This paper investigates the use of a pre-trained language model and siamese network to discern sibling relationships between text-based cybersecurity vulnerability data. The ultimate purpose of the approach presented in this paper is towards the construction of hierarchical attack models based on a set of text descriptions characterising potential/observed vulnerabilities in a given system. Due to the nature of the data, and the uncertainty sensitive environment in which the problem is presented, a practically oriented soft computing approach is necessary. Therefore, a key focus of this work is to investigate practical questions surrounding the reliability of predicted links towards the construction of such models, to which end conceptual and practical challenges and solutions associated with the proposed approach are outlined, such as dataset complexity and stability of predictions. Accordingly, the contributions of this paper focus on producing neural networks using a pre-trained language model for predicting sibling relationships between cybersecurity vulnerabilities, then outlining how to apply this capability towards the generation of hierarchical attack models. In addition, two data sampling mechanisms for tackling data complexity, and a consensus mechanism for reducing the amount of false positive predictions are outlined. Each of these approaches is compared and contrasted using empirical results from three sets of cybersecurity data to determine their effectiveness.

Artificial intelligence (AI) is not new, but it is revolutionizing the world. Paired with emerging technologies, the applications for AI currently appear to be endless. From accelerating the pace of life saving drugs to streamline operations for cost-savings and revenue amplification, AI platforms are omnipresent, and their impact is inescapable. IBM terms it the "innovation equation," and explains that AI became the world's fastest-growing tech tool for one reason: necessity. The digital age ushered in previously unthinkable quantities of data.

Last week, Andy Grotto and I published a new working paper on policy responses to the risk that artificial intelligence (AI) systems, especially those dependent on machine learning (ML), can be vulnerable to intentional attack. As the National Security Commission on Artificial Intelligence found, "While we are on the front edge of this phenomenon, commercial firms and researchers have documented attacks that involve evasion, data poisoning, model replication, and exploiting traditional software flaws to deceive, manipulate, compromise, and render AI systems ineffective." The demonstrations of vulnerability are remarkable: In the speech recognition domain, research has shown it is possible to generate audio that sounds like speech to ML algorithms but not to humans. There are multiple examples of tricking image recognition systems to misidentify objects using perturbations that are imperceptible to humans, including in safety critical contexts (such as road signs). One team of researchers fooled three different deep neural networks by changing just one pixel per image.

Artificial intelligence (AI) is not new, but it is revolutionizing the world. Paired with emerging technologies, the applications for AI currently appear to be endless. From accelerating the pace of life saving drugs to streamline operations for cost-savings and revenue amplification, AI platforms are omnipresent, and their impact is inescapable. IBM terms it the "innovation equation," and explains that AI became the world's fastest-growing tech tool for one reason: necessity. The digital age ushered in previously unthinkable quantities of data.

If you use such social media websites as Facebook and Twitter, you may have come across posts flagged with warnings about misinformation. So far, most misinformation – flagged and unflagged – has been aimed at the general public. Imagine the possibility of misinformation – information that is false or misleading – in scientific and technical fields like cybersecurity, public safety and medicine. There is growing concern about misinformation spreading in these critical fields as a result of common biases and practices in publishing scientific literature, even in peer-reviewed research papers. As a graduate student and as faculty members doing research in cybersecurity, we studied a new avenue of misinformation in the scientific community.

If you use such social media websites as Facebook and Twitter, you may have come across posts flagged with warnings about misinformation. So far, most misinformation – flagged and unflagged – has been aimed at the general public. Imagine the possibility of misinformation – information that is false or misleading – in scientific and technical fields like cybersecurity, public safety and medicine. There is growing concern about misinformation spreading in these critical fields as a result of common biases and practices in publishing scientific literature, even in peer-reviewed research papers. As a graduate student and as faculty members doing research in cybersecurity, we studied a new avenue of misinformation in the scientific community.

If you use such social media websites as Facebook and Twitter, you may have come across posts flagged with warnings about misinformation. So far, most misinformation – flagged and unflagged – has been aimed at the general public. Imagine the possibility of misinformation – information that is false or misleading – in scientific and technical fields like cybersecurity, public safety and medicine. There is growing concern about misinformation spreading in these critical fields as a result of common biases and practices in publishing scientific literature, even in peer-reviewed research papers. As a graduate student and as faculty members doing research in cybersecurity, we studied a new avenue of misinformation in the scientific community.

Businesses and IT leaders concerned about cybersecurity have a lot of potential threats to deal with, from spear phishing attacks to ransomware, and may soon have another item on their worry list: artificial intelligence. Although AI has the potential to boost productivity and handle rote office tasks, freeing employees to work on more complex assignments, there is a looming downside in the security realm. Someday in the near future, hackers may be able to use AI tools to find new vulnerabilities and then create new exploits and attacks in a fraction of the time it would take a human. In August, the Defense Advanced Research Projects Agency, the Defense Department's research arm, sponsored the Cyber Grand Challenge hacking competition in Las Vegas. The contest pitted seven autonomous machines against each other to find and exploit bugs in each other's systems.