate two examples of the novelty of AI based cyberattacks. Both solutions are innovative in the area of AI hiding opportunities. “Deeplocker” is reminiscent of a sneaky, masked sniper with a painted face, who hands off the target. And the Czech-developed “swarm virus” resembles a species of killer wasp, that is able to become immune to the next generation of toxic spray applied to them. Deeplocker DeepLocker was developed by IBM Research [1]. In the laboratory, a new breed of malware has been created that combines several open source, thus easily downloadable AI models with known malware techniques. The aim was to be prepared for similar attack situations. This AI-based cyberattack tool of so-called “evasive attack”1 implements a new, “highly targeted” type. When Marc 1 Bypass techniques are techniques used by cyber attacks to mask malicious activity and hide it. Attacks traditionally use different workaround techniques to circumvent security layers (eg intrusion prevention systems, security web gateways, sandboxing, etc.). An attacker could use one or more bypass techniques (such as domain generation algorithms, slow communication, or random request paths). [15]
American Journal of Research, Education and Development 29 ISSN 2471-9986 2019/4 Ph. Stoecklin2 presented the results of the development at the 2018 Black Hat (USA) conference, he wanted to accomplish three things with his presentation. We can identify with these ideas. 1. Be aware that AI-based threats (such as DeepLocker) are coming up soon; 2. Demonstrate whether attackers are capable of creating malicious programs that may circumvent today's common defense capabilities; 3. Provide ideas for reducing risks and introducing appropriate countermeasures (discussed in Part Three of this article). IBM Lab malware exploits the power of AI in two ways: to identify the target and to hide it. In Deeplocker, the AI model uses pointers such as face recognition and voice recognition to identify a target, but the virus can also be activatied by position data3. Thus, the damage is activated only at a specific location and / or in the presence of a specific person. In a harsh resemblance: traditional pests reach the target like a flamethrower, destroying everybody, but the Deeplocker, like a hiding sniper. In fact, it is even more effective, because it can infect millions of systems at once without anyone noticing, and if the target is identified in any one of them, or if the infected device reaches a specific location, it comes in action. Based on these, it is clear that a very significant threat is such a targeted approach, both from the state-military and corporate point of view. One of Deeplocker's major novelties is its more efficient method of evasion (hiding). To understand this, let's review what this evasion means, how it has evolved to its present state. Bypass techniques were already used to circumvent the defenses in the 1980s viruses. From the 1990s, they encrypted the malicious part of their code, trying to prevent it from recognizing the threat4. By the 2000s, they were able to detect whether they were running in a virtual defense environment5. A May 2018 study [2] showed that 98% of analyzed malware samples use bypass techniques. However, the development of IT security is beginning to eliminate this method6. Thus, the attackers are leaning 2 The other two members of the research team were Dhilung Kirat and Jiyong Yang. 3 Note that in the model, a system type or a specific machine may be the trigger for 4 Against this, the security side has created virtual environments (also known as “sandboxes”) where it can be achieved without the consequence that the malware is activated. 5 A virtual security environment (sandbox) is a method of protection that activates the virus for testing, but cannot do any damage to our real system. 6 The main reason for this is that experts are no longer testing in a virtual environment, but on a so-called \"bare metal\", so the malicious program cannot find out that it is in a testing environment A megadott forrás érvénytelen.
American Journal of Research, Education and Development 30 ISSN 2471-9986 2019/4 towards another strategy: they will keep their malware hidden by targeting the attack. The malicious code is only downloaded or unpacked, so it is only executed if it finds the target “clean”. An early notorious example of this sniper method (2010) is the Stuxnet worm, which is programmed to be activated only in the presence of specific hardware and software configurations from a particular manufacturer7. However, this also requires some trigger, which the defending side was able to recognize. The protection program looked for lines of code like \"if this happens, then do that\" and the system was signaled, and the source of the problem could be found by professionals. Going back to DeepLocker: this trigger cannot find this trigger because it is encrypted just like the malicious code itself. The use of AI makes almost impossible to detect the existence of \"trigger conditions\". This is achieved by using a deep neural network (DNN). Thus, in order to overcome the defense, two main components must be carefully hidden: not only the so-called \"payload\" of the attack8 as before, but also the trigger condition(s). Technically, Deeplocker covers them with three layers: 1. The first layer hides what triggers the attack (face? voice? place? system?). The task of the layer is to hide the target type (the nature of the attack target: person, organization, hardware, software). 2. The second hides specifically who is targeted. The task of the layer is to hide the specific target (exactly target of who the attack is, or where it should occur, maybe all X machines must be destroyed, or just one specific device, etc.). 3. The third layer hides what is going to happen when an attack occurs. The task of this layer is to encrypt the malware, ie to disguise how the attack will be executed. 7 These specific systems in the case of Stuxnet were Iranian uranium enrichers, so a well-defined industrial control system 8 For a virus, the payload is obviously something malicious code,
American Journal of Research, Education and Development 31 ISSN 2471-9986 2019/4 Figure 1. The layers of DeepLocker (by the developer team) In DeepLocker, the AI model solves this camouflage, the neural network hides the three harmful layers as a black box. It only produces the trigger when all the expected circumstances come together - but it's too late to detect. In addition, this model can use so many attributes to identify the target, that it is impossible for code analysts to figure out what are the possible triggers, even knowing the AI model: someone’s face or other visual clues? Place? System Information? More things together? Therefore, the usual questions remain unanswered: what will the attack ever activate? And where can it be hidden? To overrun the theoretical plane, the following test was created. The known WannaCry virus (ransomware) has been disguised with Deeplocker in a benign video conferencing application. The antivirus programs did not even notice the infection using sandboxes9. As a trigger, the AI model has been trained to recognize a person's face, and only this effect can extract and launch the virus. Imagine that this video conferencing application is downloaded by millions of people, which is a likely scenario on many public platforms today. At launch, the app secretly adds camera snapshots to the embedded AI model, but otherwise behaves normally for all users - except for the desired target person. When the victim sits in front of the computer and uses the application, the malicious payload is secretly executed, from the victim's face, which was the preprogrammed key to unlock it. Although malware like DeepLocker has not been detected to date10, the AI tools used to create it are publicly available, as are the applied malware techniques. It's only a matter of time before news 9 The documentation is not reminiscent, but a technology is capable to counterplot a \"bare metal\" environment, by its nature. 10 so in the year and a half since the show, no such infection has become public ...
American Journal of Research, Education and Development 32 ISSN 2471-9986 2019/4 comes about an action like that. Moreover, due to the effective hiding outlined, it is possible that such an attack is still in progress! Swarm Intelligence We could add a “Neumann’s Zero theorem”11: “copy the working principles of the living organisms”. The famous Hungarian scientist studied the functioning of the human brain, and how it can be used in the structure of computers. Later, the first AI models were also inspired by the human brain cell connection system. But it's not just the operation of human brain from where the IT steals ideas. Countless discoveries in biology have been used in the form of algorithms. As artificial intelligence evolves, these ideas have flourished, many of new directions for AI opens. Within this, the domain of so-called “population models” is based on ethological observations, and draws on a world of efficient animal communities. The AI trend inspired in this way is frighteningly promising. This 'swarm intelligence' is a new paradigm within AI development that is sure to have a huge future. They primarily offer a much more efficient solution to optimization tasks. Anthill [3] intelligence is basically developed around route optimization problems, and bee intelligence to optimize solar power plants [4]. Mention may also be made of the artificial fishalgorithm [5] herdor the model of the mating motivation of fireflies (flies) [6], but there are many other promising studies, just a few other methods of interest: the butterfly algorithm, cuckoo egg laying in Cuckoo Search, and wolf hunting in the Gray Wolf Optimizer. (Fister, et al., 2013), (Jang, 2010), (Faris, et al., 2017) and it’s intresting the organizing these algorithms (Panimalar.S, 2017). Here, however, we only focus on the fact that swarm intelligence is also extremely capable of cyber-attacks. The essence of Swarm Intelligence is that it is not made up of cells, just like a simple living organism or other AI - but is made up of individuals, which are self-acting entities. These entities are able to meet the environmental challenges more successfully and efficiently in the community, that is more collaborative and effective. The same purpose of these IT models is for entities to help each other with their \"experience\". Shared experiences refine the way to reach the goal. Efficiency is also high because it is irrelevant which entity reaches it, and if one reaches (e.g., a new food source), the 11 In Hungary, a collection of computer principles bears the name of a scientist of Hungarian origin (not just the Neumann architecture). One of the many groupings: The computer 1. uses number system two; 2. ~ operation must be electronic; 3. ~ performs the various operations one after the other in sequence; 4 stored-program concept (data and partial results stores in the same memory); 6 Universal usability, programmability; 7. Five functional units of the computer (arithmetic unit, central control unit, memories, input and output units)
American Journal of Research, Education and Development 33 ISSN 2471-9986 2019/4 whole community has reached it. Moreover, these entities even modify their own (genetic or program) code in their offsprings, optimizing it based on community experience. In nature, such adaptation occurs when, over a few generations, the ability of individuals of a given species to adapt to a new situation, such as changes in nutrition their beak transforms, temperature-related change of their coat, or some internal organs become stronger than in other populations. Such transformation does not depend on the leader of the flock or the queen of ants, and many animals do not have such a leader. Thus, the implementation of this in a computer world will be a fully distributed system, which seems much more viable than the current centrally controlled IT methods. When this principle is used for cyberattacks, viral codes are created that adapt to their environment. The virus entities are communicate to each other about the various hindrances, and the necessary modifications are made by AI itself. In addition, this method can also use the common knowledge of swarm intelligence to hide the malicious code. So attacking code, like a chameleon, develops the most optimal technique for the given environment, against finding it. Based on these, it is already clear that such a virus swarm can effectively cause massive (robust) damage to one or many systems, because 1. A swarm has no central control unit; 2. The swarm may have a collective memory, share their knowledge of a strategy (successful / unsuccessful) and “learn from it”; 3. In this way, the swarm creates a kind of social and communication network. Each member can communicate with others in different ways (directly, through selected individuals, from individual to subpopulation, etc.). 4. the adaptability of the swarm can be exploited for hiding. So even if we find some virus copies for which are hard to spot (we forget now about creating new ones automatically), they will be removed in vain because it does not affect the operation of the entire swarm. Obviously, such an attack is made by modifying other well-tried malicious technologies (worms, ransomware), which can greatly increase their harmful properties. A Czech research team, led by Ivan Zelinka at the University of Ostrava, also published a virus structure that works on this principle [7]. In their laboratory, they created an experimental sample to implement a swarm of malware. Specifically, they started off of a \"classic\" and botnet (non- worm, non-Trojan) virus. This was transformed into a self-healing-self-replicating pest structure. To
American Journal of Research, Education and Development 34 ISSN 2471-9986 2019/4 do this, they combined three technologies: computer virus principles, swarm intelligence, and complex network analysis capabilities. The model is a finite automaton of several states, the essence of which is described below. The structure of the virus states used in their experiments is shown in the figure. Figure 2. The Czech swarm virus modell Each status has the following meaning: 1. Wake State: This status is active when other instances of the virus are not yet operational. It wakes up by the signal of a user executed host file; 2. Infection State: This is partly related to the Execution State (5) and partly a self-defense function. So here, on the one hand, a trigger is created, which then activates the payload (harmful to the target system), which puts the virus in the Execution state. On the other hand, this status is a self- defense function when the antivirus detects some copies of the virus deletes or quarantine them. Against this, this state maintains a constant copy of the virus, with the help of Healing State (3) and Move State (4). 3. Healing (Regeneration)12 State: Thanks to this operation, the swarm has a constant cardinality. Here, the virus modifies (cleans) its old copy using the Move State before moving to another host. 12 The model calls it Heal, though the original meaning of the word regeneration would be much more indicative of the state in which the code is reborn. , because really new code is being created.
American Journal of Research, Education and Development 35 ISSN 2471-9986 2019/4 4. Move State: this is the state where the swarm principles are executed, where the experience is generated and taken over; 5. Execution State: This is the \"explosive charge\" of the virus, with a visible (harmful) effect. But it only works when a trigger is activated - otherwise the instance is ignored, stays in “stealth mode”, and goes into Motion mode; The swarm will start running in a specific state based on the state in which a virus instance has already started. If this was the first execution after the operating system was booted, execution would begin in the Wake state. If the virus instance is awakened by another virus instance, you must run it in the Infection state. If an existing virus instance has given or gained experience in the Movement state (that is, the starting knowledge prevailed), it enters to Healing state and then infects it in another way. Obviously, more complex viral behavior can be created, but this is a good example of the intrinsic novelty of the method. Unfortunately, there is no room here for a more detailed explanation of how to use the Swarm Intelligence. But there are two other things to mention here that are not directly related to cyberspace, but important from a military point of view. One is that control of combat robots (drones, tanks, ships) can also be accomplished with swarm intelligence, which multiplies the combat value that would result from swarm numbers. Another is that swarm intelligence can become a weapon in the field of psychological warfare. If a crowd of people and machines can effectively predict election results13, they may be able to modify that prediction by saying what needs to be done to change that particular outcome. Breaking Previously Proven Captcha Protection with AI The following example illustrates well the obsolescence of classic security solutions, in this case the breakthrough of text-distorted Captcha14 protections. Cybercriminals have been able to do this for a long time, and I have experienced this in my own work. On a Drupal-based portal I operated, 13 The method can be better understood from the analysis of the man of the year choice: A system called UNU, in which AI and many people work together, was able to predict very accurately [21]. The MogIA system, developed in India, has predicted the US presidential election several times [23] 14 Captcha reports “Completely Automated Public Turing Test to Tell Computers and Humans Apart”. Approximately 1997 to 2007, so 20 years ago, the method used to protect web interfaces from attacks that automatically attempt to create accounts, to post to forums (for example advertisings), thus protecting the portal from the unwanted contents. To do this, the human visitor has to prove that he is truly a human: he gets a puzzle that a machine cannot solve. Eg. you must enter some distorted characters correctly or solve a simple problem.
American Journal of Research, Education and Development 36 ISSN 2471-9986 2019/4 I had to protect the comments with Captcha after 2 years of uninterrupted operation, but a few years later (about 2009) I was in trouble. Even if I set the distortion of the text to be always decipherable to a human, I still get advertising comments, and even if I added more blur effects, pixel and line blur, the advertising posts were gone, but as a human, it was’n possible to invent, what the deciphering of the picture puzzle was. In September 2017, it became apparent how such an attack could be carried out, and Dr. Rosenbrock, a young researcher, not only published a method in a chapter of his book (Rosebrock, 2017), but also added python codes to it [8]. The ethical hacker cracked captcha protection on a particular site by training a deep-learning model by downloading large amounts of captcha image samples. Shortly afterwards, a Sino-English university collaboration study presents a more general cyber-weapon scheme and tests it on a variety of Captcha defenses. Let's take a closer look at this example: how the Captcha protections were broken in the test lab by the artificial intelligence deployed against it. [9]. It was not the goal to have a perfect captcha-breaking system that works in all cases. It has only been examined whether an AI can be trained so, that it is more likely to interpret distorted text as correct text, than it is likely to fail. This goal was achieved. Each of the systems tested succeed to be able to reproduce the correct characters in at least 60% of the cases (sometimes in more steps). In fact, several systems managed to achieve 100%. The research looked at the text-distorting process of the 32(+1) most popular portals in the world, and its recognizability. Twenty-thousand different types of captcha text images were taught to the system, and mindful to the rules found on portals: character outages, distorting methods. The method can be summarized as follows: 1. The Captcha Synthesizer module tries to mimic the real Captcha type he get. He gets a real captcha, we tell him the solution, and he tries to generate something similar. First, he tries to distort the characters he received, until they become like on the distorted captcha-image. By this the Captcha Synthesizer is more and more \"figuring out\" how the image was created and being able to produce synthetic Captchas, similar to the original. He hands over this knowledge to the Preprocessor model and provides captcha images to teach the Base Solver System. 2. The Preprocessor AI model develops using the algorithm provided by the Captcha Synthesizer. He will be able without human instruction to isolate point cloud and line and other distortions, determine font-type in the captcha he receive. This can be used to fine tune the system.
American Journal of Research, Education and Development 37 ISSN 2471-9986 2019/4 3. The Captcha Synthesizer and the Preprocessor model generates a lot of images. With the Captcha synthesizer images, we teach the Base Solver, how to distort the image text so that he can then recognize it. 4. Even fine tuning is needed as the Basic Solver system produces a cleaner but still distorted text. To do this, use images from the Preprocessor Model to train (fine-tune) our system until the desired recognition rate of over 50% is achieved. By making the attack more likely to break than defending it, we have proven that the method is inadequate for defense. Figure 3. Captcha hacking with Ai (author’s figure) Older pages have been 100% broken after just over 10 fine-tuning steps. The Yahoo! has the best results, but the attacking system has also crossed the 50% border after 19 fine-tuning steps [10] So even imperfectly and sometimes with difficulty, but even this prototype AI defeat all font distortion protection. We can draw the lesson: this is clearly the end of image text-based robotic defense technology. This example illustrates and foreshadows the need to put many other protection solutions on a new footing in the near future. However, for the completeness we note, that this laying on new base has long been going on, and the Captcha will be able to halt robots for the foreseeable future. The more advanced Captcha techniques were not examined by this testing, only the text distortion When do attacking AI-s develop
American Journal of Research, Education and Development 38 ISSN 2471-9986 2019/4 to such a level that they can say for example, “on what picture has no house?” And if he will know that? We will able to figure out new tasks like these for a long time. We can ask for mouse actions in response, since offensive systems are not yet capable of mouse-operation mimicking. (In the best example I have seen, we have to put in sequence some boxes with drag & drop technique based on a patter). Thus, portal operators can continue to use such cheap and good Captcha protection against automated, non-targeted attacks for several years to come. However, if AI is very advanced and he can everything to solve, we can use the Captcha technique to be a successor to the Turing test. Then we can define a Super-Captcha that can tell us, whether it is human based the particular system. in such a way, that the questioned AI will solve the problem, what is too difficult to solve for a human. [11] Opportunities for AI based military attacks The specific offensive solutions analyzed above have highlighted that the potential of technology is not only infinite as it has been until now - the attacker's capabilities using AI are now \"infinitely infinite\". Let us consider some of the known attack techniques that can be enhanced by using AI. Let us conceive some of the known attack techniques, how can be enhanced them by using AI. For example, rendering the denial-of-service (DoS) attacks [12] AI-based is almost obvious – especially the distributed which would trigger an attack under many conditions. One such condition may be that \"all designated systems are infected\". As another example, we can consider, how likely it is to develop military pests that infect the enemy's command and contol systems, communication equipment, vehicles, or other combat techniques. Thus, they would be rendered unusable or take the control over them in due course. In this way, super-advanced technologies would become a super-expensive heap of metal. Even they could turn against their own forces! The AI-based concealment techniques outlined above are quite likely can be used for such purposes. As we explained in the methodological section of Part One of this article, we will not be able to provide an in-depth account AI based military use of cyber space. The two parts of our article about
American Journal of Research, Education and Development 39 ISSN 2471-9986 2019/4 the AI based cyber attack may provide a sufficient basis to give us an idea of what power we confront.denial-of-service (DDoS) attacks15. The mentioned swarm intelligence is a great implementation of a distributed system, so its use for distributed attacks (including DDoS attacks), has evidently considered all skilled readers. However, complaining articles not enough to prevent this [13], as we have seen in the models, the attackers may have many new ideas for using AI. So, such an attack would not just be about activating these zombies, based on a time lock, as this is a known technique. It is expected that the zombie virus will be better camouflaged with AI, than in Deep-Locker. So we can expect an AI-based DDoS to be implemented as part of an Advanced Persistent Threat attack (APT) [14]. So not only the servers would freeze, but the terminals that could be used for intervention would be rendered unusable, and even the room or building could be closed. For such a virus, more complex triggers can be given, 15 The essence of DDoS attacks is that a server has an unprecedented amount of requests, from many places (therefore distributed), thus rendering the service inoperable.
American Journal of Research, Education and Development 40 ISSN 2471-9986 2019/4 REFERENCES [1] STOECKLIN M. P., JANG J., DHILUNG K.: „securityintelligence,” 8 8 2018. https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/. [2] STEFNISSON S.: 2018. 05.04. https://www.securityweek.com/evasive-malware-now-commodity. [Hozzáférés dátuma: 20 10 2019]. [3] SIKORA L.: Swarm Malware - Hejnový virus, Osztrava: Osztravai Műszaki Egyetemen, 2017. [4] DERVIS K., BAHRIYE A.: „A survey: Algorithms Simulating Bee Swarm Intelligence,” Artificial Intelligence Review, %1. kötet 31, pp. 61-85, 2009. [5] LIN K.-C., SIH-YANG C.,JASON H. C.: „Botnet Detection Using Support Vector Machines with Artificial Fish Swarm Algorithm,” Journal of Applied Mathematics, p. 9, 29 04 2014. [6] KÁSA R: Döntéselmélet, Budapest: Miskolci Egyetem, 2014, p. 12.2.. [7] ZELINKA I.: „Swarm virus - Next-generation virus and antivirus para-digm?,” in Swarm and Evolutionary Computation, %1. kötet43, S. –. S. P. DAS, Szerk., Amsterdam, 2018, p. 207–224. [8] ROSENBROCK A.: Edited code examples from the book 'Deep Learning for Computer Vision - Starter Bundle', 2018. [9] TANG Z., WANG Z.: „Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach,” Association for Computing Machinery., Toronto, Canada, 2018. [10] MEDIUM: 19 12 2018. https://medium.com/towards-artificial-intelligence/breaking-captcha-using-machine- learning-in-0-05-seconds-9feefb997694. [11] YAMPOLSKIY R. V.: „AI-Complete CAPTCHAs as Zero Knowledge Proofs of Access to an Artificially Intelligent System,” International Scholarly Research Notices, 2012. [12] KOVÁCS L.: „2.1.2. Túlterhelés mint támadási módszer,” in A kibertér védelme, Budapest, Dialóg Campus Kiadó, 2018, pp. 141-148. [13] NETWORKWORLD: 18 07 2018. https://www.networkworld.com/article/3289108/the-rise-of-artificial- intelligence-ddos-attacks.html.. [14] KOVÁCS L.: „2.1.3. APT és egyéb támadási formák,” in A kibertér védelme, Budapest, Digital Campus Kiadó, 2018, pp. 148-166. [15] RADWARE: 2018. https://downloads.seculert.com/documents/Evasive%20Attack%20Techniques%20Overview.pdf. [16] PANIMALAR A.S.: „Nature Inspired Metaheuristic Algorithms,” International Research Journal of Engineering and Technology (IRJET), pp. 306-309, 2017. [17] KIRAT D.,VINGA G., KRUEGEL C.: „BareBox: Efficient Malware Analysis on Bare-Metal,” in Twenty- Seventh Annual Computer Security Applications Conference, {ACSAC}, Orlando, ACM, 2011, pp. 403--412. [18] C. R. INSTITUTE: „Reinventing Cybersecurity with Artificial Intelligence,” Capgemini Research Institute, Párizs, 2019.
American Journal of Research, Education and Development 41 ISSN 2471-9986 2019/4 [19] IMAGAZIN: „https://imagazin.hu,” 2018. https://imagazin.hu/rajintelligencia-megmondta-mesterseges- intelligencia-hogy-ki-lesz-az-ev-embere/. [20] HVG: 29 10 2016. https://hvg.hu/tudomany/20161029_donald_trump_lesz_az_elnok_josolja_a_mesterseges_intelligencia. [21] FUTURISM: „https://futurism.com,” 6 12 2017. https://futurism.com/swarm-intelligence-correctly-predicted- times-person-of-the-year. [22] FARIS H., ALJARAH I., AL-BETAR M., MIRJALILI S.: „Grey wolf optimizer: a review of recent variants and applications,” Neural Computing and Applications, 1. kötet 10, pp. 1-24, 2017. [23] CNBS: „CNBC,” 28 10 2016. https://www.cnbc.com/2016/10/28/donald-trump-will-win-the-election-and-is- more-popular-than-obama-in-2008-ai-system-finds.html. [24] JANG X.-S.: „Nature-inspired Metaheuristic Algorithms,” in Nature-inspired Metaheuristic Algorithms, Cambridge, Luniver Press, 2010, pp. 105-116. [25] FISTER I., FISTER J., JANG X.-S., BREST J.: „A comprehensive review of firefly algorithms, Swarm Evol. Com-put. 13 34–46.,” Swarm and Evolutionary Computation, %1. kötet13, pp. 34-46, 2013. [26] FISTER I., FISTER J., JANG X.-S., BREST J.: „A comprehensive review of firefly algorithms, Swarm Evol. Com-put. 13 34–46.,” Swarm and Evolutionary Computation, %1. kötet13, pp. 34-46, 2013. [27] XIN-SHE Y.: „Nature-inspired Metaheuristic Algorithms,” in Nature-inspired Metaheuristic Algorithms, Cambridge, Luniver Press, 2010, pp. 105-116. [28] IRIONDO R.: „Breaking CAPTCHA Using Machine Learning in 0.05 Seconds,” 19 12 2018. https://medium.com/towards-artificial-intelligence/breaking-captcha-using-machine-learning-in-0-05-seconds- 9feefb997694.
Search
Read the Text Version
- 1 - 42
Pages:
