News
Study tests if AI can help fight cybercrime
Artificial Intelligence (AI) could become a crucial asset to fight the growing global risk of cybercrime, a new study with Charles Darwin University (CDU) has found.
The study, led by researchers from CDU’s Energy and Resources Institute alongside Christ Academy Institute for Advanced Studies in India, examined if generative AI (GenAI) could be used in penetration testing, known as pentesting, which is a cybersecurity exercise aimed at identifying weak spots in a system’s defences.
Researchers used ChatGPT to run a series of pentesting activities in reconnaissance, scanning, vulnerability assessments, exploitation, and reporting activities.
Prompts included trying to anonymously log into a server and download files, inspect source codes of webpages, and find data embedded within an archive.
Co-author and CDU Senior Lecturer in Information Technology Dr Bharanidharan Shanmugam said the purpose of the study was to explore whether AI could be used to automate some pentesting activities, with the results showing ChatGPT had enormous potential.
“In the reconnaissance phase, ChatGPT can be used for gathering information about the target system, network, or organisation for the purpose of identifying potential vulnerabilities and attack vectors,” Dr Shanmugam said.
“In the scanning phase, ChatGPT can be used to aid in performing detailed scans of the target particularly their network, systems and applications to identify open ports, services, and potential vulnerabilities.
“While ChatGPT proved to be an excellent GenAI tool for pentesting for the previous phases, it shone the greatest in exploiting the vulnerabilities of the remote machine.”
Dr Shanmugam added while the technology could revolutionise pentesting, use of AI to improve cybersecurity must be strictly monitored.
“Organisations must adopt best practices and guidelines, focusing on responsible AI deployment, data security and privacy, and fostering collaboration and information sharing,” he said.
“By doing so, organisations can leverage the power of GenAI to better protect themselves against the ever-evolving threat landscape and maintain a secure digital environment for all.”
Generative AI for pentesting: the good, the bad, the ugly was published in the International Journal of Information Security.
Related Articles
Trailblazing student develops app to help Territorians get the keys to drive
Read more about Trailblazing student develops app to help Territorians get the keys to drivePreparing for a driving exam can be a nerve-wracking experience, but a Charles Darwin University (CDU) international student is developing technology to help students prepare for the test in the NT.
New funding will see CDU and Environs Kimberley use drones to help monitor desert and savanna habitat
Read more about New funding will see CDU and Environs Kimberley use drones to help monitor desert and savanna habitatCharles Darwin University and Environs Kimberley researchers, along with Kimberley partners, will soon be looking to monitor how fire management changes the structure and condition of about 43,000 km2 of savanna and desert vegetation using data collected by drones and satellites.
CDU researcher and international team shine a light on troubled deepsea sharks and rays
Read more about CDU researcher and international team shine a light on troubled deepsea sharks and raysA Charles Darwin University (CDU) researcher is part of an international team highlighting the global status of sharks that lurk in the deep waters of the ocean, discovering that the group is under threat.