Abstract
Canaries are resources in a network or cloud environment that are not meant to be used. Any usage or access of these resources is treated as de facto evidence that a malicious adversary has compromised the network. However, off-the-shelf canaries can be easily spotted by attackers as they may differ from the rest of the network topology, architecture, naming conventions, etc. in obvious ways, thereby reducing their effectiveness. This disclosure describes the use of generative artificial intelligence (AI) to generate canaries that resemble an existing network architecture or cloud environment. A generative AI model is trained on existing infrastructure in a network or cloud environment and is used to generate infrastructure as code (IAC) files. The IAC files are used to trigger build and deploy jobs that create resources that strongly resemble other resources in the network that are in use. Access to the canaries is detected by a security management system that triggers alarms. By camouflaging canaries such that they resemble other resources, the described techniques reduce the ability of malicious attackers to detect them, thereby improving security.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Brown, Aaron M., "Generating Plausible Infrastructure Canaries Using Generative Artificial Intelligence", Technical Disclosure Commons, (October 14, 2024)
https://www.tdcommons.org/dpubs_series/7426