It began with research into files malware and the problems in security that it presented based on the our findings in regards to the latest Malwarebytes report. We originally wanted to incorporate an AI that would help prevent this, but discovered that several antiviruses have already solved this problem. That didn't stop us because we wanted something proactive and offensive in nature, not reactive like the devices available now. So we decided to go another route with AI in cyber security. Throughout all of our studies in Cyber Threat, one technique is used more frequently than others. The Man In The Middle(MITM) attack allows the actor to embed themselves onto the targets network. While operating inside the can get access to sensitive info as it flows thru the network, additionally scan the network for other machines, open ports, operating systems, and all helping the attacker plan his next move as to where to go next. That's when it hit us, why not take a page from the attackers and place our own insider AI, someone between us and them. Thus, Lady In Between (LIB) was born.
What it does
LIB plays the same role as MITM attack. It will make its way into your network, where it will act at first, just like a the tools and frameworks used in this type of approach in penetration. The key difference is that all the information she gathers will be returned to the host of the machine and not an unwanted intruder on the network. Alerting the user of any known vulnerabilities or exploits it may find while performing her duties. Lib will periodically update all here database knowledge so its keeping up with all cyber security related events, in terms of new day zero exploits. Because LIB is constantly vigilant she has the capability to also act as a Intrusion Detection System (IDS), again alerting the user of unwanted or suspicious behavior. LIB goal isn't to stop malicious actor from getting in but rather prepare you to harden their machines, so when it does happen damage will be minor to none. She is design to be a more user interactive layer of defense.
How We built it
It began simple then became complicated again. At first, we were just going to have a simple python script that had Watson AI run an Nmap scan. Then we realized that that was not exactly what were aiming for. One of us worked on the code for the self diagnostic tests while the other experimented with NodeJs, JSON, and different kinds of API's to find a way to incorporate that complex self diagnostics code. What we eventually settled on is a python script that has the user sign in as it connects them to the Watson servers and databases, then gives the user the choices of what they see. We equip LIB with the best tools being used by the same people trying to get in. In total we broke down and analyze 3 of the most popular framework (Morpheus,MITMF,and Xerosploit) used by malicious actor and pen tester's alike. We gave her access to the largest and most up reliable database of exploits and vulnerabilities in the wild that also provide descriptions and solutions on how to fix them.
Challenges we ran into
So many coding errors Because of the vast wide array of LIB's tools many coding languages had to be used and as most know they don't always play well together. Also the data in terms of code that the Watson API allowed us was limited so downsizing was needed for now.
Accomplishments that we are proud of
Having something up and running in this short amount of time especially when no one had AI or machine learning experience speaks volumes
What I learned
AI building, NodeJs, Machine Learning.
What's next for Lady In Between (LIB)
Continue to help her grow, to learn, and make her the new age of defense the public needs.