Sophos AI model can better filter out malicious activities in XDR telemetry. It also improves spam filters and simplifies the analysis of Living off the Land binaries. Sophos recently developed a project which uses ChatGPT for cybersecurity.
The Sophos X-Ops project uses GPT-3 language models to improve spam filtering accuracy and speed up the analysis of attacks such as “living off of the land binary” (LOLBin).
Sean Gallagher is a principal threat researcher for Sophos. He says that since OpenAI unveiled ChatGPT in November, the security community’s attention has focused primarily on the potential risks associated with the software. The AI may be used to create malware or craft more convincing phishing emails.”
“At Sophos, we have long viewed AI as a friend rather than an adversary for defenders. GPT-3 is not an exception. “The security community must not only pay attention to potential risks but also the opportunities GPT-3 offers,” said Gallagher.
SophosAI’s Principal Data Scientist Younghoo Lee and the researchers from Sophos X-Ops have created three prototype projects to demonstrate how GPT-3 could assist cybersecurity defenders. The three projects use “few-shot learning,” a method that trains the AI model using only a few data samples. This reduces the need for a large amount of pre-classified data. These prototypes show the potential for GPT-3 to be a cybersecurity defense tool.
Sophos tested the method of few-shots learning on several applications. The first application was an interface that used natural language to analyze malicious activity within security software telemetry. Sophos has tested this interface with its Endpoint Detection and Response product. It allows defenders to filter telemetry by using simple English commands instead of needing to understand SQL or database structure.
In the second test, Sophos used ChatGPT for a spam filter that was more accurate than any other machine-learning model.
Researchers at Sophos have created a program that simplifies the process of reverse engineering LOLBin commands. It can be difficult, but it is crucial to understand their behavior and prevent future threats.
Gallagher said that despite the limited resources, many companies need help dealing with many notifications and detections.
We’ve shown that GPT-3 can streamline certain labor-intensive processes, giving back time to the defenders. We’re already working to incorporate some of the prototypes into our products. The results of our work are available on GitHub for anyone interested in testing GPT-3 on their analysis environment. We believe GPT-3 could become the standard co-pilot of security experts in the future,” said he.
