Black Hat | IRonMAN: InterpRetable Incident Inspector Based ON Large-Scale Language Model and Association miNing @BlackHatOfficialYT | Uploaded 7 months ago | Updated 28 minutes ago
...In this work, we propose the first explainable LLM-based incident inspector. We combine a large-scale language embedding model with a frequent association algorithm to extract significant tokens, providing strong interpretability for incident similarity in feature space representation. Moreover, the contextual comprehension capabilities of the LLM ensure robustness against input variations. We demonstrate the practicality of our method in real-world incidents by applying it to our global visibility platform (200M+ events per day). The significant tokens generated by our model clearly identify the reasons why incidents are believed to stem from the same APT groups. Additionally, compare the results generated by our method to feedback from security analysts and thus provide different analytical perspectives for incident analysis...
By: Chung-Kuan Chen ckchen , Sian-Yao Huang , Cheng-Lin Yang clyang
Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#ironman-interpretable-incident-inspector-based-on-large-scale-language-model-and-association-mining-33072
...In this work, we propose the first explainable LLM-based incident inspector. We combine a large-scale language embedding model with a frequent association algorithm to extract significant tokens, providing strong interpretability for incident similarity in feature space representation. Moreover, the contextual comprehension capabilities of the LLM ensure robustness against input variations. We demonstrate the practicality of our method in real-world incidents by applying it to our global visibility platform (200M+ events per day). The significant tokens generated by our model clearly identify the reasons why incidents are believed to stem from the same APT groups. Additionally, compare the results generated by our method to feedback from security analysts and thus provide different analytical perspectives for incident analysis...
By: Chung-Kuan Chen ckchen , Sian-Yao Huang , Cheng-Lin Yang clyang
Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#ironman-interpretable-incident-inspector-based-on-large-scale-language-model-and-association-mining-33072
