The AI model filters malicious activity more easily into XDR telemetry, improves spam filtering and simplifies the analysis of ‘Living Off The Land’ Binaries.
Sophos, a global leader in innovating and providing cybersecurity-as-a-service, has explored how the cybersecurity industry can leverage GPT-3 – the language model behind the now-famous ChatGPT framework – as a co-pilot to defeat cybercriminals . A new report titled “Applying AI Language Processing to Cyber Defenses” provides insight into the projects developed by Sophos X-Ops using GPT-3’s large language models. For example, the company wants to make it easier to search for suspicious activity in security software data sets, filter spam more accurately and accelerate the analysis of attacks with ‘living off the land’ binaries (LOLBin). In the meantime, OpenAI has also launched GPT-4.
“Since the unveiling of ChatGPT by OpenAI in November, the security community has been focused on the potential risks posed by this new technology. Can the AI help wannabe attackers write malware or help cybercriminals write convincing phishing emails? Maybe so, but at Sophos we see AI as an ally rather than an enemy. It is therefore a technology cornerstone for Sophos, and GPT-3 is no different. The community should be attentive not only to potential risks, but also to the opportunities that GPT-3 brings,” said Sean Gallagher, Principal Threat Researcher at Sophos.
Sophos X-Ops researchers, including SophosAI Principal Data Scientist Younghoo Lee, have been working on three prototypes that demonstrate GPT-3’s potential as a tool for security experts. The prototypes use a technique called “few-shot learning” to train the AI model with just a few data samples. This reduces the need to collect a large amount of pre-classified data.
The first application Sophos tested using this method was a plain-language query interface to investigate suspicious activity in security software telemetry. This interface allows defenders to filter the telemetry with basic English commands, so they don’t need to understand SQL or the structure of a database.
Sophos then tested a new spam filter using ChatGPT. It found that – compared to other machine learning spam filtering models – the filter with GPT-3 was a lot more accurate. Finally, Sophos researchers created a program to simplify the process of reverse engineering the LOLBins command lines. Such reverse engineering is very complex, but also very important to understand the behavior of LOLBins and to stop these types of attacks in the future.
“One of the growing concerns within security centers is the sheer amount of ‘noise’ coming in. There are simply too many reports and detections, and many businesses are facing resource constraints. We have proven that with something like GPT-3 we can simplify some labor intensive processes and save valuable time. We’re already working on integrating some prototypes into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3. We believe GPT-3 can become a co-pilot for security experts in the future,” said Gallagher.
This is a submitted press release and is not the responsibility of the editors.
