aif接口
In view of the rapid development of threats, it has become imperative to look more closely at the security implications of AI and machine learning (ML). Security experts have developed the concept of “AI — fuzzing” to hone AI/ML by “fuzing”.
鉴于威胁的Swift发展,必须更加仔细地研究AI和机器学习(ML)的安全隐患。 安全专家开发了“ AI-模糊”概念,以通过“融合”来磨练AI / ML。
AI fuzzing is a technique that, together with machine learning, helps identify vulnerabilities in applications and systems. This information can then be fed and sold to cybercriminals to develop a new type of malware.
AI模糊测试是一种与机器学习一起使用的技术,可帮助识别应用程序和系统中的漏洞。 然后,可以将这些信息提供给网络罪犯并出售给他们,以开发一种新型的恶意软件。
Adding AI to the blur could be both a blessing and a curse for the company. The fact that machine learning and artificial intelligence are now being applied to this problem has changed the nature of the problem and its potential impact on the security of business systems. This addition to AI as a tool promises to make the tool easier to use and more flexible.
将AI添加到模糊中可能对该公司既是福也是祸。 现在将机器学习和人工智能应用于此问题的事实已改变了问题的性质及其对业务系统安全性的潜在影响。 作为工具增加了AI,有望使该工具更易于使用和更灵活。
AIF can work in a number of different ways, such as fuzzing a computer program or even as a method of analysis.
AIF可以以多种不同的方式工作,例如对计算机程序进行模糊处理或什至作为一种分析方法。
In addition to blurred AI, it can be used as a highly effective tool to identify and exploit zero-day errors. AIF malware can test a large number of inputs, essentially testing the system for weaknesses. The malware has access to multiple payloads and can activate the most effective, based on specific vulnerabilities in a system.
除了模糊的AI,它还可以用作识别和利用零日错误的高效工具。 AIF恶意软件可以测试大量输入,从根本上测试系统的弱点。 该恶意软件可以访问多个有效负载,并且可以根据系统中的特定漏洞激活最有效的负载。
A key to effective application safety testing is the use of input seeds to establish code paths and cause crashes and bug discoveries. AI-based tools can identify potential attack options and generate probable test cases. Once a test case offers a promised path to explore, the new tool will follow suit and delve deeper to see if problems in one area of the application lead to exploitable vulnerabilities elsewhere.
有效的应用程序安全测试的关键是使用输入种子来建立代码路径,并导致崩溃和错误发现。 基于AI的工具可以识别潜在的攻击选项并生成可能的测试案例。 一旦测试用例提供了一个可行的探索途径,该新工具就会效仿并深入研究,以查看应用程序某个区域中的问题是否导致其他地方的可利用漏洞。
The input can be predetermined, or it can be either random or mutated by training the algorithm to generate relevant variations based on previous runs.
输入可以是预先确定的,也可以是随机的,也可以是随机的,通过训练算法以基于先前的运行生成相关的变化来进行。
This dynamic, non-deterministic security testing technology enables developers to continuously and automatically check an ever-evolving web browser, including supply chain dependencies. By eliminating constraints imposed by artificial intelligence to align logic with finding faults, Azure Resource Manager can increase the calculation required by using fuzzy laboratories to create a laboratory — a melting environment that meets the customer’s needs. The azure-based approach gives customers the ability to run multiple fuzzers in addition to Microsoft’s own, allowing them to get value from several different methods of fuzzering.
这种动态,不确定性的安全测试技术使开发人员能够连续自动地检查不断发展的Web浏览器,包括供应链依赖性。 通过消除由人工智能施加的使逻辑与查找故障相适应的约束,Azure资源管理器可以通过使用模糊实验室创建实验室(满足客户需求的融化环境)来增加所需的计算量。 基于天蓝色的方法使客户能够运行除Microsoft自己之外的多个模糊测试器,从而使他们能够从几种不同的模糊测试方法中获取价值。
Microsoft uses the blur to find vulnerabilities and improve the robustness of its own products. In 2019, Google claims to have automatically found over 20,000 vulnerabilities using its in-house blurred toolchain. DoD DevSecOps Reference Design requires fuzz testing, but it can be done in a number of different ways, such as using fuzzers, machine learning, and artificial intelligence.
微软使用模糊技术来发现漏洞并提高其产品的稳定性。 Google声称在2019年使用其内部模糊工具链自动发现了20,000多个漏洞。 DoD DevSecOps参考设计需要进行模糊测试,但是可以通过多种不同方式来完成,例如使用模糊器,机器学习和人工智能。
The Consumer Technology Association recently released data showing that more than half of all AI applications deployed in 2018 have been used for cybersecurity purposes.
美国消费者技术协会(Consumer Technology Association)最近发布的数据显示,2018年部署的所有AI应用程序中有超过一半已用于网络安全目的。
Artificial Intelligence Fuzzing (AIF) could be a major threat to cybersecurity as AI technologies continue to evolve. This is a growing field that should be taken seriously by the information security sector.
随着AI技术的不断发展,人工智能模糊(AIF)可能会成为网络安全的主要威胁。 这是一个不断发展的领域,信息安全部门应该认真对待。
Security devices and systems can be trained to perform specific tasks autonomously, such as basic behavior, the use of behavioral analysis to identify sophisticated threats or patching devices. Through targeted machine learning, cybercriminals can train a device or system not to apply patches or updates to a particular device, ignore certain types of application behavior, or log certain traffic to bypass detection.
可以对安全设备和系统进行培训,以自主执行特定任务,例如基本行为,使用行为分析来识别复杂威胁或修补设备。 通过有针对性的机器学习,网络罪犯可以训练设备或系统不要对特定设备应用补丁或更新,忽略某些类型的应用程序行为或记录某些流量以绕过检测。
The recently announced Microsoft Risk Detection (MSRD) service is just one example of how fuzzing testing needs to evolve. Machine learning and artificial intelligence are not new, but graphics processors (GPUs) and their potential to make them mainstream by enabling the use of machine learning in security tests and other applications are.
最近宣布的Microsoft风险检测(MSRD)服务只是模糊测试需要如何发展的一个示例。 机器学习和人工智能并不是新生事物,但是图形处理器(GPU)及其通过在安全性测试和其他应用程序中使用机器学习使它们成为主流的潜力才是。
Artificial intelligence is an area that gives computers the ability to think and learn, and although the concept has existed since the 1950s, it is enjoying a resurgence made possible by chips with higher computing power. The artificial intelligence market is expected to grow by nearly 37% annually, reaching $191 billion by 2025. In fact, Microsoft’s award-winning work on what is called constraint solving was 10 years in the making and was used to produce the world’s first white-box fuzzer from Microsoft.
人工智能是赋予计算机思考和学习能力的领域,尽管这一概念自1950年代就已经存在,但它正享受着具有更高计算能力的芯片所带来的复兴。 人工智能市场预计将以每年近37%的速度增长,到2025年将达到1910亿美元。事实上,微软在所谓的约束求解领域屡获殊荣的工作已经进行了10年,并被用于生产世界上第一个微软的盒式模糊器。
Cited Sources
被引来源
https://www.cioreview.com/news/impacts-of-ai-fuzzing-on-cybersecurity--nid-28863-cid-175.html
https://www.cioreview.com/news/impacts-of-ai-fuzzing-on-cybersecurity--nid-28863-cid-175.html
https://gcn.com/articles/2020/05/15/fuzzing-software-vulnerability-detection.aspx
https://gcn.com/articles/2020/05/15/fuzzing-software-vulnerability-detection.aspx
https://cyber.grantthornton.co.uk/post/102fm3t/is-ai-the-future-of-hacking
https://cyber.grantthornton.co.uk/post/102fm3t/is-ai-the-future-of-hacking
翻译自: https://towardsdatascience.com/ai-based-fuzzing-aif-f09dda4d3804
aif接口
2525
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
