In the cyberspace, system defenders might have an idea of their own cybersecurity defense systems, but they surely have a partial view of the cyberspace battlefield and almost zero knowledge of the attackers. Evidently, the arm's race between defenders and attackers favors the attackers. The rise of fake news and `data poisoning' attacks aimed at machine learning inspired cyber threat intelligence systems is the result of a new strategy adopted by attackers that adds complexity to an already complex and ever changing cyber threat landscape. The modus operandi and TTPs of attackers continue to change with increasing repercussions. Attackers are now exploiting a vulnerability in the data training process of AI and ML inspired cyber threat intelligence systems by injecting `poisoned data' in training datasets to allow their malicious code to evade detection. The 'poisoned' corpus is specifically tailored and targeted to AI and ML cyber threat intelligence defense systems, especially those based on supervised and semi-supervised learning algorithms to make them misclassify malicious code as legitimate data.
Reference:
Mahlangu, T.V. et al. 2019. ‘Data Poisoning’ – Achilles heel of cyber threat intelligence systems. Proceedings of the 14th International Conference on Cyber Warfare and Security (ICCWS 2019), Stellenbosch University, South Africa, 28 February - 1 March 2019
Mahlangu, T. V., January, S., Mashiane, C. T., Dlamini, T. M., Ngobeni, S. J., & Ruxwana, L. N. (2019). ‘Data Poisoning’ – Achilles heel of cyber threat intelligence systems. http://hdl.handle.net/10204/10853
Mahlangu, Thabo V, Sinethemba January, Charmaine T Mashiane, Thandokuhle M Dlamini, Sipho J Ngobeni, and Lennox N Ruxwana. "‘Data Poisoning’ – Achilles heel of cyber threat intelligence systems." (2019): http://hdl.handle.net/10204/10853