ChatIDS, TrojanNet, Twitter, NeRF June 25th – July 1st This Week in Security

Editor's introduction 

This week in security editor is Koichi.  This week I chose topics of chatIDS, TrojanNet, and Twitter restriction and NeRF.
We in F5 SIRT invest a lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, and your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT

 

ChatIDS

Generative AI is used for a variety of applications, and there are examples of applications to security. For example, Microsoft released Security Copilot, which is an LLM application to advise Security engineers for incident responses. This research is an adaptation of ChatGPT style LLM into an Intrusion Detection System (IDS: I wrote an article about it). IDS detects traces of intrusion and indications of compromise from huge logs and packet payloads, but the user needs expertise in computer/network security to understand its alert. Thus, the cost of hiring the IDS expert is needed to use IDS.

The ChatIDS uses LLM ability to explain IDS alerts in human-friendly terms and helps security engineer who does not have enough security knowledge to understand traditional IDS alerts, thus the efficiency of detecting indications of compromises improves. And it seems feasible that this could be also applied to WAF.

ChatIDS: Explainable Cybersecurity Using Generative AI

 

TrojanNet

A quantum computer is a computer whose calculation speed is geometrically faster than that of the computer we know,  and even if the calculation volume increases, the power requirements and heat emissions remain in the same level (or stable).  The possibility is that quantum computers could be used for applications such as cryptanalysis and that the RSA cipher might be deciphered (this article reported that some Chinese scientist clamied RSA with key length 2048bit will be cracked in "nearst future"). Currently, some quantum computer is available online and for free use.
Examples of quantum computer:  
- IBM-Q (online accesible quantum computer) 
- Qiskit (opensourse framework)
Since a quantum computer is a computer, it is a target of cyber attacks. One of the cyber attack methodologies is to inject Trojan into its circuit.
The research is to detect Trojan in quantum circuits. They also compared the performance with Machine Learning based Trojan detection mechanism.

TrojanNet: Detecting Trojans in Quantum Circuits using Machine Learning

 

Twitter restriction

On 30 June, Twitter suddenly restricted its API access and the viewing of Tweets without login. It then added a limit on the number of Tweets that can be viewed in a day for existing users. It is called “RateLimit”, the same name as the BigIP's AFM's RateLimit.

This means that many websites that quote Tweets in their articles (DevCentral also has a Twitter account.) can no longer see the original Tweet. For example, museums and other places that use official twitter account for advertising and news distribution have had to redesign their websites as it is embedded within the website. 
By the way, a study was also just published on using Twitter data to detect cyber-attacks.

Can Twitter be used to Acquire Reliable Alerts against Novel Cyber Attacks?

Copying 3D space from photograph: NeRF

When a person appears in a photograph or video, sometimes the eye refrection of the person shows what the person sees. However, they could only obtain 2D information.
By the way, there is a technology called photogrammetry. This is science and technology for analysing and integrating multiple photographs to generate a three-dimensional CG model. NeRF is a technology that uses AI to infer the three-dimensional shape of an object and generate a three-dimensional CG model from a small number of photographs, even if there are no photographs of the entire object.
By combining these technologies, a technology has been developed to reproduce a three-dimensional space from the pupil in a photograph. This has led to the proposal of a method to reproduce, in 3DCG, what a person is looking at from the image in their eyes.
Seeing the World through Your Eyes