Generative Artificial Intelligence (GenAI) has emerged as a powerful technology capable of autonomously producing highly realistic content in various domains, such as text, images, audio, and videos. With its potential for positive applications in creative arts, content generation, virtual assistants, and data synthesis, GenAI has garnered significant attention and adoption. However, the increasing adoption of GenAI raises concerns about its potential misuse for crafting convincing phishing emails, generating disinformation through deepfake videos, and spreading misinformation via authentic-looking social media posts, posing a new set of challenges and risks in the realm of cybersecurity. To combat the threats posed by GenAI, we propose leveraging the Cyber Kill Chain (CKC) to understand the lifecycle of cyberattacks, as a foundational model for cyber defense. This paper aims to provide a comprehensive analysis of the risk areas introduced by the offensive use of GenAI techniques in each phase of the CKC framework. We also analyze the strategies employed by threat actors and examine their utilization throughout different phases of the CKC, highlighting the implications for cyber defense. Additionally, we propose GenAI-enabled defense strategies that are both attack-aware and adaptive. These strategies encompass various techniques such as detection, deception, and adversarial training, among others, aiming to effectively mitigate the risks posed by GenAI-induced cyber threats.

翻译：生成式人工智能（GenAI）已成为一种能够自主在文本、图像、音频和视频等多个领域生成高度逼真内容的强大技术。凭借其在创意艺术、内容生成、虚拟助手和数据合成等方面的积极应用潜力，GenAI已引发广泛关注并得到大量采用。然而，GenAI的日益普及引发了对其被滥用于制作令人信服的钓鱼邮件、通过深度伪造视频制造虚假信息、以及通过看似真实的社交媒体帖子传播误导信息等行为的担忧，这给网络安全领域带来了新的挑战和风险。为了应对GenAI构成的威胁，我们提出利用网络杀伤链（CKC）来理解网络攻击的生命周期，将其作为网络防御的基础模型。本文旨在全面分析在CKC框架的每个阶段中，攻击性使用GenAI技术所引入的风险领域。我们还分析了威胁行为者所采用的策略，并考察了他们在CKC不同阶段的利用情况，强调了这对网络防御的启示。此外，我们提出了基于GenAI的防御策略，这些策略既具有攻击感知能力又具备自适应性。这些策略包括检测、欺骗和对抗训练等多种技术，旨在有效减轻GenAI引发的网络威胁所带来的风险。