Large Language Models in Cybersecurity: Threats, Exposure and Mitigation
Kucharavy, Andrei, Plancherel, Octave, Mulder, Valentin
相關主題
商品描述
This open access book provides cybersecurity practitioners with the knowledge needed to understand the risks of the increased availability of powerful large language models (LLMs) and how they can be mitigated. It attempts to outrun the malicious attackers by anticipating what they could do. It also alerts LLM developers to understand their work's risks for cybersecurity and provides them with tools to mitigate those risks.
The book starts in Part I with a general introduction to LLMs and their main application areas. Part II collects a description of the most salient threats LLMs represent in cybersecurity, be they as tools for cybercriminals or as novel attack surfaces if integrated into existing software. Part III focuses on attempting to forecast the exposure and the development of technologies and science underpinning LLMs, as well as macro levers available to regulators to further cybersecurity in the age of LLMs. Eventually, in Part IV, mitigation techniques that should allow safe and secure development and deployment of LLMs are presented. The book concludes with two final chapters in Part V, one speculating what a secure design and integration of LLMs from first principles would look like and the other presenting a summary of the duality of LLMs in cyber-security.
This book represents the second in a series published by the Technology Monitoring (TM) team of the Cyber-Defence Campus. The first book entitled "Trends in Data Protection and Encryption Technologies" appeared in 2023. This book series provides technology and trend anticipation for government, industry, and academic decision-makers as well as technical experts.
商品描述(中文翻譯)
這本開放存取的書籍為網路安全從業者提供了理解強大大型語言模型(LLMs)日益可用性所帶來風險所需的知識,以及如何減輕這些風險。它試圖通過預測惡意攻擊者可能的行為來超越他們。書中也提醒LLM開發者了解其工作對網路安全的風險,並提供減輕這些風險的工具。
本書在第一部分開始時對LLMs及其主要應用領域進行了概述。第二部分收集了LLMs在網路安全中所代表的最顯著威脅的描述,無論是作為網路罪犯的工具,還是作為整合到現有軟體中的新型攻擊面。第三部分專注於預測LLMs背後的技術和科學的暴露及發展,以及監管機構在LLMs時代可用的宏觀槓桿,以進一步促進網路安全。最後,在第四部分中,提出了應該允許安全和可靠地開發及部署LLMs的減輕技術。本書以第五部分的兩個最終章節作結,一個推測從基本原則出發的LLMs安全設計和整合會是什麼樣子,另一個則總結了LLMs在網路安全中的二元性。
本書是由網路防禦校園的技術監控(TM)團隊出版的系列中的第二本。第一本書名為《數據保護與加密技術的趨勢》,於2023年出版。這個書籍系列為政府、產業和學術界的決策者以及技術專家提供技術和趨勢的預測。
作者簡介
Andrei Kucharavy is the co-director of the Generative Learning Center at HES-SO Valais-Wallis. He holds a PhD from University of Paris-Sorbonne (2017), and is an engineer of Ecole Polytechnique (2013) and EPFL. Prior to this position he worked on counter-measures to the use of generative machine learning in offensive cyber-operations as a Distinguished Post-Doctoral Fellow at the Cyber-Defence Campus of armasuisse Science and Technology (S+T).
Octave Plancherel is a study coordinator at the Cyber-Defence Campus of armasuisse S+T. He holds a Bachelor (2022) degree in Business Informatics from the University of Fribourg.
Valentin Mulder is a Scientific Project Manager at the Cyber-Defence Campus of armasuisse S+T. He holds a Master (2022) degree in Legal Issues, Crime, and Security of Information Technologies from the University of Lausanne. Before his current position, he worked in the banking industry, particularly in the area of onlinefraud. In 2023, he co-edited the book "Trends in Data Protection and Encryption Technologies" published by Springer.
Alain Mermoud is the Head of the Technology Monitoring team at the Cyber-Defence Campus of armasuisse S+T. He obtained his PhD (2019) in Information Systems from HEC Lausanne. His research interests lie at the intersection of information science, foresight, emerging technologies, and (cyber) threat intelligence. He co-edited and published over 30 peer-reviewed scientific articles in prestigious journals, such as Technological Forecasting and Social Change, Computers in Human Behavior, Knowledge-Based Systems, or Journal of Cybersecurity. In 2023, he co-edited the book "Trends in Data Protection and Encryption Technologies" published by Springer.Vincent Lenders is the founding Director of the Cyber-Defence Campus from armasuisse S+T. He holds a Master (2001) and PhD (2006) degree in electrical engineering and information technologies from ETH Zurich. He has contributed to developing and implementing various national cyber strategies at the Swiss Government and has published more than 150 technical papers on cyber security, data science and networking. In 2023, he co-edited the book "Trends in Data Protection and Encryption Technologies" published by Springer.
作者簡介(中文翻譯)
安德烈·庫查拉維(Andrei Kucharavy)是HES-SO Valais-Wallis生成學習中心的共同主任。他於巴黎索邦大學獲得博士學位(2017年),並且是巴黎高科(Ecole Polytechnique)和瑞士聯邦理工學院(EPFL)的工程師。在此之前,他曾擔任 armasuisse 科學與技術(S+T)網路防禦校園的傑出博士後研究員,專注於對抗生成機器學習在攻擊性網路行動中的應用。
奧克塔夫·普朗謝雷(Octave Plancherel)是 armasuisse S+T 網路防禦校園的研究協調員。他於弗里堡大學獲得商業資訊學學士學位(2022年)。
瓦倫丁·穆爾德(Valentin Mulder)是 armasuisse S+T 網路防禦校園的科學項目經理。他於洛桑大學獲得法律問題、犯罪與資訊技術安全的碩士學位(2022年)。在目前的職位之前,他曾在銀行業工作,特別是在網路詐騙領域。2023年,他共同編輯了由Springer出版的《數據保護與加密技術趨勢》一書。
阿蘭·梅爾穆德(Alain Mermoud)是 armasuisse S+T 網路防禦校園技術監測團隊的負責人。他於洛桑高商獲得資訊系統博士學位(2019年)。他的研究興趣位於資訊科學、前瞻性研究、新興技術和(網路)威脅情報的交集。他共同編輯並在多個知名期刊上發表了超過30篇經過同行評審的科學文章,如《技術預測與社會變遷》、《人類行為中的計算機》、《知識基礎系統》或《網路安全期刊》。2023年,他共同編輯了由Springer出版的《數據保護與加密技術趨勢》一書。
文森特·倫德斯(Vincent Lenders)是 armasuisse S+T 網路防禦校園的創始主任。他於蘇黎世聯邦理工學院獲得電機工程與資訊技術的碩士(2001年)和博士(2006年)學位。他為瑞士政府制定和實施各種國家網路策略做出了貢獻,並在網路安全、數據科學和網路領域發表了超過150篇技術論文。2023年,他共同編輯了由Springer出版的《數據保護與加密技術趨勢》一書。