AI for Mobile(Android&iOS) app VAPT
Any Cyber Security Company in the present scenario doesn't use AI efficiently and extensively for Mobile VAPT. This is an ambitious project trying to implement the same from scratch.
a. AI Enabled Code Analysis and Mutation
b. DRL(Deep Reinforcement Learning) + NLP Based Dynamic Anaysis
c. Adversarial Attack Strategies
d. Graph Neural Network for Dependency Analysis/Event occured
e. Self Healing and Auto Remediation
f. Decentralized Privacy Techniques
g. Predictive Security Analysis
h. Intelligent scheduling of vulnerabilities and load balancing/pipelining(while testing)
i. Broader and Generalized Attack Vectors
##future Ideas##
a. Quantum Safe Cryptography Integration
2-2.5 year plan
4 months(Start from January 2023 to April 2023)
a. Dataset collection and preparing a training dataset(collect data seperately for Android and iOS)
Focus Pointer
step 1: collect/legally scrap data from google, cve, masvs and other sources
step 2: use a suitable method storage for the data collected
step 3: collect static and dynamic/hybrid vulnerabilities seperately
step 4: I would take the responsibility to handle large set of data, train the model with large set of training data and allot chunks of data to contributors for testing the functionalities they developed based on the requirement.
84 weeks/strategy(Individually implement the ideas using ai)
b. Research existing code analysis strategies.-- done, add views here
c. Implement basic and advanced code analysis functionalities -- plan to use NLP Models(eg BERT, GPT), try pretrained models like Hugging Face's Transformers. Also use of Rule Based Systems(that don't require Machine Learning) which can be easily intergrated
d. Develop Mutation Starategies based on analysis(reverse engineering)
##future scope##
e. Integration various tools during dynamic analysis.
f. interatively improve strategies based on testing outcomes
##future scope##
tester feedback based improvement
g. Study Deep Reinforcement Learning(DRL) for Dynamic Analysis
h. Design and implement a Prototype for dynamic analysis
i. Test and refine DRL based dynamic analysis model.
j. continuous enhance these strategies based on test results and evolving threats
k. Research adversarial attack methods
l. Develop initial adversarial attack strategies
m. Test strategies against code analysis and dynamic analysis
n. iteratively improve security modela and frameworks
o. Explore graph neural network(GNN) applications(dependancy analysis)
p. Implement GNN for dependancy analysis
q. Integrate GNN with existing analysis modules
r. iterative improvements
s. Research self healing techniques in code
t. Develop initial auto-remediation starategies
u. Test and refine auto-remediation features
v. Investigate decentralized privacy methods
w. Implement basic decentralized privacy measures.
x. Enhance and expand decentralized privacy functionalities.
y. Research predictive security models
z. Develop and integrate predictive security analysis
aa. Validate and optimize predictive security algorithms.
ab. Identify broader attack vectors in security
ac. Intelligent scheduling of vulnerabilities and load balancing/pipelining(while testing)
ad. Deveolop a framework for generalized attack vector analysis
ae. Test and expand the framework against various scenarios
##future works##
Threat intelligence integration
0 day vulnetrabilities
a. Collect training and test data from research papers, cwe, masvs, chatgpt and other sources
b. To integrate open-source tools and create a common playground for them.
c. Test mobile applications in semi-automatic manner.
d. Use comprehensive AI learning methods using NLP and other techniques.
Contributors who want to contibute to this project are always welcome.
Contact: [email protected], or through github issues/discussions