Finetuning Large Language Models (LLMs) for Security Log Detections
Wilson Tang
BSidesSF 2024 · Day 1
This talk, presented by Wilson Tang, a Machine Learning Engineer on the threat hunting team at Adobe, delves into the innovative application of Large Language Models (LLMs) for security log detections. Specifically, Tang explores the process of **fine-tuning LLMs** to identify **command obfuscation**, a prevalent technique used by adversaries to evade traditional security controls. The presentation highlights the limitations of existing rule-based and conventional machine learning approaches in detecting sophisticated and dynamic threats, positioning LLMs as a powerful new tool in the defender's arsenal.
AI review
This talk presents a solid, actionable approach to improving security log detections by fine-tuning Large Language Models (LLMs) for classification tasks, specifically command obfuscation detection. The speaker clearly outlines the limitations of traditional rule-based and simpler ML methods, then dives into the technical underpinnings of LLMs, fine-tuning, and practical considerations like quantization and PEFT. While the core LLM fine-tuning technique isn't groundbreaking, its detailed application to a persistent security problem is highly valuable for practitioners looking to move beyond…