Authors:
(1) Constantinos Patsakis, Department of Informatics, University of Piraeus, 80 Karaoli & Dimitriou str., 18534 Piraeus, Greece and Information Management Systems Institute of Athena Research Centre, Greece;
(2) Fran Casino, Information Management Systems Institute of Athena Research Centre, Greece and Department of Computer Engineering and Mathematics, Universitat Rovira i Virgili;
(3) Nikolaos Lykousas, Data Centric, Romania.
Table of Links
Abstract and 1 Introduction
2 Related work
2.1 Malware analysis and countermeasures
2.2 LLMs in cybersecurity
3 Problem setting
4 Setting up the experiment and the dataset
5 Experimental results and discussion
6 Integration with existing pipelines
7 Conclusions, Acknowledgements, and References
2.2 LLMs in cybersecurity
Given the contextual understanding of an LLM, they can manage and analyse extensive volumes of text data sourced from news articles, blogs, forums, and social media platforms. The latter can be used to identify emerging cybersecurity threats, vulnerabilities, and attack trends and enhance existing threat intelligence pipelines [10]. Phishing detection and analysis has also been studied in the context of LLMs [15, 5, 29]. The latter, however, is an open research line that should be enhanced by considering visual elements, contextual data, and coding aspects of emails to guarantee robust analysis.
LLMs can ingest security-related data, such as traffic logs generated by various systems and applications and intrusion detection system alerts to identify malicious activity, correlate events, and assist security teams. Moreover, since the output of the tools can be interpreted, LLMs can be used for penetration testing [6]. Additionally, LLMs are proficient in deciphering complex security guidelines, automating compliance checks, and producing comprehensive compliance documentation, thereby ensuring that organisations adhere to sector-specific norms. In this regard, they have been effectively utilised in developing cybersecurity frameworks [21]. Their proficiency in composing human-like and contextually pertinent text can be harnessed to create realistic security training resources, cybersecurity scenarios [33], descriptions of security protocols and policies, and interactive security trivia for cybersecurity awareness campaigns.
On the downside, LLMs can also be abused to leverage cybercrime campaigns. For instance, LLMs have been used to launch cyber attacks [13], facilitate malware development, and generate phishing emails [25]. Since LLMs can be abused for various purposes, numerous discussions have been initiated about their use, biases, training, access to resources, and compliance with legal, regulatory, and ethical standards. In this regard, Stanford’s Center for Research on Foundation Models (CRFM) recently evaluated the major AI companies on their transparency [2]. The findings revealed a troublesome gap in the AI industry’s transparency, with the highest-scoring model, Meta’s Llama 2, attaining 54 out of 100 according to their benchmarks.
This paper is available on arxiv under CC BY-NC-SA 4.0 by Deed (Attribution-Noncommercial-Sharealike 4.0 International) license.
