大型语言模型内容检测算法和绕过机制研究

信息安全研究 ›› 2023, Vol. 9 ›› Issue (6): 524-.

• 人工智能的安全风险与隐私保护专题 • 上一篇下一篇

大型语言模型内容检测算法和绕过机制研究

叶露晨;范渊;王欣;阮文波;

出版日期:2023-06-04 发布日期:2023-06-03
通讯作者: 叶露晨硕士，助理研究员.主要研究方向为密码学、AI安全. lucien.ye@dbappsecurity.com.cn
作者简介:叶露晨硕士，助理研究员.主要研究方向为密码学、AI安全. lucien.ye@dbappsecurity.com.cn 范渊硕士，教授级高级工程师.主要研究方向为网络安全与数据安全. frank.fan@dbappsecurity.com.cn 王欣高级工程师.主要研究方向为网络攻击与防御. xin.wang@dbappsecurity.com.cn 阮文波硕士，助理研究员.主要研究方向为网络与系统安全. leo.ruan@dbappsecurity.com.cn

Research on Content Detection Generated by Large Language Model and the Mechanism of Bypassing

Online:2023-06-04 Published:2023-06-03

摘要/Abstract

摘要： 近年来，大型语言模型(large language model, LLM)技术兴起，类似ChatGPT这样的AI机器人，虽然其内部设置了大量的安全对抗机制，攻击者依然可以精心设计问答，绕过这些AI机器人的安全机制，在其帮助下自动化生产钓鱼邮件，进行网络攻击.这种情形下，如何鉴别AI生成的文本也成为一个热门的问题.为了开展LLM生成内容检测实验，从互联网某社交平台和ChatGPT收集了一定数量的问答数据样本，依据AI文本可获得条件的不同，研究提出了一系列检测策略，包含基于在线可获取AI对照样本的文本相似度分析、基于离线条件下使用统计差异性的文本数据挖掘分析、基于无法获得AI样本条件下的LLM生成方式对抗分析以及基于通过微调目标LLM模型本身构建分类器的AI模型分析，计算并比较了每种情况下分析引擎的检测能力.另一方面，从网络攻防的角度，针对检测策略的特点，给出了一些对抗AI文本检测引擎的免杀技巧.

关键词: 大型语言模型, 钓鱼邮件, AI文本检测, ChatGPT, 网络攻防, AI检测对抗

Abstract: In recent years, there has been a surge in the development of large language models. AI robots like ChatGPT, although they have a largescale security confrontation mechanism inside, attackers can still elaborate questionandanswer patterns to bypass the mechanism, with their help to automatically produce phishing emails and carry out network attacks. In this case, how to identify the text generated by AI robots has also become a hot issue. In order to carry out LLMgenerated content detection experiment, our team collected a certain number of questionandanswer data samples from an Internet social platform and ChatGPT platform, and proposed a series of detection strategies according to different conditions of AI text availability. It includes text similarity analysis based on online controllable AI samples, text data mining based on statistical differences under offline conditions, adversarial analysis based on the LLM generation method under the condition that AI samples are not available, and AI model analysis based on building a classifier by finetuning the target LLM model itself. We calculated and compared the detection capabilities of the analysis engine in each case. On the other hand, we give some antikill techniques against AI text detection engines based on the characteristics of detection strategies, from the perspective of network attack and defense.

Key words: large language model, phishing emails, AI text detection, ChatGPT, network attack and defense, AI detection evasion

叶露晨, 范渊, 王欣, 阮文波, . 大型语言模型内容检测算法和绕过机制研究[J]. 信息安全研究, 2023, 9(6): 524-.

参考文献

［1］Rosenbblat K. ChatGPT passes MBA exam given by a Wharton professor［EBOL］. (20230124)［20230315］. https:www.nbcnews.comtechtechnewschatgptpassesmbaexamwhartonprofessorrcna67036［2］CheckPoint. OPWNAI: Cybercriminals starting to use Chatgpt［EBOL］. (20230106) ［20230315］. https:research.checkpoint.com2023opwnaicybercriminalsstartingtousechatgpt［3］Insikt Group. I, Chatbot［EBOL］. (20230126) ［20230126］. https:www.recordedfuture.comichatbot［4］SparckJones K. A statistical interpretation of term specificity and its application in retrieval［J］. Journal of Documentation, 1972, 28(1): 1121［5］Hamers L. Similarity measures in scientmetric research: The Jaccard index versus Salton’s cosine formula［J］. Information Processing and Management, 1989, 25(3): 315318［6］Gomaa W, Fahmy A. A survey of text similarity approaches［J］. International Journal of Computer Applications, 2013, 68(13): 1318［7］Wang Jiangyao, Xu Wenhua, Yan Wenhao, et al. Text similarity calculation method based on hybrid model of LDA and TFIDF［C］ Proc of the 3rd Int Conf on Computer Science and Artificial Intelligence. New York: ACM, 2019: 18［8］Kantardzic M. Data Mining: Concepts, Models, Methods, and Algorithms［M］. New York: John Wiley & Sons, 2011［9］Zhang C, Ma Y. Data mining and knowledge discovery for big data: Methodologies, challenge and opportunities［J］. IEEE Access, 2009, 7: 101203101220［10］Chen M, Tworek J, Jun H, et al. Evaluating large language models trained on code［J］. arXiv preprint, arXiv:2107.03374, 2021［11］王树义, 张庆薇. ChatGPT 给科研工作者带来的机遇与挑战［JOL］. 2023 ［20230510］. https:doi.org10.13266j.cnki.calis20230223.2231.002［12］Mitchell E, Lee Y, Khazatsky A, et al. DetectGPT: Zeroshot machinegenerated text detection using probability curvature［J］. arXiv preprint, arXiv:2301.11305, 2023

[1]	张弛, 翁方宸, 张玉清, . ChatGPT在网络安全领域的应用、现状与趋势[J]. 信息安全研究, 2023, 9(6): 500-.
[2]	孙雷亮. 基于GPT模型的人工智能数据伪造风险研究[J]. 信息安全研究, 2023, 9(6): 518-.
[3]	朱孟垚, 李兴华. ChatGPT安全威胁研究[J]. 信息安全研究, 2023, 9(6): 533-.
[4]	王珩, . "火天网境"下一代网络靶场[J]. 信息安全研究, 2022, 8(E1): 51-.
[5]	门嘉平肖扬文马涛. 社会工程学攻击之钓鱼邮件分析[J]. 信息安全研究, 2021, 7(2): 166-170.
[6]	彭光彬陈敏白勇. SDN攻防技术探析[J]. 信息安全研究, 2019, 5(4): 333-339.
[7]	李炜余慧英吴华颖. 网络空间博弈中的场景研究[J]. 信息安全研究, 2018, 4(5): 415-419.

大型语言模型内容检测算法和绕过机制研究

Research on Content Detection Generated by Large Language Model and the Mechanism of Bypassing

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics