Sophos AI projects explored how Chat GPT-3 can be used to identify and block malicious activity. “While not perfect, these approaches demonstrate the potential of using GPT-3 as a cyber-defender’s co-pilot,” Sophos said in a blog post. Sophos has posted the results of its experimental efforts on SophosAI’s GitHub developer page and open-sourced them. Cybersecurity experts have since warned that ChatGPT and other AI tools can enable threat actors to execute convincing scams and create sophisticated malware. These concerns have only heightened with the release of GPT-4, labeled the future of AI.
Leveraging GPT-3 for Cybersecurity
Sophos’ projects looked at ways GPT-3 can be used to detect spam and search for evidence of malicious activity. In the first project, Sophos AI used ChatGPT to search through security telemetry, taking commands written in English, to search for malicious processes such as “powershell.exe,” typically launched by hackers who get admin access. It shows the results of the search “without the user needing to understand the underlying database structure, or the SQL language itself,” Sophos said. The second experiment focused on detecting malicious spam, like phishing emails. Sophos AI Principal Data Scientist Younghoo Lee found that “GPT-3 significantly outperformed other, more traditional machine learning [ML] approaches” in spam classification and detecting malicious code. The third experiment demonstrated how to use AI to detect modified “LOLBins,” (living-off-the-land-binaries), which are typically non-malicious data found in operating systems but can be exploited by hackers in file-less, undetectable malware attacks, like the DarkwatchMan RAT campaign. ChatGPT is good at scanning LOLBins because it is “well-versed in code in many forms” and can reverse-engineer the usually-hidden LOLBins without human input, Sophos said.
The ‘Few-Shot Learning’ Technique
In all three experiments, the Sophos AI team used the “few-shot learning” technique to train GPT-3’s Curie and larger Davinci AI models with minimal information, reducing the need to collect a large amount of pre-classified data. “Both models improved considerably with the introduction of fine-tuning, but the larger model could infer better because of its size and would be more useful in an actual application,” Sophos said. The latest iteration of ChatGPT, GPT-4, is hundreds of times more powerful than GPT-3. As such, this creates the potential for an uptick in sophisticated AI-generated threats such as polymorphic malware. Principal Security Engineer at HYAS, Jeff Sims, told VPNOverview that “AI code generative techniques” represent a new breed of cyber threats. Sims said these techniques “could synthesize new malware variants, changing code such that it can evade detection algorithms.” “By leveraging AI (Artificial Intelligence) technologies, an AI-assisted SOC (Security Operations Center) will understand user intent and recommend courses of action in the near future. Our AI-powered query interface is one of the steps toward our AI-assisted SOC vision,” Sophos AI said.
Defense Against New-Age Cyber Threats
The AI era is here, and nations like the United States are already building policies around QIS (Quantum Information Science) and how to defend against the next generation of quantum threats. Sims told us that defending against new-age threats that leverage deep learning neural networks like ChatGPT will be challenging but possible. “The best defense right now for organizations is awareness,” he said. As a regular user, it’s essential to have a premium antivirus solution on your device with real-time threat scanning capability. All our top-rated antivirus software have this crucial feature.