Catch Me If You GAN: Using Artificial Intelligence for Fake Log Generation
This addresses a cybersecurity challenge for red teams, but it is incremental as it builds on existing static generators and explores an under-researched AI application.
The paper tackled the problem of generating fake logs to deceive system admins in cybersecurity by evaluating three GANs (SeqGAN, MaliGAN, and CoT), finding that GANs are not effective for this task but may help in detecting fake logs.
With artificial intelligence (AI) becoming relevant in various parts of everyday life, other technologies are already widely influenced by the new way of handling large amounts of data. Although widespread already, AI has had only punctual influences on the cybersecurity field specifically. Many techniques and technologies used by cybersecurity experts function through manual labor and barely draw on automation, e.g., logs are often reviewed manually by system admins for potentially malicious keywords. This work evaluates the use of a special type of AI called generative adversarial networks (GANs) for log generation. More precisely, three different generative adversarial networks, SeqGAN, MaliGAN, and CoT, are reviewed in this research regarding their performance, focusing on generating new logs as a means of deceiving system admins for red teams. Although static generators for fake logs have been around for a while, their produces are usually easy to reveal as such. Using AI as an approach to this problem has not been widely researched. Identified challenges consist of formatting, dates and times, and overall consistency. Summing up the results, GANs seem not to be a good fit for generating fake logs. Their capability to detect fake logs, however, might be of use in practical scenarios.