AutoAttacker: A Large Language Model Guided System to Implement Automatic Cyber-attacks
arxiv(2024)
摘要
Large language models (LLMs) have demonstrated impressive results on natural
language tasks, and security researchers are beginning to employ them in both
offensive and defensive systems. In cyber-security, there have been multiple
research efforts that utilize LLMs focusing on the pre-breach stage of attacks
like phishing and malware generation. However, so far there lacks a
comprehensive study regarding whether LLM-based systems can be leveraged to
simulate the post-breach stage of attacks that are typically human-operated, or
"hands-on-keyboard" attacks, under various attack techniques and environments.
As LLMs inevitably advance, they may be able to automate both the pre- and
post-breach attack stages. This shift may transform organizational attacks from
rare, expert-led events to frequent, automated operations requiring no
expertise and executed at automation speed and scale. This risks fundamentally
changing global computer security and correspondingly causing substantial
economic impacts, and a goal of this work is to better understand these risks
now so we can better prepare for these inevitable ever-more-capable LLMs on the
horizon. On the immediate impact side, this research serves three purposes.
First, an automated LLM-based, post-breach exploitation framework can help
analysts quickly test and continually improve their organization's network
security posture against previously unseen attacks. Second, an LLM-based
penetration test system can extend the effectiveness of red teams with a
limited number of human analysts. Finally, this research can help defensive
systems and teams learn to detect novel attack behaviors preemptively before
their use in the wild....
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要