Papers
Topics
Authors
Recent
Search
2000 character limit reached

ADAPT: A Game-Theoretic and Neuro-Symbolic Framework for Automated Distributed Adaptive Penetration Testing

Published 31 Oct 2024 in cs.CR, cs.AI, and cs.GT | (2411.00217v1)

Abstract: The integration of AI into modern critical infrastructure systems, such as healthcare, has introduced new vulnerabilities that can significantly impact workflow, efficiency, and safety. Additionally, the increased connectivity has made traditional human-driven penetration testing insufficient for assessing risks and developing remediation strategies. Consequently, there is a pressing need for a distributed, adaptive, and efficient automated penetration testing framework that not only identifies vulnerabilities but also provides countermeasures to enhance security posture. This work presents ADAPT, a game-theoretic and neuro-symbolic framework for automated distributed adaptive penetration testing, specifically designed to address the unique cybersecurity challenges of AI-enabled healthcare infrastructure networks. We use a healthcare system case study to illustrate the methodologies within ADAPT. The proposed solution enables a learning-based risk assessment. Numerical experiments are used to demonstrate effective countermeasures against various tactical techniques employed by adversarial AI.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. M. Samorani, S. Harris, L. G. Blount, H. Lu, and M. A. Santoro, “Overbooked and overlooked: Machine learning and racial bias in medical appointment scheduling,” Manufacturing & Service Operations Management, p. 19, 2021. [Online]. Available: https://doi.org/10.2139/ssrn.3471420
  2. M. Eshghali, D. Kannan, N. Salmanzadeh-Meydani, and A. M. E. Sikaroudi, “Machine learning based integrated scheduling and rescheduling for elective and emergency patients in the operating theatre,” Annals of Operations Research, vol. 332, no. 1, pp. 989–1012, 2024. [Online]. Available: https://doi.org/10.1007/s10479-023-05168-x
  3. M. M. Ahsan, S. A. Luna, and Z. Siddique, “Machine-learning-based disease diagnosis: A comprehensive review,” Healthcare (Basel), vol. 10, no. 3, p. 541, 2022. [Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8950225/
  4. T. J. Loftus, A. C. Filiberto, Y. Li, and et al., “Decision analysis and reinforcement learning in surgical decision-making,” Surgery, vol. 168, no. 2, pp. 253–266, 2020.
  5. S. Gorbunov and A. Rosenbloom, “Autofuzz: Automated network protocol fuzzing framework,” 2010. [Online]. Available: https://api.semanticscholar.org/CorpusID:18430752
  6. Y. Stefinko, A. Piskozub, and R. Banakh, “Manual and automated penetration testing: Benefits and drawbacks,” in 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET).   IEEE, 2016, pp. 488–491.
  7. M. C. Ghanem and T. M. Chen, “Reinforcement learning for efficient network penetration testing,” Information, vol. 11, no. 1, p. 6, 2019.
  8. Z. Hu, R. Beuran, and Y. Tan, “Automated penetration testing using deep reinforcement learning,” in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2020, pp. 2–10.
  9. D. Shmaryahu, G. Shani, J. Hoffmann, and M. Steinmetz, “Partially observable contingent planning for penetration testing,” in IWAIS: First International Workshop on Artificial Intelligence in Security, 2017.
  10. B. Mueller, “Understanding and mitigating the risk of ai vs. traditional software,” 2023. [Online]. Available: https://www.isaca.org/resources/news-and-trends/industry-news/2023/understanding-and-mitigating-the-risk-of-ai-vs-traditional-software
  11. F. A. Yerlikaya and S. Bahtiyar, “Data poisoning attacks against machine learning algorithms,” Expert Systems with Applications, vol. 208, p. 118101, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0957417422012933
  12. R. R. Wiyatno, A. Xu, O. Dia, and A. de Berker, “Adversarial examples in modern machine learning: A review,” 2019. [Online]. Available: https://arxiv.org/abs/1911.05268
  13. T. Li, H. Lei, and Q. Zhu, “Sampling attacks on meta reinforcement learning: A minimax formulation and complexity analysis,” 2023. [Online]. Available: https://arxiv.org/abs/2208.00081
  14. L. Head, “Rising threat of ddos attacks in healthcare,” 2024. [Online]. Available: https://aisn.net/rising-threat-of-ddos-attacks-in-healthcare/
  15. Skylight Cyber, “Cylance, i kill you!” 2019. [Online]. Available: https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
  16. E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” in Proceedings of the 2010 IEEE Symposium on Security and Privacy, 2010. [Online]. Available: https://api.semanticscholar.org/CorpusID:6421896
  17. A. E. LeBouthillier, “Symbolic artificial intelligence and first order logic,” 1999. [Online]. Available: https://home.csulb.edu/ wmartinz/content/symbolic-artificial-intelligence-and-first-order-logic.html
  18. A. Salleh, “Network architecture for healthcare information systems,” 2014. [Online]. Available: https://drdollah.com/hospital-information-system-his/system-architecture/
  19. O. H. USA, “Building hardware architecture for healthcare network computing for internet of things and artificial intelligence,” 2024. [Online]. Available: https://www.onyxhealthcareusa.com/building-hardware-architecture-for-healthcare-network-computing-for-internet-of-things-and-artificial-intelligence/
  20. P. Krass, “A hospital’s diagnosis: Professional ai workloads require professional hardware,” 2023. [Online]. Available: https://www.performance-intensive-computing.com/objectives/a-hospital-s-diagnosis-professional-ai-workloads-require-professional-hardware/
  21. MITRE, “Mitigations enterprise mitre att&ck,” Bedford, MA, USA, 2020. [Online]. Available: https://attack.mitre.org/mitigations/enterprise/
  22. MITRE, “Atlas (adversarial threat landscape for artificial-intelligence systems),” Bedford, MA, USA, 2024. [Online]. Available: https://atlas.mitre.org/
  23. R. Lakshmanan, “New attack technique ’sleepy pickle’ targets machine learning models,” 2024. [Online]. Available: https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html
  24. The New York Times, “Chaos and confusion: Tech outage causes disruptions worldwide,” 2024. [Online]. Available: https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Authors (3)

  1. Haozhe Lei 
  2. Yunfei Ge 
  3. Quanyan Zhu 

Collections

Sign up for free to add this paper to one or more collections.

Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

Sign Up for Free