How AI is helping UniSC students stop hackers
Artificial intelligence has been called everything from a “threat to our very humanity” to “the next industrial revolution.”
First published on University of the Sunshine Coast
Artificial intelligence (AI) has been called everything from a “threat to our very humanity” to “the next industrial revolution.”
UniSC cyber security lecturer Dr Dennis Desmond sees it as an opportunity.
One he has seized with both hands.
“A few years ago, I started building an interactive exercise for my Introduction to Cybersecurity students to face the real-world challenges of cyber defence and I started utilising AI to help flesh it out.
“It starts off simply enough. The students are asked to consult a company with a number of highly- sensitive defence and technology contracts, on their cyber security risk.”
“Now it’s evolved into this very complex, intricate and detailed virtual ecosystem where they’ll cross paths with Bulgarian hackers, police and rival companies – all while scrutinising the practices and policies of their own company and its hundreds of employees.”
To create this world, Dr Desmond has employed the use of AI to create everything from company logos and hundreds of detailed employee profiles, through to a working domain for a Bulgarian hacking group – in four different languages.
He’s even trialled AI chatbots – that have been fed relevant information – to respond to students’ attempts to coerce, probe and socially engineer information out of the virtual employees.
Dr Dennis Desmond is using artificial intelligence to help bring his exercise to life - from staff profiles and company logos to chatbots.
“Eventually I’d like to develop the profiles of the employees and law enforcement officials into fully interactive avatars, with realistic responses from chatbots that have been trained on data specific to the exercise. A lot of that correspondence is currently being done manually,” Dr Desmond said.
“One day I’d love to convert this all into a ‘cyber range’. That’s a completely integrated, functioning network that they could physically operate in - fixing things, scanning networks, finding vulnerabilities, replacing equipment, building capabilities and more. That would open up a world of opportunities.”
While the companies, hackers and scenario in the exercise are virtual, Dr Desmond says the constraints and complications of the real world are a vital piece of the educational puzzle.
“One of the challenges in an academic environment is trying to replicate the real-world environment,” Dr Desmond said.
“In this assessment, students have to work in teams under an organisational structure with financial constraints and labour resource constraints. In the second half of the exercise, they actually split up into a hacking group trying to exploit the company and a cyber security group trying to protect it – with different operational budgets.
“Most students hate working in groups, but we’ve received overwhelmingly positive feedback on this exercise.”
Dr Desmond said the buy-in from his students has not only been heartening from an educator’s point of view, it’s also manifested in some remarkable displays of ingenuity.
“Without giving too much away, we’ve seen some incredibly creative and sophisticated efforts to break down this company’s cyber security measures. Past students have operated under false identities, employed phishing scams and scoped out building specifications,” Dr Desmond.
“Meanwhile the students tasked with protecting the company have displayed an impressive understanding of these hacker methodologies and coordinated some fantastic efforts to protect against them.
“It’s exciting to think what approaches future students might take, as the exercise continues to develop with greater AI-assisted capabilities.”