A global leader in the innovating and delivering cybersecurity service- Sophos, has released new research on how the cybersecurity industry can leverage GPT-3, the language model behind the now well-known ChatGPT framework, as a co-pilot to help defeat attackers.
The most recent publication, “Applying AI Language Processing to Cyber Defenses,” describes initiatives created by Sophos X-Ops that make use of GPT-3’s massive language models to speed up analysis of “living off the land” binary (LOLBin) assaults and more correctly filter spam.
The security community has mainly concentrated on the possible hazards this new technology could bring since OpenAI debuted ChatGPT back in November. Can the AI assist would-be attackers in creating malware or aid hackers in creating phishing emails that are far more convincing? You might be right, but at Sophos, we’ve long viewed AI as a friend rather than an adversary for defenders, making it a foundational technology for Sophos, and GPT-3 is no different. In addition to possible concerns, the security community should also be aware of potential opportunities brought by GPT-3, according to Sean Gallagher, chief threat researcher at Sophos.
Younghoo Lee, the principal data scientist for SophosAI, and other Sophos X-Ops researchers have been working on three prototype projects that show the potential of GPT-3 as a helper for cybersecurity defenders. All three of them make use of a method known as “few-shot learning” to train the AI model with just a small sample of data, hence minimizing the requirement to gather a huge amount of pre-classified data.
A natural language query interface for sorting through dangerous behavior in security software telemetry was the first application Sophos tested using the few-shot learning technique; specifically, Sophos tested the model against its endpoint detection and response product.
This interface eliminates the requirement for defenders to comprehend SQL or a database’s underlying structure by allowing defenders to sift through the telemetry with simple English instructions.
The filter employing GPT-3 was shown to be much more accurate than previous machine learning models for spam filtering when Sophos tested it against a new spam filter using ChatGPT.
Finally, Sophos researchers were able to develop a tool that would make it easier to reverse-engineer LOLBins’ command lines. Although famously challenging, this kind of reverse engineering is necessary for understanding LOLBins’ behavior—and putting a stop to future attacks of that nature.
The volume of incoming “noise” is one of the security operation centers’ major worries. Security specialists’ typical co-pilot,” added Gallagher.
Leave a comment