计算机安全
脆弱性(计算)
计算机科学
资产(计算机安全)
信息安全
脆弱性评估
风险管理
经济短缺
信息安全管理
恶意软件
风险分析(工程)
政府(语言学)
业务
知识管理
安全信息和事件管理
云计算
云安全计算
心理治疗师
财务
操作系统
哲学
心理弹性
语言学
心理学
作者
T. Naito,Rei Watanabe,Takuho Mitsunaga
标识
DOI:10.1109/icspis60075.2023.10344019
摘要
As businesses become more dependent on IT due to digital transformation, a variety of attackers are targeting companies, government agencies, and individuals to steal information and disrupt services. To reduce the risks these cyber threats pose, penetration testing and red teaming are important. On the other hand, these initiatives require skills and knowledge, and there is a shortage of human resources. This research aims to demonstrate the effectiveness of a system that inputs asset management data and vulnerability information into ChatGPT and searches for attack routes with a high threat level. Specifically, ChatGPT uses information used for IT asset management (OS type, version, device usage, account), vulnerability information published by CISA, and network information as input values to verify whether it is possible to output attack routes that are useful for penetration testing and red teaming. The results of the experiment confirmed that attack vectors for penetration testing and red teaming could be used to effectively uncover cybersecurity threats within an organization and perform risk assessments.
科研通智能强力驱动
Strongly Powered by AbleSci AI