Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
80 tokens/sec
GPT-4o
11 tokens/sec
Gemini 2.5 Pro Pro
53 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
10 tokens/sec
DeepSeek R1 via Azure Pro
33 tokens/sec
2000 character limit reached

ADAPT: A Game-Theoretic and Neuro-Symbolic Framework for Automated Distributed Adaptive Penetration Testing (2411.00217v1)

Published 31 Oct 2024 in cs.CR, cs.AI, and cs.GT

Abstract: The integration of AI into modern critical infrastructure systems, such as healthcare, has introduced new vulnerabilities that can significantly impact workflow, efficiency, and safety. Additionally, the increased connectivity has made traditional human-driven penetration testing insufficient for assessing risks and developing remediation strategies. Consequently, there is a pressing need for a distributed, adaptive, and efficient automated penetration testing framework that not only identifies vulnerabilities but also provides countermeasures to enhance security posture. This work presents ADAPT, a game-theoretic and neuro-symbolic framework for automated distributed adaptive penetration testing, specifically designed to address the unique cybersecurity challenges of AI-enabled healthcare infrastructure networks. We use a healthcare system case study to illustrate the methodologies within ADAPT. The proposed solution enables a learning-based risk assessment. Numerical experiments are used to demonstrate effective countermeasures against various tactical techniques employed by adversarial AI.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. M. Samorani, S. Harris, L. G. Blount, H. Lu, and M. A. Santoro, “Overbooked and overlooked: Machine learning and racial bias in medical appointment scheduling,” Manufacturing & Service Operations Management, p. 19, 2021. [Online]. Available: https://doi.org/10.2139/ssrn.3471420
  2. M. Eshghali, D. Kannan, N. Salmanzadeh-Meydani, and A. M. E. Sikaroudi, “Machine learning based integrated scheduling and rescheduling for elective and emergency patients in the operating theatre,” Annals of Operations Research, vol. 332, no. 1, pp. 989–1012, 2024. [Online]. Available: https://doi.org/10.1007/s10479-023-05168-x
  3. M. M. Ahsan, S. A. Luna, and Z. Siddique, “Machine-learning-based disease diagnosis: A comprehensive review,” Healthcare (Basel), vol. 10, no. 3, p. 541, 2022. [Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8950225/
  4. T. J. Loftus, A. C. Filiberto, Y. Li, and et al., “Decision analysis and reinforcement learning in surgical decision-making,” Surgery, vol. 168, no. 2, pp. 253–266, 2020.
  5. S. Gorbunov and A. Rosenbloom, “Autofuzz: Automated network protocol fuzzing framework,” 2010. [Online]. Available: https://api.semanticscholar.org/CorpusID:18430752
  6. Y. Stefinko, A. Piskozub, and R. Banakh, “Manual and automated penetration testing: Benefits and drawbacks,” in 2016 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET).   IEEE, 2016, pp. 488–491.
  7. M. C. Ghanem and T. M. Chen, “Reinforcement learning for efficient network penetration testing,” Information, vol. 11, no. 1, p. 6, 2019.
  8. Z. Hu, R. Beuran, and Y. Tan, “Automated penetration testing using deep reinforcement learning,” in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2020, pp. 2–10.
  9. D. Shmaryahu, G. Shani, J. Hoffmann, and M. Steinmetz, “Partially observable contingent planning for penetration testing,” in IWAIS: First International Workshop on Artificial Intelligence in Security, 2017.
  10. B. Mueller, “Understanding and mitigating the risk of ai vs. traditional software,” 2023. [Online]. Available: https://www.isaca.org/resources/news-and-trends/industry-news/2023/understanding-and-mitigating-the-risk-of-ai-vs-traditional-software
  11. F. A. Yerlikaya and S. Bahtiyar, “Data poisoning attacks against machine learning algorithms,” Expert Systems with Applications, vol. 208, p. 118101, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0957417422012933
  12. R. R. Wiyatno, A. Xu, O. Dia, and A. de Berker, “Adversarial examples in modern machine learning: A review,” 2019. [Online]. Available: https://arxiv.org/abs/1911.05268
  13. T. Li, H. Lei, and Q. Zhu, “Sampling attacks on meta reinforcement learning: A minimax formulation and complexity analysis,” 2023. [Online]. Available: https://arxiv.org/abs/2208.00081
  14. L. Head, “Rising threat of ddos attacks in healthcare,” 2024. [Online]. Available: https://aisn.net/rising-threat-of-ddos-attacks-in-healthcare/
  15. Skylight Cyber, “Cylance, i kill you!” 2019. [Online]. Available: https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
  16. E. M. Hutchins, M. J. Cloppert, and R. M. Amin, “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” in Proceedings of the 2010 IEEE Symposium on Security and Privacy, 2010. [Online]. Available: https://api.semanticscholar.org/CorpusID:6421896
  17. A. E. LeBouthillier, “Symbolic artificial intelligence and first order logic,” 1999. [Online]. Available: https://home.csulb.edu/ wmartinz/content/symbolic-artificial-intelligence-and-first-order-logic.html
  18. A. Salleh, “Network architecture for healthcare information systems,” 2014. [Online]. Available: https://drdollah.com/hospital-information-system-his/system-architecture/
  19. O. H. USA, “Building hardware architecture for healthcare network computing for internet of things and artificial intelligence,” 2024. [Online]. Available: https://www.onyxhealthcareusa.com/building-hardware-architecture-for-healthcare-network-computing-for-internet-of-things-and-artificial-intelligence/
  20. P. Krass, “A hospital’s diagnosis: Professional ai workloads require professional hardware,” 2023. [Online]. Available: https://www.performance-intensive-computing.com/objectives/a-hospital-s-diagnosis-professional-ai-workloads-require-professional-hardware/
  21. MITRE, “Mitigations enterprise mitre att&ck,” Bedford, MA, USA, 2020. [Online]. Available: https://attack.mitre.org/mitigations/enterprise/
  22. MITRE, “Atlas (adversarial threat landscape for artificial-intelligence systems),” Bedford, MA, USA, 2024. [Online]. Available: https://atlas.mitre.org/
  23. R. Lakshmanan, “New attack technique ’sleepy pickle’ targets machine learning models,” 2024. [Online]. Available: https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html
  24. The New York Times, “Chaos and confusion: Tech outage causes disruptions worldwide,” 2024. [Online]. Available: https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets