Machine Learning Applied to Information Security (CAMLIS), held this week in Arlington, Virginia, one as part of a conference, and the other as part of a ” “more informal poster session” during the event. The topics covered speak directly to the heart of the SophosAI team’s research: finding more effective ways to use machine learning and artificial intelligence technologies to protect against and protect against information security risks. the risks inherent in the AI models themselves.
On October 24, Ben Gelman, Sean Bergeron and Younghoo Lee from SophosAI will present at a poster session. Gelman and Bergeron will give a talk titled “The Revitalization of Small Cybersecurity Models in the New Era of AI.”
Smaller machine learning models have been left aside in most research focused on large language models (LLMs) such as OpenAI’s GPT-4, Google’s Gemini, and Meta’s LLaMA. But they remain essential to information security at network edges and endpoints, where the computational and networking costs of LLMs make them impractical.
In their presentation, Gelman and Bergeron will explain how to use LLM technology to supercharge the process of training smaller models, discussing the techniques SophosAI uses to make small, cost-effective models perform at much higher levels in a variety cybersecurity tasks.
In a related talk, Lee will present “A Fusion of LLM and Lightweight ML for Effective Phishing Email Detection.” As adversaries are now turning to LLMs to generate more convincing and targeted phishing emails with unique text patterns, in addition to leveraging novel domain names to evade traditional spam and phishing defenses , Lee studied how LLMs can be used to counter them, and how they can be used. combined with smaller traditional machine learning models to be even more effective.
In the approach Lee presents in his paper, LLMs can be leveraged to detect suspicious intentions and signals, such as sender impersonation and deceptive domains. And by merging LLMs with more lightweight machine learning models, it is possible to both improve the accuracy of phishing detection and overcome the limitations of both types of models when used alone.
On the second day of CAMLIS, SophosAI’s Tamás Vörös will present a talk about his research on defragmenting malicious LLMs, templates that contain embedded backdoors or malware intended to be activated by specific inputs. His presentation, titled “LLM Backdoor Activations Stick Together” – demonstrates both the risks of using “black box” LLM (showing how the SophosAI team injected their own controlled Trojans into the models) and “sound” methods that can be used to disable pre-activations. -existing Trojan activation commands.