Understanding Generative AI Techniques and Their Application in Cybersecurity

Key Resources

Community Office Hours: Generative AI on March 13

Enterprise Security Content Update (ESCU) | New Releases

Splunk Blogs

Your Questions Answered

Q. How significant of an accuracy improvement is achieved with fine-tuned LLMs as compared to traditional approaches?  In order to measure improvements in accuracy, it’s important that you establish baselines before employing LLMs. Then, you can start implementing and fine-tuning your LLMs and measure the difference in accuracy. While the overall improvement may be small, we found that typically the model performed well for harder instances.

Q. What are the cost considerations while deploying LLMs?  One important cost consideration to keep in mind is the GPUs required to run LLMs. In general LLMs are resource hungry but with time, we are seeing more focused and efficient implementations.

Q. What are the privacy considerations when using Generative AI models for security use cases?  Preserving privacy while learning from sensitive data is always a challenge. However, these risks can be mitigated by adding carefully calibrated noise while training. Techniques such as Differential Privacy allow us to provide strong privacy guarantees.

Q. Probably not ML related, but is there a way/site to differentiate photos AI created on sites like this-person-does-not-exist from real ones?  This is very challenging. Once the adversary becomes aware of the defenses employed to filter out AI-generated images being used for malicious intent, they can adjust how they train the LLM to evade these defenses. So while today, my machine learning classifier may be able to correctly identify real versus fake images, the adversaries could adapt tomorrow.

Q. Beyond DGA and mis-information can you think of any user uses of generative AI by adversaries ? can you give some practical examples of generative models applied over data in the security field? or maybe a reference/link to such examples and use cases?  TWhen it comes to adversaries’ use of generative AI, there are two things to keep in mind: 1. Not every adversary is equipped to use LLMs and generative AI, given how sophisticated they are. 2. For those adversaries that are employing these technologies, it’s a bit of a cat and mouse game. For example, just like we can train LLMs to help detect certain threats or threat indicators, adversaries can then train their own LLMs to evade detection. Security focused Generative AI use cases: 1. Detecting DGAs 2. Detecting Typosquatting 3. Detecting spam 4. Detecting phished webpages 5. Privacy-friendly data generation to train models 6. Data generation to supplement sparse datasets The above mentioned use cases can also be used by the adversary to strengthen their attacks.