Catch Me If You GAN: Using Artificial Intelligence for Fake Log Generation

TL;DR

This paper evaluates the use of GANs for generating fake logs to deceive cybersecurity system admins, finding that current GAN models are not well-suited for producing convincing fake logs but may help in detecting them.

Contribution

It is the first comprehensive assessment of GANs for fake log generation in cybersecurity, highlighting their limitations and potential use in log authenticity detection.

Findings

GANs are ineffective at producing convincing fake logs

Current GAN models struggle with formatting and consistency in logs

GANs may be useful for detecting fake logs in cybersecurity

Abstract

With artificial intelligence (AI) becoming relevant in various parts of everyday life, other technologies are already widely influenced by the new way of handling large amounts of data. Although widespread already, AI has had only punctual influences on the cybersecurity field specifically. Many techniques and technologies used by cybersecurity experts function through manual labor and barely draw on automation, e.g., logs are often reviewed manually by system admins for potentially malicious keywords. This work evaluates the use of a special type of AI called generative adversarial networks (GANs) for log generation. More precisely, three different generative adversarial networks, SeqGAN, MaliGAN, and CoT, are reviewed in this research regarding their performance, focusing on generating new logs as a means of deceiving system admins for red teams. Although static generators for fake logs have been around for a while, their produces are usually easy to reveal as such. Using AI as an approach to this problem has not been widely researched. Identified challenges consist of formatting, dates and times, and overall consistency. Summing up the results, GANs seem not to be a good fit for generating fake logs. Their capability to detect fake logs, however, might be of use in practical scenarios.