Sophos has recently developed a project that utilises ChatGPT to enhance cybersecurity.
The project, called Sophos X-Ops, employs GPT-3’s language models to streamline the identification of malicious activity in security software datasets, improve spam filtering accuracy, and expedite the analysis of “living off the land” binary (LOLBin) attacks.
According to Sean Gallagher, principal threat researcher at Sophos, the security community has been primarily focused on the possible risks associated with ChatGPT since its unveiling by OpenAI in November. There is concern that the AI could be used by attackers to create malware or to craft more convincing phishing emails.”
“At Sophos, we’ve long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different. The security community should be paying attention not just to the potential risks, but the potential opportunities GPT-3 brings,” said Gallagher.
SophosAI Principal Data Scientist Younghoo Lee and the researchers at Sophos X-Ops have developed three prototype projects that showcase how GPT-3 can assist cybersecurity defenders. All three projects utilise “few-shot learning,” a method that trains the AI model with only a small amount of data samples, thereby reducing the need to gather a significant amount of pre-classified data. These prototypes demonstrate the potential of GPT-3 as an aid to cybersecurity defenders.
Sophos conducted tests with the few-shot learning method on several applications. The first application was a natural language query interface for analyzing malicious activity in security software telemetry. Sophos tested this interface on its endpoint detection and response product, allowing defenders to filter telemetry using basic English commands instead of having to understand SQL or a database’s structure.
In the next test, Sophos employed ChatGPT to develop a new spam filter that was much more accurate than other machine learning models for spam filtering.
Finally, Sophos researchers created a program to simplify the process of reverse-engineering LOLBin command lines, which is notoriously challenging but crucial for understanding their behaviour and preventing future attacks.
Gallagher noted on a growing concern in security operation centres is the overwhelming amount of notifications and detections to sort through, which many companies must deal with despite limited resources.
“We’ve proved that, with something like GPT-3, we can simplify certain labour-intensive processes and give back valuable time to defenders. We are already working on incorporating some of the prototypes above into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments. In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts,” he said.
