ChatGPT在网络安全领域的应用、现状与趋势

摘要/Abstract

摘要： ChatGPT作为一种大型语言模型技术展现出了极强的语言理解和文本生成能力，不仅在各行各业受到巨大的关注，而且为网络安全带来新的变革.目前，ChatGPT在网络安全领域的相关研究仍处于起步阶段，为了使研究人员更系统化地了解ChatGPT在网络安全领域的研究情况，归纳总结了ChatGPT在网络安全领域的应用及其可能伴生的安全问题.首先，概述了大型语言模型技术的发展，并对ChatGPT的技术及其特点进行了简要介绍；其次，从助力攻击和助力防御2个方面详细讨论了ChatGPT在网络安全领域的赋能效应，包括漏洞挖掘、利用和修复，恶意软件的检测和识别，钓鱼邮件的生成和检测以及安全运营场景下的潜在用途；再次，深入剖析了ChatGPT在网络安全领域中的伴生风险，包括内容风险和提示注入攻击，并对这些风险进行了详细分析和探讨；最后，从安全赋能和伴生安全2个角度对ChatGPT在网络安全领域的未来进行了展望，指出了ChatGPT在网络安全领域的未来研究方向.

关键词: ChatGPT, 安全赋能, 伴生安全, 大型语言模型, 提示注入

Abstract: ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.

Key words: ChatGPT, security empowerment, companion security, large language model, prompt injection

张弛, 翁方宸, 张玉清, . ChatGPT在网络安全领域的应用、现状与趋势[J]. 信息安全研究, 2023, 9(6): 500-.

参考文献

［1］Zhao W X, Zhou K, Li J,et al. A survey of large language models［J］. arXiv preprint, arXiv:2303.18223, 2023［2］Brown T, Mann B, Ryder N, et al. Language models are fewshot learners［J］. Advances in Neural Information Processing Systems, 2020, 33: 18771901［3］OpenAI. OpenAI Codex［EBOL］. (20210810) ［20230409］. https:openai.comblogopenaicodex［4］Ouyang L, Wu J, Jiang X, et al. Training language models to follow instructions with human feedback［J］.arXiv preprint, arXiv:2203.02155, 2022［5］Fu Y, Peng H, Khot T. How does GPTobtain its ability? Tracing emergent abilities of language models to their sources［EBOL］. (20230101) ［20230409］. https:yaofu.notion.siteHowdoesGPTObtainitsAbilityTracingEmergentAbilitiesofLanguageModelstotheirSourcesb9a57ac0fcf74f30a1ab9e3e36fa1dc1［6］Aderduo. 我使用ChatGPT审计代码发现了200多个安全漏洞(GPT4与GPT3对比报告)［EBOL］. (20230327) ［20230409］. https:mp.weixin.qq.comsuVFCbaKDYe F9zmVdVXDnUg［7］Supan H. OpenAI ChatGPT for cyber security［EBOL］. (20221213) ［20230409］. https:infosecwriteups.comopenaichatgptforcybersecurity4bc602069f9c［8］CheckPoint. OpwnAI: Cyber criminals starting to use ChatGPT［EBOL］. (20230106) ［20230409］. https:research.checkpoint.com2023opwnaicybercriminalsstartingtousechatgpt［9］Eran S, Omer T. Chatting our way into creating a polymorphic malware［EBOL］. (20230117) ［20230409］. https:www.cyberark.comresourcesthreatresearchblogchattingourwayintocreatingapolymorphicmalware［10］Tan G, Lim E, Tan K H.Hacking humans with AI as a service［EBOL］. (20210722) ［20230409］. https:doi.org10.544654206［11］Pearce H, Tan B, Ahmad B, et al. Examiningzeroshot vulnerability repair with large language models［C］ Proc of IEEE Symp on Security and Privacy (SP). Los Alamitos, CA: IEEE Computer Society, 2022: 118［12］JusticeRage. Gepetto［EBOL］. (20221005) ［20230409］. https:github.comJusticeRageGepetto［13］Victor S. IoC detection experiments with ChatGPT［EBOL］. (20230215) ［20230409］. https:securelist.comiocdetectionexperimentswithchatgpt108756［14］绿盟科技研究通讯. ChatGPT在信息安全领域的应用前景［EBOL］. (20221210) ［20230409］. https:www.secrss.comarticles49912［15］OpenAI. Content policy［EBOL］. (20230323) ［20230409］. https:platform.openai.comdocsusageguidelinescontentpolicy［16］Elvira P, Supantha M. Italy data protection agency opens ChatGPT probe over privacy concerns［EBOL］. (20230331) ［20230409］. https:www.reuters.comtechnologyitalydataprotectionagencyopenschatgptprobeprivacyconcerns20230331［17］Fox Business.Samsung employees reportedly leaked sensitive info on ChatGPT by accident［EBOL］. (20230406) ［20230409］. https:www.foxbusiness.comtechnologysamsungemployeesreportedlyleakedsensitiveinfochatgptaccident［18］Laura W, Jonathan U, Maribeth R, et al. Taxonomy ofrisks posed by language models［C］ Proc of the 2022 ACM Conf on Fairness, Accountability, and Transparency (FAccT 22). New York: ACM, 2022: 214229［19］Sam A. ChatGPT is incredibly limited, but good enough at some things to create a misleading impression of greatness［EBOL］. (20221211) ［20230409］. https:twitter.comsamastatus1601731295792414720［20］OpenAI. New and improved content moderation tooling［EBOL］. (20220810) ［20230409］. https:openai.comblognewandimprovedcontentmoderationtooling［21］Alex A. Jailbreak chat［EBOL］. (20230409) ［20230409］. https:www.jailbreakchat.com［22］AJONeal. ChatGPT “DAN” (and other “Jailbreaks”)［EBOL］. (20230216) ［20230409］. https:gist.github.comcoolaj866f4f7b30129b0251f61fa7baaa881516［23］Kang D, Li X,Stoica I, et al. Exploiting programmatic behavior of LLMs: Dualuse through standard security attacks［J］. arXiv preprint, arXiv:2302.05733, 2023［24］Zellers R, Holtzman A, Rashkin H, et al. Defending against neural fake news［J］. arXiv preprint, arXiv:1905.12616v1, 2019［25］Pavlopoulos J, Sorensen J, Dixon L, et al. Toxicity detection: Does context reallymatter［J］. arXiv preprint, arXiv:2006.00998, 2020［26］Guo Z, Schlichtkrull M, Vlachos A. A survey on automated factchecking［J］. Transactions of the Association for Computational Linguistics, 2022, 10: 178206［27］OpenAI. GPT4 technical report［J］. arXiv preprint, arXiv: 2303.08774, 2023［28］Robust Intelligence.Prompt injection attack on GPT4［EBOL］. (20230331) ［20230409］. https:www.robustintelligence.comblogpostspromptinjectionattackongpt4［29］Phith0n. 用ChatGPT帮我检查广告评论［EBOL］. (20230304) ［20230409］. https:www.leavesongs.comTHINKusingchatgptforantispam.html#reply［30］Riley G. Prompt injection attacks against GPT3［EBOL］. (20220922) ［20230409］. https:simonwillison.net2022Sep12promptinjection［31］Swyx. Reverse prompt engineering for fun and (no) profit［EBOL］. (20221229) ［20230409］. https:swyx.substack.compreverseprompteng［32］Perez F, Ribeiro I. Ignoreprevious prompt: Attack techniques for language models［J］. arXiv preprint, arXiv:2211.09527, 2022［33］Greshake K, Abdelnabi S, Mishra S, et al. More than you’ve asked for: A comprehensive analysis of novel prompt injection threats to applicationintegrated large language models［J］. arXiv preprint, arXiv:2302.12173, 2023［34］Thakkarparth007. Copilotexplorer［EBOL］. (20230131) ［20230409］. https:thakkarparth007.github.iocopilotexplorerpostscopilotinternals［35］Preamble. Declassifying the responsible disclosure of the prompt injection attack vulnerability of GPT3［EBOL］. (20220922) ［20230409］. https:www.preamble.compromptinjectionacriticalvulnerabilityinthegpt3trans formerandhowwecanbegintosolveit［36］OpenAI. Finetuning［EBOL］. (20230409) ［20230409］. https:platform.openai.comdocsguidesfinetuning［37］LangChain. Welcome to LangChain［EBOL］. (20230408) ［20230409］. https:python.langchain.comenlatestindex.html［38］Microsoft. Introducing Microsoft security copilot: Empowering defenders at the speed of AI［EBOL］. (20230328) ［20230409］. https:blogs.microsoft.comblog20230328introducingmicrosoftsecuritycopilotempoweringdefendersatthespeedofai［39］Lex F. Sam Altman: OpenAI CEO on GPT4, ChatGPT, and the future of AI | Lex Fridman Podcast［EBOL］. (20230326) ［20230409］. https:www.youtube.comwatch?v=L_Guz73e6fw［40］Zhang S, Roller S, Goyal N, et al.Opt: Open pretrained transformer language models［J］. arXiv preprint, arXiv:2205.01068, 2022［41］Touvron H, Lavril T, Izacard G, et al. Llama: Open and efficient foundation language models［J］. arXiv preprint, arXiv:2302.13971, 2023［42］Google. Bard［EBOL］. (20230206) ［20230409］. https:bard.google.com［43］百度. 文心一言［EBOL］. (20230316) ［20230409］. https:yiyan.baidu.comwelcome［44］Future of Life Institute. Pause giant AI experiments: An open letter［EBOL］. (20230322) ［20230409］. https:futureoflife.orgopenletterpausegiantaiexperiments［45］新浪科技. 方滨兴谈GPT4：警惕形成知识茧房，甚至“三观被左右”［EBOL］. (20230315) ［20230409］. https:finance.sina.com.cntechroll20230315docimykyent476 7678.shtml

[1]	叶露晨, 范渊, 王欣, 阮文波, . 大型语言模型内容检测算法和绕过机制研究[J]. 信息安全研究, 2023, 9(6): 524-.
[2]	朱孟垚, 李兴华. ChatGPT安全威胁研究[J]. 信息安全研究, 2023, 9(6): 533-.