Sophos demonstrates how to make ChatGPT a cybersecurity co-pilot

Sophos, a global leader in innovative cybersecurity « as a Service, » releases a new study detailing how the cybersecurity industry can leverage GPT-3, the language model behind ChatGPT artificial intelligence, as a co-pilot to help thwart cyberattacks. The study, titled Applying AI Language Processing to Cyber Defenses, details projects developed by Sophos X-Ops using GPT-3’s extensive language models to simplify the search for malicious activity in security software datasets, filter spam more efficiently, and accelerate the analysis of LotL(Living off the Land) binaries attacks.

 » Since OpenAI unveiled ChatGPT last November, the security community has largely focused on the risks that could arise from this new technology. Could AI help would-be cyberattackers create malware or cybercrooks craft far more believable phishing emails? Maybe so, but at Sophos we have long seen AI as an ally rather than an enemy of cyber defense teams, making it the keystone of our technologies, and GPT-3 is no exception. The security community needs to be mindful of not only the potential risks, but also the potential opportunities that GPT-3 offers, » said Sean Gallagher, senior threat researcher at Sophos.

Sophos X-Ops researchers, including Principal Data Scientist Younghoo Lee of SophosAI, are currently working on three prototypes to demonstrate the potential of GPT-3 as an assistant to cyber defense teams. All three rely on a technique called few-shot learning (FSL) to train the AI model with a small number of samples, reducing the need to collect a large volume of pre-classified data.

The first application Sophos tested with FSL involves a natural language query interface to filter malicious activity in security software telemetry, specifically against its Endpoint Detection & Response(EDR) product. The interface allows cyber defense teams to explore telemetry data using basic commands in plain English, eliminating the need to master SQL or the underlying structure of a database.

Second, Sophos tested a new spam filter using ChatGPT and found that, compared to other Machine Learning models used for this purpose, the filter using GPT-3 was significantly more reliable. Finally, Sophos researchers were able to create a program that simplifies the process of reverse-engineering the command lines of LotL binaries. While reverse-engineering is not notoriously difficult, it is critical to understanding the behavior of these binaries and stopping these types of attacks in the future.

 » One of the growing concerns within operational security centers is the sheer volume of ‘noise’ coming in. There are simply too many notifications and detections to sort through, while many organizations have limited resources. We’ve proven that with a tool like GPT-3, we can streamline some labor-intensive processes and free up valuable time for cyber defense teams. We are already working on integrating some of the above prototypes into our products and have put the results of our work on our GitHubrepository, available for interested parties to test GPT-3 in their own analysis environment. In the future, we think GPT-3 could very well establish itself as a common co-pilot for security experts, » concludes Sean Gallagher.

# # #

To know more about…


Comments

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *