應用檢索增強生成技術於資安事件調查 - 以資安洩漏事件為例

Sheng-Shan Chen

Sheng-Shan Chen, a Ph.D. student in Computer Science and Information Engineering (CSIE) at the National Taipei University of Technology (NTUT). His research focuses primarily on applying artificial intelligence in cybersecurity, includes utilizing Large Language Models (LLMs) to analyze and extract threat entities and relationships from Cyber Threat Intelligence (CTI). Additionally, he is interested in fine-tuning large language models to address natural language processing challenges within the CTI. Sheng-Shan currently serves as an intern security researcher at Cycraft. His research has been published at the IEEE Globecom, ICMHI, IEA/AIE, and HITCON Hacking 101 conferences. Furthermore, Sheng-shan always shares his knowledge on https://sectools.tw.

Andy Yao

Loving dogs more than cats.

Abstract

當前的資安事件經常給企業或組織帶來巨大的損失，因此資安分析師需要快速利用洩露的信息來獲取有價值的資訊。本研究結合大語言模型技術和Retrieval-Augmented Generation (RAG) 方法，應用於實際的資安分析事件。透過RAG技術，我們能夠從大量的對話紀錄中有效識別每段對話的關鍵點、參與者和討論主題等重要訊息，大幅節省資安事件調查的時間成本。同時，考量到商業應用和資料隱私，我們使用LLaMA2和QLoRA微調的生成式模型，確保提示語（Prompt）資料保存在本地端環境中，並達到如GPT-4般精準的回應。最後，我們展示了如何利用RAG模型協助進行資安分析，突顯資安分析師關注的重點。

Description

Slides

Location

Date

Day 2 • 02:50-03:20 (UTC)

Language

Chinese talk w. Chinese slides

Level

Intermediate