Threat Hunting System Enhancement by Generative AI and LLMs

Researchers from George Mason University, Virginia Military Institute

Researchers will investigate the impact of generative AI and large language models (LLMs) on automated threat-hunting operations to develop a system to monitor live network traffic and perform an automated incident response on large real-time data with suspicious network traffic from prompt injection attacks.

Funded by the CCI Northern Virginia Node

Project Investigators

Principal Investigator (PI): Mohamed Gebril, George Mason University Department of Cyber Security Engineering.
Co-PI: Sherif Abdelhamid, Virginia Military Institute Department of Computer and Information Sciences.

Rationale

Network security continues to adapt to the emergence of new adversarial threats, such as prompt injection attacks. Artificial intelligence (AI) tools and generative AI can enhance and automate defense measures.

With the use of threat hunting and anomaly detection utilizing AI (THAD-AI) systems that include generative AI capabilities, network traffic can be more secure, and system assets can be protected.

Projected Outcomes

Researchers will create incident response to flagged anomalies and develop an alert system via detection rules generated by LLMs using the developed THAD system, including:

Development of novel methods to improve threat-hunting systems to reduce cyber threats exploiting enterprises.
A tool/plugin/framework that will analyze networks and provide automated monitoring of logs to generate alerts and automatic incident reports.