Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (6): 500-.

Previous Articles     Next Articles

ChatGPT’s Applications, Status and Trends in the Field of Cyber Security

  

  • Online:2023-06-04 Published:2023-06-03

ChatGPT在网络安全领域的应用、现状与趋势

张弛1翁方宸2张玉清1,2   

  1. 1(国家计算机网络入侵防范中心(中国科学院大学)北京101408)
    2(海南大学网络空间安全学院海口570228)
  • 通讯作者: 张弛 硕士研究生.主要研究方向为人工智能与安全. zhangc@nipc.org.cn
  • 作者简介:张弛 硕士研究生.主要研究方向为人工智能与安全. zhangc@nipc.org.cn 翁方宸 硕士研究生.主要研究方向为网络与系统安全、密码学、物联网安全. 21210839000020@hainanu.edu.cn 张玉清 博士,教授,博士生导师.主要研究方向为网络攻击与防御、安全漏洞挖掘与利用、网络与系统安全. zhangyq@nipc.org.cn

Abstract: ChatGPT, as a large language model technology, demonstrates extremely strong language understanding and text generation capabilities. It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity. Currently, research on ChatGPT in the cybersecurity field is still in its infancy. To help researchers systematically understand the research status of ChatGPT in cybersecurity, this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues. The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT. Then, it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives: assisting attacks and assisting defense. This includes vulnerability discovery, exploitation and remediation, malicious software detection and identification, phishing email generation and detection, and potential use cases in security operations scenarios. Furthermore, the article delves into the accompanying risks of ChatGPT in the cybersecurity field, including content risks and prompt injection attacks, providing a detailed analysis and discussion of these risks. Finally, the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security, pointing out the direction for future research on ChatGPT in the cybersecurity domain.

Key words: ChatGPT, security empowerment, companion security, large language model, prompt injection

摘要: ChatGPT作为一种大型语言模型技术展现出了极强的语言理解和文本生成能力,不仅在各行各业受到巨大的关注,而且为网络安全带来新的变革.目前,ChatGPT在网络安全领域的相关研究仍处于起步阶段,为了使研究人员更系统化地了解ChatGPT在网络安全领域的研究情况,归纳总结了ChatGPT在网络安全领域的应用及其可能伴生的安全问题.首先,概述了大型语言模型技术的发展,并对ChatGPT的技术及其特点进行了简要介绍;其次,从助力攻击和助力防御2个方面详细讨论了ChatGPT在网络安全领域的赋能效应,包括漏洞挖掘、利用和修复,恶意软件的检测和识别,钓鱼邮件的生成和检测以及安全运营场景下的潜在用途;再次,深入剖析了ChatGPT在网络安全领域中的伴生风险,包括内容风险和提示注入攻击,并对这些风险进行了详细分析和探讨;最后,从安全赋能和伴生安全2个角度对ChatGPT在网络安全领域的未来进行了展望,指出了ChatGPT在网络安全领域的未来研究方向.

关键词: ChatGPT, 安全赋能, 伴生安全, 大型语言模型, 提示注入