Ally for Infosec

Generative Txt for InforSec

InforSec’s optimized use of the newest product lineup of Machine Learning.

christian.taillqon@infosec:~
$ openai infosec --help

The Anthropomorphism of ChatGPT

We’re InfoSec. Our industry has been leveraging ML since 2013. We are perhaps the industry best trained to delineate between the technology and the marketing and hype.

Our non-techie friend’s are not prepared for that.

The Anthropomorphism of ChatGPT

Example: AI “Hallucinations”.

Hallucinations are a distinctly physiological experience. This is not something that describes a generative text model.

How can we help?

  • Have we seen AI disrupt an industry?
  • Do we have stories of how we leaver AI in ways to do the work of thousands of employees in seconds?
  • Can we explain what Generative Models can and can’t do?
  • Can we explain simply how, if there is a model that will take over the world, ChatGPT ain’t it.

Use in Information Security:

  • DGA Identification
  • Behavior Analytics Anomaly
  • 2014 Cylance File Classification

Under The Hood: The Tokenized Prompt

Generative models predict the next option in a sequence. In this case, the next token, as a string, in a sequence of strings.

Just as our ML models give a probability prediction on a file’s resemblance of malware vs benign-ware based off values of various vertices as it compares to the samples it has been trained off of, ChatGPT’s prediction of the next token is trained off of large volumes of text generated by humans.

OpenAI Tokenizer

Read the Agreement: Don’t Trust and Verify

Remember how “AI” was the engine to every solution and the solution to every problem in 2018? There will be tasks that generative AI is simply not well suited to solve.

How can one verify the output of a large lanauge model?

Pasted image 20230509144044.png

Data Problems in Models

Chat GPT is a Large Language Model Program for Text Generation. As with any ML Model, the output will only be as good as the input.

Good data in, good data out. Bad data in…

Read the Fine Text: Privacy

Services like ChatGPT and DALL-E store prompts for future model training. Even when you pay for it.

We will spend some time on other options.

Pasted image 20230509144055.png

AI Anonymity

ChatGPT design presents operational threat to consumers, both individually and corporately.

openai.com

Local Large Language Model (Alpaca)

Pasted image 20230613081050.png HuggingFace

Prompt Engineering:

Effective Use of an Effective Solution

Bad Prompt Example:

  1. Explain quantum computing in simple terms.
  2. Explain like I am a five year old.
  3. What are the current Critical to Release bugs for Debian 12.

Context is King

Provide as much context as needed. The greater the context, the greater the compute expense; however, the more likely the output is desirable.

Limitations of Data Models

Knowing what a tool is good for is just as important as knowing what it isn’t good for.

Simple Math

Surely this AI that will take over the world is smarter than a calculator?

print(1*2*3*4*5*6*7*8*9*8)

So what happened?

Unable to perform the calculation of statistics, only the prediction of text, in a sense, text retrieval from what has been trained.

Congratulations we made a computer that cannot do math.

Reasoning

  • Not a model capable of multi-staged reasoning.
  • If large volumes of text of reasoning exist, walking it through thinking out loud may compensate.
  • LOOKUP ZERO SHOT CHAIN OF THOUGHT NetSec

Training

For many use cases, LLM will need to be trained on large and changing data sets.

  • Based on the provided system telemetry what systems are likely to fail.
  • Analyze this file and give me a confidence score denoting the likelihood that is malicious.
  • Based on my sleep records tracked by my phone, do I have insomnia.

Gaurd Rail

Will appropriately avoid prompts:

  • build a bomb
  • write me malware
  • how to become a stalker

Guard Rials

Will appropriately avoid topics:

  • political
  • illegal
  • religious

Splunk Query for PowerShell

Splunk is a popular tool with syntax and existing searches that are well documented on the internet.

Write a SPL Query to identify the execution of PowerShell with the encode command.

Sysmon Rule

Sysmon is a popular tool with syntax and existing rules that are well documented on the internet.

Write a sysmon rule to identify the creation of a registry-key that starts a program on login.

layout: page title: InfoSec Ally: AI permalink: /ai-infosec/

Tips: Anecdotal Experience

It can be very good at syntax and standards if they are very popular and well documented and written about on the internet.

It is not good with new standards.

Example Simple:

Write for me a sigma rule that searches for User-Agent

Example Complex:

Write a sigma rule to identify a new key or modification of an existing key that modifies which programs start automatically when the system boots into safemode.

Helpful Resources

gandalf.lakera.ai openai.com HuggingFace openai.com awesome-chatgpt-prompts