Large Language Models (LLMs) have shown remarkable potential across various domains, including cybersecurity. Using commercial cloud-based LLMs may be undesirable due to privacy concerns, costs, and network connectivity constraints. In this paper, we present Hackphyr, a locally fine-tuned LLM to be used as a red-team agent within network security environments. Our fine-tuned 7 billion parameter model can run on a single GPU card and achieves performance comparable with much larger and more powerful commercial models such as GPT-4. Hackphyr clearly outperforms other models, including GPT-3.5-turbo, and baselines, such as Q-learning agents in complex, previously unseen scenarios. To achieve this performance, we generated a new task-specific cybersecurity dataset to enhance the base model's capabilities. Finally, we conducted a comprehensive analysis of the agents' behaviors that provides insights into the planning abilities and potential shortcomings of such agents, contributing to the broader understanding of LLM-based agents in cybersecurity contexts
翻译:大语言模型(LLMs)在包括网络安全在内的多个领域展现出显著潜力。由于隐私顾虑、成本及网络连接限制等因素,使用基于商业云服务的大语言模型可能并不理想。本文提出Hackphyr——一种在网络安全环境中用作红队智能体的本地微调大语言模型。我们微调后的70亿参数模型可在单张GPU卡上运行,其性能与GPT-4等更庞大、更强大的商业模型相当。在复杂且先前未见的场景中,Hackphyr明显优于包括GPT-3.5-turbo在内的其他模型以及Q-learning智能体等基线方法。为实现此性能,我们生成了新的任务特定网络安全数据集以增强基础模型能力。最后,我们对智能体行为进行了全面分析,揭示了此类智能体的规划能力与潜在缺陷,为深入理解网络安全场景下基于大语言模型的智能体提供了重要参考。