Published on October 29, 2023, 9:20 pm

TLDR: Cybersecurity company Sophos has released groundbreaking research on how generative AI technology, specifically GPT-3 (ChatGPT), can assist in combatting malicious threats. Through the use of few-shot learning, the researchers trained the AI model with minimal data samples, reducing the need for large volumes of pre-classified data. The research demonstrated that GPT-3 can simplify the detection of malicious activity in security software datasets, improve spam filtering accuracy, and accelerate analysis of "living off the land" binary attacks. Sophos plans to incorporate these prototypes into their products and have made their research results available on GitHub for further testing. They believe that AI should be seen as an ally rather than an enemy for cybersecurity defenders, as it can simplify labor-intensive processes and give defenders more valuable time.

Sophos, a leading cybersecurity company, has recently released groundbreaking research on how generative AI technology can be deployed as a copilot to combat malicious threats. Specifically, their researchers have been working on three prototype projects that demonstrate the potential of GPT-3 (ChatGPT) in assisting cybersecurity defenders.

The researchers utilized a technique called “few-shot learning” to train the AI model with minimal data samples. This approach reduces the need for collecting large volumes of pre-classified data. The details of these projects are outlined in Sophos’ latest report titled “GPT for You and Me: Applying AI Language Processing to Cyber Defenses.”

According to the report, GPT-3’s powerful language models can simplify the detection of malicious activity in security software datasets, improve spam filtering accuracy, and accelerate analysis of “living off the land” binary (LOLBin) attacks.

Since OpenAI introduced ChatGPT last year, there have been concerns within the security community about its potential risks. Questions have been raised regarding whether this AI technology could assist attackers in creating malware or help cybercriminals craft more convincing phishing emails.

However, Sean Gallagher, Principal Threat Researcher at Sophos, emphasizes a more optimistic view. He believes that AI should be seen as an ally rather than an enemy for defenders and considers it a cornerstone technology at Sophos. According to Gallagher, while it is crucial to acknowledge potential risks, it is equally important to recognize the opportunities that GPT-3 brings.

Sophos conducted several experiments using few-shot learning methodology. One application involved creating a natural language query interface for analyzing malicious activity in security software telemetry. This interface allows defenders to filter through telemetry using basic English commands, eliminating the need for understanding complex database structures or SQL queries.

Another experiment focused on developing a new spam filter using ChatGPT. The results showed that GPT-3 significantly outperformed other machine learning models in terms of accuracy.

Lastly, Sophos researchers used generative AI to simplify the process of reverse-engineering LOLBin command lines. Reverse-engineering these commands is challenging but crucial for understanding and preventing future attacks of this nature.

Gallagher pointed out that one of the main concerns in security operations centers is dealing with the overwhelming amount of notifications and detections. Many companies face resource limitations when it comes to sorting through this noise. He believes that leveraging technologies like GPT-3 can simplify labor-intensive processes and give defenders more valuable time.

Sophos is already working on incorporating some of these prototypes into their products. Additionally, they have made their research results available on GitHub for those interested in testing GPT-3 within their own analysis environments.

Looking ahead, Gallagher envisions a future where GPT-3 becomes a standard co-pilot for security experts. As AI continues to advance, its potential impact on cybersecurity defense strategies cannot be understated.

Share.

Comments are closed.