信息安全研究 ›› 2023, Vol. 9 ›› Issue (6): 533-.
摘要: 随着深度学习技术与自然语言处理技术的快速发展,以ChatGPT为代表的大型语言模型应运而生,然而其在诸多领域展现出令人惊讶的能力的同时,也暴露出诸多安全威胁,这引发了学术界与产业界的担忧.首先,介绍了ChatGPT及其系列模型的发展历程、工作模式与训练方式;然后,从用户和模型2个层面总结并分析了当前ChatGPT可能遇到的各类安全问题,并提出应对思路与方案;最后,对ChatGPT以及大型语言模型领域未来如何安全可信地发展进行了展望.
朱孟垚, 李兴华. ChatGPT安全威胁研究[J]. 信息安全研究, 2023, 9(6): 533-.
[1]Natalie. ChatGPT—Release notes[EBOL]. OpenAI, 2023[20230508]. https:help.openai.comenarticles6825453chatgptreleasenotes (Available 20230419)[2]Van Dis E A M,Bollen J, Zuidema W, et al. ChatGPT: Five priorities for research[J]. Nature, 2023, 614(7947): 224226[3]Du H, Teng S, Chen H, et al. Chat withChatGPT on intelligent vehicles: An IEEE TIV perspective[J]. IEEE Trans on Intelligent Vehicles, 2023, 8(3): 20202026[4]Wang F Y, Miao Q, Li X, et al. What doeschatGPT say: The DAO from algorithmic intelligence to linguistic intelligence[J]. IEEECAA Journal of Automatica Sinica, 2023, 10(3): 575579[5]Teubner T,Flath C M, Weinhardt C, et al. Welcome to the era of ChatGPT et al. the prospects of large language models[J]. Business & Information Systems Engineering, 2023, 65(2): 95101[6]Bubeck S, Chandrasekaran V, Eldan R, et al. Sparks of artificial general intelligence: Early experiments with GPT4[J]. arXiv preprint, arXiv:2303.12712, 2023[7]George A S, George A S H. A review of ChatGPT AI’s impact on several business sectors[J]. Partners Universal International Innovation Journal, 2023, 1(1): 923[8]Wang F Y, Li J, Qin R, et al. ChatGPT for computational social systems: From conversational applications to humanoriented operating systems[J]. IEEE Trans on Computational Social Systems, 2023, 10(2): 414425[9]Microsoft. The new Bing & EdgeUpdates to Chat[EBOL]. 2023 [20230508].[10]Microsoft. ColetteStallbaumer. Introducing Microsoft 365 Copilot—A whole new way to work[EBOL]. 2023 [20230508].[11]Asch D A. An interview with ChatGPT about health care[J]. NEJM Catalyst Innovations in Care Delivery, 2023, 4(2): 18[12]Sallam M. ChatGPT utility in healthcare education, research, and practice: Systematic review on the promising perspectives and valid concerns[COL] Healthcare. 2023 [20230426]. https:doi.org10.3390healthcare11060887[13]Liu S, Wright A P, Patterson B L, et al. Assessing the value of ChatGPT for clinical decision support optimization[JOL]. medRxiv. 2023 [20230426]. https:doi.org10.11012023.02.21.23286254[14]Weissenbacher D, O’Connor K, Rawal S, et al. Automatic extraction of medication mentions from tweets—Overview of the BioCreative VII shared task 3 competition[JOL]. 2023 [20230426]. https:doi.org10.1093databasebaac108[15]Yang X, PourNejatian N, Shin H C, et al. GatorTron: A large clinical language model to unlock patient information from unstructured electronic health records[J]. arXiv preprint, arXiv:2203.03540, 2022[16]Zhang Y, Tiňo P, Leonardis A, et al. A survey on neural network interpretability[J]. IEEE Trans on Emerging Topics in Computational Intelligence, 2021, 5(5): 726742[17]Wei J, Tay Y,Bommasani R, et al. Emergent abilities of large language models[J]. arXiv preprint, arXiv:2206.07682, 2022[18]Lu Q, Qiu B, Ding L, et al. Error analysis prompting enables humanlike translation evaluation in large language models: A case study on ChatGPT[J]. arXiv preprint, arXiv:2303.13809, 2023[19]Aljanabi M. ChatGPT: Future directions and open possibilities[J]. Mesopotamian Journal of Cybersecurity, 2023, 2023: 1617[20]Lund B,Agbaji D. Information literacy, data literacy, privacy literacy, and ChatGPT: Technology literacies align with perspectives on emerging technology adoption within communities[JOL]. SSRN Electronic Journal. 2023 [20230426]. http:dx.doi.org10.2139ssrn.4324580[21]Future of Life Institute. Pause giant AI experiments: An open letter[EBOL]. Future of Life. [20230426]. https:futureoflife.orgopenletterpausegiantaiexperiments[22]Satariano, A. ChatGPT is banned in Italy over privacy concerns[EBOL]. The New York Times. 2023 [20230426]. https:www.nytimes.com20230331technologychatgptitalyban.html[23]Anthony Cuthbertson. Germany considers ChatGPT ban[EBOL]. Independent. 2023 [20230426].[24]OpenAI. In the matter of OpenAI[EBOL]. Center for AI and Digital Policy. 2023 [20230426]. https:www.caidp.orgcasesopenai[25]OpenAI. GPT4 technical report[J]. arXiv preprint, arXiv:2303.08774, 2023[26]Topal M O, Bas A, van Heerden I. Exploring transformers in natural language generation: Gpt, bert, and xlnet[J]. arXiv preprint, arXiv:2102.08036, 2021[27]Floridi L, Chiriatti M. GPT3: Its nature, scope, limits, and consequences[J]. Minds and Machines, 2020, 30(4): 681694[28]Nye M, Tessler M, Tenenbaum J, et al. Improving coherence and consistency in neural sequence models with dualsystem, neurosymbolic reasoning[J]. Advances in Neural Information Processing Systems, 2021, 34: 2519225204[29]Liu Y, Han T, Ma S, et al. Summary of ChatGPTGPT4 research and perspective towards the future of large language models[J]. arXiv preprint, arXiv:2304.01852, 2023[30]Peng B, Li C, He P, et al. Instruction tuning with GPT4[J]. arXiv preprint, arXiv:2304.03277, 2023[31]Liu Y, Iter D, Xu Y, et al. GPTEval: NLG evaluation using GPT4 with better human alignment[J]. arXiv preprint, arXiv:2303.16634, 2023[32]Liu Z, Yu X, Zhang L, et al.DeidGPT: Zeroshot medical text deidentification by GPT4[J]. arXiv preprint, arXiv:2303.11032, 2023[33]Mijwil M, Aljanabi M. Towards artificial intelligencebased cybersecurity: The practices and ChatGPT generated ways to combat cybercrime[J]. Iraqi Journal for Computer Science and Mathematics, 2023, 4(1): 6570[34]Wang F Y, Li J, Qin R, et al. ChatGPT for computational social systems: From conversational applications to humanoriented operating systems[J]. IEEE Trans on Computational Social Systems, 2023, 10(2): 414425[35]Hariri W. Unlocking the potential of ChatGPT: A comprehensive exploration of its applications, limitations, and future directions in natural language processing[J]. Technology, 2023, 15(2): 1639[36]Thomas K, Pullman J, Yeo K, et al. Protecting accounts from credential stuffing with password breach alerting[C] Proc of USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 15561571[37]BaidooAnu D, Owusu Ansah L. Education in the era of generative artificial intelligence (AI): Understanding the potential benefits of ChatGPT in promoting teaching and learning[JOL]. 2023 [20230426]. http:dx.doi.org10.2139ssrn.4337484[38]Grbic D V, Dujlovic I. Social engineering with ChatGPT[C] Proc of the 22nd Int Symp INFOTEHJAHORINA. Piscataway, NJ: IEEE, 2023: 15[39]Biswas S. Prospective role of chat GPT in the military: According to ChatGPT[JOL]. 2023 [20230426]. https:doi.org10.323888WYYOD[40]Roose K. The brilliance and weirdness of ChatGPT[EBOL]. (20221205) [20230508]. https:www.nytimes.com20221205technologychatgptaitwitter.html[41]Blake A. Someone just used ChatGPT to generate free Windows keys[EBOL]. Digitaltrends: Alex Blake. (20230404) [20230419] https:www.digitaltrends.comcomputingchatgptgeneratesfreewindowskeys[42]GozaloBrizuela R, GarridoMerchan E C. ChatGPT is not all you need: A state of the art review of large generative AI models[J]. arXiv preprint, arXiv:2301.04655, 2023[43]Deng J, Lin Y. The benefits and challenges of ChatGPT: An overview[J]. Frontiers in Computing and Intelligent Systems, 2022, 2(2): 8183[44]Sebastian G. Do ChatGPT and other AI chatbots pose a cybersecurity risk?: An exploratory study[J]. International Journal of Security and Privacy in Pervasive Computing, 2023, 15(1): 111[45]OpenAI. Privacy policy[EBOL].OpenAI: OpenAI. (20230427) [20230508] https:openai.compoliciesprivacypolicy[46]OpenAI. Samsung workers made a major error by using ChatGPT[EBOL]. Techradar: Lewis Maddison. (20230404) [20230419]. https:www.techradar.comnewssamsungworkersleakedcompanysecretsbyusingchatgpt[47]AlSibai N. Amazon begs employees not to leak corporate secrets to ChatGPT[EBOL]. Futurism: NOOR ALSIBAI. (20230126) [20230419]. https:futurism.comthebyteamazonbegsemployeeschatgpt[48]González C. Account Takeover Vulnerabilities in ChatGPT are patched by OpenAI[EBOL]. [20230419]. https:www.linkedin.compulseaccounttakeovervulnerabilitieschatgptpatchedguti%C3%A9rrezgonz%C3%A1lez[49]Gillioz A, Casas J, Mugellini E, et al. Overview of the transformerbased models for NLP tasks[C] Proc of the 15th Conf on Computer Science and Information Systems (FedCSIS). Piscataway, NJ: IEEE, 2020: 179183[50]Arghire I. OpenAI patches account takeover vulnerabilities in ChatGPT[EBOL]. [20230419]. week.comopenaipatchesaccounttakeovervulnerabilitiesinchatgpt[51]Zhang J, Peng S, Gao Y, et al. APMSA: Adversarial perturbation against model stealing attacks[J]. IEEE Trans on Information Forensics and Security, 2023, 18: 16671679[52]Dash B, Sharma P. Are ChatGPT and deepfake algorithms endangering the cybersecurity industry? A review[J]. International Journal of Engineering and Applied Sciences, 2023, 10(1): 15[53]Salem A M G, Bhattacharyya A, Backes M, et al. Updatesleak: Data set inference and reconstruction attacks in online learning[C] Proc of the 29th USENIX Security Symp. Berkeley, CA: USENIX Association, 2020: 12911308[54]Carlini N, Tramer F, Wallace E, et al. Extracting training data from large language models[C] Proc of USENIX Security Symp. Berkeley, CA: USENIX Association, 2021: 26332650[55]金志刚, 周峻毅, 何晓勇. 面向自然语言处理领域的对抗攻击研究与展望[J]. 信息安全研究, 2022, 8(3): 202211[56]Shokri R,Stronati M, Song C, et al. Membership inference attacks against machine learning models[C] Proc of 2017 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2017: 318[57]Lacharité M S, Minaud B, Paterson K G. Improved reconstruction attacks on encrypted data using range query leakage[C] Proc of 2018 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2018: 297314[58]Hu H,Salcic Z, Sun L, et al. Membership inference attacks on machine learning: A survey[J]. ACM Computing Surveys , 2022, 54(11s): 137[59]Duan J, Kong F, Wang S, et al. Are diffusion models vulnerable to membership inference attacks?[J]. arXiv preprint, arXiv:2302.01316, 2023[60]Wang Z, Ma J, Wang X, et al. Threats to training: A survey of poisoning attacks and defenses on machine learning systems[J]. ACM Computing Surveys, 2022, 55(7): 136[61]Alfeld S, Zhu X, Barford P. Data poisoning attacks against autoregressive models[C] Proc of the AAAI Conf on Artificial Intelligence. Menlo Park, CA: AAAI Press, 2016[62]Dang T K, Truong P T T, Tran P T. Data poisoning attack on deep neural network and some defense methods[C] Proc of 2020 Int Conf on Advanced Computing and Applications (ACOMP). Piscataway, NJ: IEEE, 2020: 1522[63]White J, Fu Q, Hays S, et al. A prompt pattern catalog to enhance prompt engineering with ChatGPT[J]. arXiv preprint, arXiv:2302.11382, 2023[64]Perez F, Ribeiro I. Ignore previous prompt: Attack techniques for language models[J]. arXiv preprint, arXiv:2211.09527, 2022[65]Salem A, Backes M, Zhang Y. Get a model! Model hijacking attack against machine learning models[J]. arXiv preprint, arXiv:2111.04394, 2021[66]Shumailov I, Zhao Y, Bates D, et al. Sponge examples: Energylatency attacks on neural networks[C] Proc of 2021 IEEE European Symp on Security and Privacy (EuroS&P). Piscataway, NJ: IEEE, 2021: 212231[67]Maddigan P, Susnjak T. Chat2vis: Generating data visualisations via natural language using ChatGPT, codex and GPT3 large language models[J]. arXiv preprint, arXiv:2302.02094, 2023[68]Zhao W X, Zhou K, Li J, et al. A survey of large language models[J]. arXiv preprint, arXiv:2303.18223, 2023[69]Shen Y,Heacock L, Elias J, et al. ChatGPT and other large language models are doubleedged swords[J]. Radiology, 2023, 307(2): 230163230163[70]Dignum V. Responsible Artificial Intelligence: Recommendations and Lessons Learned[M]. Berlin: Springer International Publishing, 2023: 195214[71]Tian E. GPTZero classrooms[EBOL]. (20230220) [20230419]. https:gptzero.substack.compgptzeroclassrooms[72]谭毓安. 高度重视人工智能安全问题[J]. 信息安全研究, 2022, 8(3): 311313 |
[1] | 张弛, 翁方宸, 张玉清, . ChatGPT在网络安全领域的应用、现状与趋势[J]. 信息安全研究, 2023, 9(6): 500-. |
[2] | 严驰. GPT4发展中的若干问题及其规制方案[J]. 信息安全研究, 2023, 9(6): 510-. |
[3] | 叶露晨, 范渊, 王欣, 阮文波, . 大型语言模型内容检测算法和绕过机制研究[J]. 信息安全研究, 2023, 9(6): 524-. |
[4] | 张昊星, 赵景欣, 岳星辉, 任家东, . 全生命周期数据安全管理和人工智能技术的融合研究[J]. 信息安全研究, 2023, 9(6): 543-. |
[5] | 张文俊, 卫霞, 李相阳, . 身体互联网应用安全风险应对研究[J]. 信息安全研究, 2023, 9(5): 433-. |
[6] | 黄长春, 齐雅楠, . 民航A-CDM系统数据安全保护方案探析[J]. 信息安全研究, 2023, 9(5): 482-. |
[7] | 余晗, 梁音, 宋继勐, 李何筱, 奚溪, 原洁璇, . 数据安全共享技术发展综述及在能源电力领域应用研究[J]. 信息安全研究, 2023, 9(3): 208-. |
[8] | 余晗, 李俊妮, 吴海涵, 原洁璇, 史嘉伟, 李元诚, . 面向能源大数据的链上链下数据监管方案研究[J]. 信息安全研究, 2023, 9(3): 235-. |
[9] | 张帅, 刘勇, 孔坚, 冯词童, 安锦程, 白鑫, 高晓红, . 移动存储设备跨平台加密技术研究与实现[J]. 信息安全研究, 2023, 9(3): 271-. |
[10] | 李国良, 邵思豪, . 基于区块链的电子证照共享方案研究与实现[J]. 信息安全研究, 2023, 9(2): 127-. |
[11] | 张帅, 于忠臣, 刘勇, 顾家乐, 冯词童, 杨建, 靳佑鼎, 应志军, . 数字孪生城市大数据平台数据流转安全模型研究[J]. 信息安全研究, 2023, 9(1): 48-. |
[12] | 纪正坦. 平台数据安全治理优化路径探析——以“滴滴公司网络安全审查案”为切入视角[J]. 信息安全研究, 2023, 9(1): 66-. |
[13] | 艾龙, . 数据安全管理职责划分和追责机制探析[J]. 信息安全研究, 2023, 9(1): 73-. |
[14] | 鞠鑫, 丁松松, 张俊杰, . 苏州市2022年度第27批科技发展计划[J]. 信息安全研究, 2023, 9(1): 87-. |
[15] | 朱贤伟. 电力企业可信安全网络保障体系建设实践[J]. 信息安全研究, 2022, 8(E2): 19-. |
阅读次数 | ||||||
全文 |
摘要 |