How Sophos is leveraging AI language processing to improve cyber defence
The AI revolution has started and those that don’t embrace it will be left playing catch up. Leading cybersecurity firm Sophos knows this and is already setting precedence in terms of using AI to combat cybercrime.
In a recent report, the company has demonstrated how it can leverage GPT-3 to improve the functionality of its solutions, and it spells new hope for the cybersecurity world. From deep fakes to AI-powered malware hackers, news headlines are currently filled with all the potential ways that cybercriminals can use AI and it's scary.
However, Sophos has chosen to take a different route.
“Since OpenAI unveiled ChatGPT back in November, the security community has largely focused on the potential risks this new technology could bring,” said Sean Gallagher, principal threat researcher, at Sophos.
“Can AI help wannabe attackers write malware or help cybercriminals write much more convincing phishing emails? Perhaps, but, at Sophos, we’ve long seen AI as an ally rather than an enemy for defenders, making it a cornerstone technology for Sophos, and GPT-3 is no different. The security community should be paying attention not just to the potential risks, but the potential opportunities GPT-3 brings,” he added.
In their report, Sophos have described how they managed to leverage AI to not only simplify the search for malicious activity in datasets but also to more accurately filter spam and speed up analysis of “living off the land” binary (LOLBin) attacks.
The company used a technique called “few-shot learning” to train the AI model that they used in three prototype projects.
The first application Sophos tested was a natural language query interface for sifting through malicious activity in security software telemetry; Thanks to AI, researchers were able to filter through the telemetry with basic English commands, eliminating the need for them to understand SQL or a database’s underlying structure.
Next, Sophos integrated Chat-GPT into a new spam filter. Unsurprisingly, the GPT-3 filter was more accurate than any of their other existing machine-learning models for spam filtering.
Finally, by leveraging generative AI, Sophos significantly simplified the process of reverse-engineering the command lines of LOLBins. The process is notoriously difficult even though it's a critical step in understanding LOLBins’ behaviour to prevent future attacks.
“One of the growing concerns within security operation centres is the sheer amount of ‘noise’ coming in. There are just too many notifications and detections to sort through, and many companies are dealing with limited resources. We’ve proved that, with something like GPT-3, we can simplify certain labour-intensive processes and give back valuable time to defenders,” Gallagher said.
The company is in the process of incorporating the prototype projects into their main products.