Skip to content

Welcome to the ultimate list of resources for AI in cybersecurity. This repository aims to provide an organized collection of high-quality resources to help professionals, researchers, and enthusiasts stay updated and advance their knowledge in the field.

License

Notifications You must be signed in to change notification settings

ElNiak/awesome-ai-cybersecurity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Awesome AI in Cybersecurity

Welcome to the ultimate list of resources for AI in cybersecurity. This repository aims to provide an organized collection of high-quality resources to help professionals, researchers, and enthusiasts stay updated and advance their knowledge in the field.

Contents

Introduction

AI applications in cybersecurity can be categorized using Gartner's PPDR model:

  • Prediction
  • Prevention
  • Detection
  • Response
  • Monitoring

Additionally, AI applications can be divided by technical layers:

  • Network (network traffic analysis and intrusion detection)
  • Endpoint (anti-malware)
  • Application (WAF or database firewalls)
  • User (UBA)
  • Process behavior (anti-fraud)

Using AI for Pentesting

Prediction

Network

  • DeepExploit - Fully automated penetration testing framework using machine learning. It uses reinforcement learning to improve its attack strategies over time.
  • open-appsec - Open-appsec is an open source machine-learning security engine that preemptively and automatically prevents threats against Web Application & APIs.

Malware

  • OpenVAS - An open-source vulnerability scanner and vulnerability management solution. AI can be used to improve the identification and prioritization of vulnerabilities based on their potential impact and likelihood of exploitation.
  • SEMA - ToolChain using Symbolic Execution for Malware Analysis. SEMA provides a framework for symbolic execution to extract execution traces and build system call dependency graphs (SCDGs). These graphs are used for malware classification and analysis, enabling the detection of malware based on symbolic execution and machine learning techniques.
  • Malware environment for OpenAI Gym - Create an AI that learns through reinforcement learning which functionality-preserving transformations to make on a malware sample to break through / bypass machine learning static-analysis malware detection.

Prevention

Network

  • Snort IDS - An open-source network IDS and IPS capable of real-time traffic analysis and packet logging. Snort can leverage AI for anomaly detection and to enhance its pattern matching algorithms for better intrusion detection.
  • PANTHER - PANTHER combines advanced techniques in network protocol verification, integrating the Shadow network simulator with the Ivy formal verification tool. This framework allows for detailed examination of time properties in network protocols and identifies real-world implementation errors. It supports multiple protocols and can simulate advanced persistent threats (APTs) in network protocols.

Endpoint

  • OSSEC - An open-source host-based intrusion detection system (HIDS). AI can enhance OSSEC by providing advanced anomaly detection and predictive analysis to identify potential threats before they materialize.

Detection

Network

  • Zeek - A powerful network analysis framework focused on security monitoring. AI can be integrated to analyze network traffic patterns and detect anomalies indicative of security threats.
  • AIEngine - Next-generation interactive/programmable packet inspection engine with IDS functionality. AIEngine uses machine learning to improve packet inspection and anomaly detection, adapting to new threats over time.

Endpoint

  • Sophos Intercept X - Advanced endpoint protection combining traditional signature-based detection with AI-powered behavioral analysis to detect and prevent malware and ransomware attacks.
  • MARK - The multi-agent ranking framework (MARK) aims to provide all the building blocks required to build large-scale detection and ranking systems. It includes distributed storage suited for BigData applications, a web-based visualization and management interface, a distributed execution framework for detection algorithms, and an easy-to-configure triggering mechanism. This allows data scientists to focus on developing effective detection algorithms.

Response

Network

  • Metasploit - A tool for developing and executing exploit code against a remote target machine. AI can be used to automate the selection of exploits and optimize the attack vectors based on target vulnerabilities.
  • PentestGPT - PentestGPT provides advanced AI and integrated tools to help security teams conduct comprehensive penetration tests effortlessly. Scan, exploit, and analyze web applications, networks, and cloud environments with ease and precision, without needing expert skills.

Endpoint

  • Cortex - A powerful and flexible observable analysis and active response engine. AI can be used in Cortex to automate the analysis of observables and enhance threat detection capabilities.

Monitoring/Scanning

Network

  • Nmap - A free and open-source network scanner used to discover hosts and services on a computer network. AI can enhance Nmap's capabilities by automating the analysis of scan results and suggesting potential security weaknesses.

Endpoint

  • Burp Suite - A leading range of cybersecurity tools, brought to you by PortSwigger. Burp Suite can integrate AI to automate vulnerability detection and improve the efficiency of web application security testing.
  • Nikto - An open-source web server scanner which performs comprehensive tests against web servers for multiple items. AI can help Nikto by automating the identification of complex vulnerabilities and enhancing detection accuracy.

User

  • MISP - Open source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IoCs). AI can enhance the efficiency of threat detection and response by automating data analysis and correlation.
  • Scammer-List - A free open source AI based Scam and Spam Finder with a free API.

Tutorials and Guides

Certifications

  • IBM Cybersecurity Analyst - Get ready to launch your career in cybersecurity. Build job-ready skills for an in-demand role in the field, no degree or prior experience required.

Securing AI SaaS

Best Practices

  • NIST AI RMF - A framework for managing risks associated with AI in SaaS. It provides guidelines on how to implement AI securely, focusing on risk assessment, mitigation, and governance.

Case Studies

  • Microsoft AI Security - Case studies on securing AI applications in SaaS environments. These case studies demonstrate how AI can be used to enhance security and protect against evolving threats.
  • Google AI Security - Insights and case studies from Google on how to secure AI applications in the cloud.

Tools

  • IBM Watson - Tools and solutions for securing AI applications. Watson uses AI to analyze vast amounts of security data and identify potential threats, providing actionable insights for cybersecurity professionals.
  • Azure Security Center - Comprehensive security management system for cloud environments. AI and machine learning are used to identify threats and vulnerabilities in real-time.

Network Protection

Machine learning in network security focuses on Network Traffic Analytics (NTA) to analyze traffic and detect anomalies and attacks.

Examples of ML techniques:

  • Regression to predict network packet parameters and compare them with normal values.
  • Classification to identify different classes of network attacks.
  • Clustering for forensic analysis.

Research Papers:

Endpoint Protection

Machine learning applications for endpoint protection can vary depending on the type of endpoint.

Common tasks:

  • Regression to predict the next system call for executable processes.
  • Classification to categorize programs into malware, spyware, or ransomware.
  • Clustering for malware detection on secure email gateways.

Research Papers:

Application Security

Machine learning can be applied to secure web applications, databases, ERP systems, and SaaS applications.

Examples:

  • Regression to detect anomalies in HTTP requests.
  • Classification to identify known attack types.
  • Clustering user activity to detect DDOS attacks.

Research Papers:

LLMs:

  • garak - NVIDIA LLM vulnerability scanner.

User Behavior Analysis

User behavior analysis involves detecting anomalies in user actions, which is often an unsupervised learning problem.

Tasks:

  • Regression to detect anomalies in user actions.
  • Classification for peer-group analysis.
  • Clustering to identify outlier user groups.

Research Papers:

Process Behavior (Fraud Detection)

Process behavior monitoring involves detecting anomalies in business processes to identify fraud.

Tasks:

  • Regression to predict user actions and detect outliers.
  • Classification to identify known fraud types.
  • Clustering to compare business processes and detect outliers.

Research Papers:

Intrusion Detection and Prevention Systems (IDS/IPS)

IDS/IPS systems detect and prevent malicious network activities using machine learning to reduce false positives and improve accuracy.

Research Papers:

Books & Survey Papers

Books

Survey Papers

Offensive Tools and Frameworks

Generic Tools

  • Deep-pwning - A lightweight framework for evaluating machine learning model robustness against adversarial attacks.
  • Counterfit - An automation layer for assessing the security of machine learning systems.
  • DeepFool - A method to fool deep neural networks.
  • garak - A security probing tool for large language models (LLMs).
  • Snaike-MLflow - A suite of red team tools for MLflow.
  • HackGPT - A tool leveraging ChatGPT for hacking purposes.
  • HackingBuddyGPT - An automated penetration tester.
  • Charcuterie - Code execution techniques for machine learning libraries.

Adversarial Tools

Poisoning Tools

  • BadDiffusion - Official repository to reproduce the paper "How to Backdoor Diffusion Models?" published at CVPR 2023.

Privacy Tools

  • PrivacyRaven - A privacy testing library for deep learning systems.

Defensive Tools and Frameworks

Safety and Prevention

  • Guardrail.ai - A Python package to add structure, type, and quality guarantees to the outputs of large language models (LLMs).

Detection Tools

  • ProtectAI's model scanner - A security scanner for detecting suspicious actions in serialized ML models.
  • rebuff - A prompt injection detector.
  • langkit - A toolkit for monitoring language models and detecting attacks.
  • StringSifter - A tool that ranks strings based on their relevance for malware analysis.

Privacy and Confidentiality

  • Python Differential Privacy Library - A library for implementing differential privacy.
  • Diffprivlib - IBM's differential privacy library.
  • PLOT4ai - A threat modeling library for building responsible AI.
  • TenSEAL - A library for performing homomorphic encryption operations on tensors.
  • SyMPC - A secure multiparty computation library.
  • PyVertical - Privacy-preserving vertical federated learning.
  • Cloaked AI - Open source property-preserving encryption for vector embeddings.

Theoretical Resources

Resources for Learning

  • MLSecOps podcast - A podcast dedicated to the intersection of machine learning and security operations.

Uncategorized Useful Resources

Research Papers

Adversarial Examples and Attacks

Model Extraction

Evasion

Poisoning

Privacy

Injection

Other Research Papers

About

Welcome to the ultimate list of resources for AI in cybersecurity. This repository aims to provide an organized collection of high-quality resources to help professionals, researchers, and enthusiasts stay updated and advance their knowledge in the field.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published