The event Applied Machine Learning in Information Security (CAMLIS) was conducted this week in Arlington, Virginia. One of the papers was presented as a featured talk, whereas the others were showcased during a more casual “poster session” at the event. The subjects discussed directly highlight the core focus of the SophosAI team’s research – aiming to discover more efficient methods of utilizing machine learning and artificial intelligence technologies to safeguard against information security threats and to mitigate the inherent risks associated with AI models.
During a poster session on October 24, Ben Gelman, Sean Bergeron, and Younghoo Lee from SophosAI will be delivering their presentations. Gelman and Bergeron will be presenting a discussion titled “The Rejuvenation of Small Cybersecurity Models in the Modern AI Era.”
In many research studies concentrated on Large Language Models (LLMs) like OpenAI’s GPT-4, Google’s Gemini, and Meta’s LLaMA, smaller machine learning models have often been overlooked. Nonetheless, these smaller models play a crucial role in information security at network edges and endpoints where the computational and network expenses of LLMs render them impractical.
During their presentation, Gelman and Bergeron will elucidate on how LLM technology can be utilized to boost the training process for smaller models, elaborating on the methodologies employed by SophosAI to enhance the performance levels of cost-efficient small models across various cybersecurity operations.
Lee will be discussing a coherent topic, “A Fusion of LLMs and Lightweight ML for Efficient Phishing Email Detection.” As adversaries are now resorting to LLMs to create more authentic, targeted phishing emails with distinct text patterns, along with exploiting previously unseen domain names to elude conventional spam and phishing defenses, Lee explored ways in which LLMs can combat these threats and how they can be amalgamated with traditional smaller machine learning models to achieve superior results.
In the methodology presented in Lee’s paper, LLMs can be utilized to identify suspicious motives and indicators, such as sender impersonation and misleading domains. By integrating LLMs with lighter machine learning models, the precision of phishing detection can be heightened, overcoming the limitations of both model types when deployed individually.
On the second day of CAMLIS, Tamás Vörös from SophosAI will present his findings on neutralizing harmful LLMs – models that embed backdoors or malware intended to be activated by specific inputs. His speech, titled “LLM Backdoor Activations Stick Together,” showcases the hazards associated with employing “black box” LLMs (by injecting controlled Trojans by the SophosAI team) and the potential “noising” approaches that can be leveraged to deactivate existing Trojan activation commands.
About Author
