ChatGPT在网络安全领域的应用、现状与趋势  被引量：16

作　　者：张弛 翁方宸 张玉清 Zhang Chi;Weng Fangchen;and Zhang Yuqing(National Computer Network Intrusion Protection Center(University of Chinese Academy of Sciences),Beijing 101408;College of Cyberspace Security,Hainan University,Haikou 570228)

机构地区：[1]国家计算机网络入侵防范中心(中国科学院大学),北京101408 [2]海南大学网络空间安全学院,海口570228

出　　处：《信息安全研究》2023年第6期500-509,共10页Journal of Information Security Research

基　　金：国家自然科学基金重点项目(U1836210);海南省重点研发计划项目(GHYF2022010);海南大学科研启动基金项目(RZ2100003335)。

摘　　要：ChatGPT作为一种大型语言模型技术展现出了极强的语言理解和文本生成能力,不仅在各行各业受到巨大的关注,而且为网络安全带来新的变革.目前,ChatGPT在网络安全领域的相关研究仍处于起步阶段,为了使研究人员更系统化地了解ChatGPT在网络安全领域的研究情况,归纳总结了ChatGPT在网络安全领域的应用及其可能伴生的安全问题.首先,概述了大型语言模型技术的发展,并对ChatGPT的技术及其特点进行了简要介绍;其次,从助力攻击和助力防御2个方面详细讨论了ChatGPT在网络安全领域的赋能效应,包括漏洞挖掘、利用和修复,恶意软件的检测和识别,钓鱼邮件的生成和检测以及安全运营场景下的潜在用途;再次,深入剖析了ChatGPT在网络安全领域中的伴生风险,包括内容风险和提示注入攻击,并对这些风险进行了详细分析和探讨;最后,从安全赋能和伴生安全2个角度对ChatGPT在网络安全领域的未来进行了展望,指出了ChatGPT在网络安全领域的未来研究方向.ChatGPT,as a large language model technology,demonstrates extremely strong language understanding and text generation capabilities.It has not only attracted tremendous attention across various industries but also brought new transformations to the field of cybersecurity.Currently,research on ChatGPT in the cybersecurity field is still in its infancy.To help researchers systematically understand the research status of ChatGPT in cybersecurity,this paper provides the first comprehensive summary of ChatGPT’s applications in the field of cybersecurity and potential accompanying security issues.The article first outlines the development of large language model technologies and briefly introduces the technology and features of ChatGPT.Then,it discusses the enabling effects of ChatGPT in the cybersecurity field from two perspectives:assisting attacks and assisting defense.This includes vulnerability discovery,exploitation and remediation,malicious software detection and identification,phishing email generation and detection,and potential use cases in security operations scenarios.Furthermore,the article delves into the accompanying risks of ChatGPT in the cybersecurity field,including content risks and prompt injection attacks,providing a detailed analysis and discussion of these risks.Finally,the paper looks into the future of ChatGPT in the cybersecurity field from the perspectives of security enablement and accompanying security,pointing out the direction for future research on ChatGPT in the cybersecurity domain.

关 键 词：ChatGPT 安全赋能 伴生安全 大型语言模型 提示注入 

分 类 号：TP391.1[自动化与计算机技术—计算机应用技术]