Track: CyberSecurity

Inspiration

The inspiration for our project was the competition called Cyber patriots. The competition entails having to fix vulnerable systems in a limited amount of time. This is to simulate real life IT where systems in companies can be compromised and need to be patched before getting exploited. Our tool was meant to be an automated tool.

What It Does

Our application is an efficient way to manage remote machines and uses AI for real time scanning of the system. You can connect to a new machine using our program and the AI will run a first scan and discover vulnerabilities in the remote system. The AI will attempt to patch the vulnerabilities using shell commands and log all of its actions into the website. You can view the actions in real time with the ability to hit the kill switch if you notice anything wrong. The scan will result in a success or a fail and every system command will show up in persistent logs saved to our back end.

How We Built It

We used Next.Js as the back end with PocketBase (portable Firebase alternative) as our database. For the AI model we fine tuned our own version of llama70B on cybersecurity and malware scripts. Allowing the model access to this data allowed it to know what vulnerabilities to look for and how to patch them along the way.

Challenges We Ran Into

We ran into challenges while implementing the AI and actually testing it. Contrary to common belief, it is actually hard coming up with a vulnerable server when creating a new computer. We had to purposefully install vulnerable system images to refine and test our AI. We were successfully able to patch these systems. Another challenge we ran into was live system logging. Originally, the company managing the computer would only see the result of the AI after it had completed or failed. This was not very useful as the manager would not be able to view what commands the AI was running. If the AI performed dangerous actions, it would be impossible to know until the completion of the system scan. To counter this issue we implemented websockets which allowed us to have realtime access to the logs as they were running.

What We Learned

We learned how to use the Llamaindex library which allowed us to efficiently connect our app into big LLM providers. We also learned how to use websockets for real time data transfer between systems.

What's Next For VulnerabilityAI

Implement a user management system for multiple companies to have a centralized dashboard to monitor remote machines. The server will also be hosted on a public server with a better hardware configuration so that the the back end, database, and local AI model can run on the same server.